-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider using NetworkPolicies to allow/deny access to the CSI-driver sidecar #643
Comments
Fome rge summary:
NetworkPolicies would require additional configuration on the deployment by users. They need to open-up the port of the CSI-Addons sidecar that is running as part of their CSI-driver. This requires a bit more consideration than replacing the container-image repository. |
kube-rbac-proxy was pulled from the Google Container Registry, and Kubernetes managed projects prefer not to use that anymore. The container-image is (for now, still) maintained outside of the Kubernetes project, and it is recommended to pull it from quay.io. While validating the container-image location, it seems that there is a new version available. Now also using the latest v0.18.0. Updates: csi-addons#643 Signed-off-by: Niels de Vos <[email protected]>
kube-rbac-proxy was pulled from the Google Container Registry, and Kubernetes managed projects prefer not to use that anymore. The container-image is (for now, still) maintained outside of the Kubernetes project, and it is recommended to pull it from quay.io. While validating the container-image location, it seems that there is a new version available. Now also using the latest v0.18.0. Updates: #643 Signed-off-by: Niels de Vos <[email protected]>
kube-rbac-proxy was pulled from the Google Container Registry, and Kubernetes managed projects prefer not to use that anymore. The container-image is (for now, still) maintained outside of the Kubernetes project, and it is recommended to pull it from quay.io. While validating the container-image location, it seems that there is a new version available. Now also using the latest v0.18.0. Updates: csi-addons#643 Signed-off-by: Niels de Vos <[email protected]>
This patch drops support for kube-rbac-proxy and uses controller manager's WithAuthenticationAndAuthorization. Closes: csi-addons#643 Signed-off-by: Niraj Yadav <[email protected]>
the kube-proxy container has a warning for insecure access kubernetes-sigs/kubebuilder#3899, we need to adopt as per https://github.com/kubernetes-sigs/kubebuilder/blob/master/designs/discontinue_usage_of_kube_rbac_proxy.md
The text was updated successfully, but these errors were encountered: