✨ (go/v4): feat/fix: enhance cert-manager integration for metrics endpoints (follow-up to PR #4243) #4400
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
cncf-cla: yes
camilamacedo86
changed the title
camilamacedo86
changed the title
camilamacedo86
force-pushed
the
protect-metrics-production
branch
from
167e3cf to
5e02482
Compare
k8s-ci-robot
added
size/XL
camilamacedo86
force-pushed
the
protect-metrics-production
branch
from
5e02482 to
a53d785
Compare
camilamacedo86
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
camilamacedo86
added
release-blocker
and removed
do-not-merge/work-in-progress
camilamacedo86
force-pushed
the
protect-metrics-production
branch
3 times, most recently
from
2f012e8 to
fe0b824
Compare
k8s-ci-robot
added
size/XXL
camilamacedo86
force-pushed
the
protect-metrics-production
branch
2 times, most recently
from
6114658 to
7bcaf26
Compare
k8s-ci-robot
added
size/XL
camilamacedo86
force-pushed
the
protect-metrics-production
branch
from
7bcaf26 to
323eb3e
Compare
k8s-ci-robot
added
the
do-not-merge/work-in-progress
camilamacedo86
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
camilamacedo86
added
priority/backlog
camilamacedo86
force-pushed
the
protect-metrics-production
branch
from
b6ffce9 to
732a5ee
Compare
k8s-ci-robot
added
the
needs-rebase
camilamacedo86
force-pushed
the
protect-metrics-production
branch
from
732a5ee to
169ac65
Compare
k8s-ci-robot
removed
the
needs-rebase
camilamacedo86
force-pushed
the
protect-metrics-production
branch
from
169ac65 to
f828442
Compare
k8s-ci-robot
added
the
needs-rebase
camilamacedo86
force-pushed
the
protect-metrics-production
branch
from
f828442 to
0fde893
Compare
k8s-ci-robot
removed
the
needs-rebase
camilamacedo86
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
camilamacedo86
force-pushed
the
protect-metrics-production
branch
2 times, most recently
from
442dea3 to
13d6efa
Compare
camilamacedo86
commented
Dec 16, 2024
| - op: add | ||
| path: /spec/template/spec/containers/0/volumeMounts/- | ||
| value: | ||
| mountPath: /tmp/k8s-webhook-server/serving-certs | ||
| name: webhook-certs | ||
| readOnly: true | ||
| - op: add | ||
| path: /spec/template/spec/containers/0/ports | ||
| value: [] |
There was a problem hiding this comment.
we introduced it here: #4429
But when we try to have metrics or webhooks both
It will overwrite the values :-(
So, we cannot have that.
…low-up to PR kubernetes-sigs#4243) This commit is a follow-up to PR kubernetes-sigs#4243, which introduced support for using cert-manager certificates for securing the metrics endpoint and ServiceMonitor. Related to kubernetes-sigs#3871 and kubernetes-sigs#4003 Key enhancements: - Added support for configuring certificate integration via a Kustomize patch. - Introduced configurable flags for greater flexibility in customization. - Use Certwatcher to allow certificate rotation These improvements enhance usability and adaptability while maintaining compatibility with the initial implementation. As the feature has not yet been released, this update ensures a polished and user-friendly integration for upcoming releases.
camilamacedo86
force-pushed
the
protect-metrics-production
branch
from
13d6efa to
7ca04b8
Compare
camilamacedo86
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
grzesuav
reviewed
Dec 17, 2024
| @@ -50,33 +50,33 @@ func (f *ManagerWebhookPatch) SetTemplateDefaults() error { | |||
| return nil | |||
| } | |||
|
|
|||
| //nolint:lll | |||
| // nolint:lll | |||
| // nolint:lll | |||
There was a problem hiding this comment.
No should be only one :-)
good catcher
grzesuav
approved these changes
Dec 17, 2024
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: camilamacedo86, grzesuav, varshaprasad96 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
sud82
pushed a commit
to aerospike/aerospike-kubernetes-operator
that referenced
this pull request
Feb 5, 2025
… authz/authn filters (#341) * Replaced kube-rbac-proxy functionality with controller-runtime authz/authn * Upgraded till operator-sdk 1.39.1 * Removed support for deprecated ControllerManagerConfiguration struct and moved to a flag-based approach * Moved webhook interface implementation from old deprecated to new CustomDefaulter and CustomerValidator interfaces for AerospikeCluster, backup, backup service * Added support for metrics server with TLS integration with cert-manager * Fixed test-case assertions * Added scaffold for newly added NetworkPolicy References: * Kubebuilder Cert-manager integration for metrics endpoint: ✨ (go/v4): feat/fix: enhance cert-manager integration for metrics endpoints (follow-up to PR #4243) kubernetes-sigs/kubebuilder#4400 * Kubebuilder releases: https://github.com/kubernetes-sigs/kubebuilder/releases * Kubebuilder sample project: https://github.com/kubernetes-sigs/kubebuilder/tree/v4.4.0/testdata/project-v4 * Kube-rbac-proxy discontinue design doc: https://github.com/kubernetes-sigs/kubebuilder/blob/master/designs/discontinue_usage_of_kube_rbac_proxy.md * Kubebuilder doc for kube-rbac-proxy migration: https://book.kubebuilder.io/reference/metrics#optional-by-using-network-policy-disabled-by-default * Work deferred for next release: Move webhook code to internal pkg
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
feat/fix: enhance cert-manager integration for metrics endpoints
This commit is a follow-up to PR #4243, which introduced support for using cert-manager certificates for securing the metrics endpoint and ServiceMonitor. Related to #3871 and #4003
Key enhancements:
This configuration provides an option for users to be production-ready.
These improvements enhance usability and adaptability while maintaining compatibility with the initial implementation. As the feature has not yet been released, this update ensures a polished and user-friendly integration for upcoming releases.