Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚠️ Action Required: Replace Deprecated gcr.io/kubebuilder/kube-rbac-proxy #1

Open
camilamacedo86 opened this issue Nov 30, 2024 · 5 comments
Open

⚠️ Action Required: Replace Deprecated gcr.io/kubebuilder/kube-rbac-proxy #1

camilamacedo86 opened this issue Nov 30, 2024 · 5 comments

Comments

@camilamacedo86
Copy link

Description

⚠️ The image gcr.io/kubebuilder/kube-rbac-proxy is deprecated and will become unavailable.
You must move as soon as possible, sometime from early 2025, the GCR will go away.

Unfortunately, we're unable to provide any guarantees regarding timelines or potential extensions at this time. Images provided under GRC will be unavailable from March 18, 2025, as per announcement. However, gcr.io/kubebuilder/may be unavailable before this date due to efforts to deprecate infrastructure.

  • If your project uses gcr.io/kubebuilder/kube-rbac-proxy, it will be affected.
    Your project may fail to work if the image cannot be pulled. You must take action as soon as possible.

  • However, if your project is no longer using this image, no action is required, and you can close this issue.

Using the image gcr.io/kubebuilder/kube-rbac-proxy?

kube-rbac-proxy was historically used to protect the metrics endpoint. However, its usage has been discontinued in Kubebuilder. The default scaffold now leverages the WithAuthenticationAndAuthorization feature provided by Controller-Runtime.

This feature provides integrated support for securing metrics endpoints by embedding authentication (authn) and authorization (authz) mechanisms directly into the controller manager's metrics server, replacing the need for (https://github.com/brancz/kube-rbac-proxy) to secure metrics endpoints.

What To Do?

You must replace the deprecated image gcr.io/kubebuilder/kube-rbac-proxy with an alternative approach. For example:

  • Update your project to use WithAuthenticationAndAuthorization:

    You can fully upgrade your project to use the latest scaffolds provided by the tool or manually make the necessary changes. Refer to the FAQ and Discussion for detailed instructions on how to manually update your project and test the changes.

  • Alternatively, replace the image with another trusted source at your own risk, as its usage has been discontinued in Kubebuilder.

For further information, suggestions, and guidance:

NOTE: This issue was opened automatically as part of our efforts to identify projects that might be affected and to raise awareness about this change within the community. If your project is no longer using this image, feel free to close this issue.

We sincerely apologize for any inconvenience this may cause.

Thank you for your cooperation and understanding! 🙏
@achetronic
Copy link
Member

@camilamacedo86 Hi, is this an automated message?

If this is automated, why is not appearing on github.com/prosimcorp repos?

I understand the changes and the causes, so actios will be performed related to this :)

@camilamacedo86
Copy link
Author

camilamacedo86 commented Dec 1, 2024
edited
Loading

Hi @achetronic,

Thank you for taking a look at this!

We created a script as a best effort to identify projects that have not moved forward and might be impacted by the changes, prompting us to raise these issues.

In this case, I manually confirmed that this project is impacted by referencing the following search:

https://github.com/search?q=repo%3Afreepik-company%2Fnotifik%20gcr.io%2Fkubebuilder%2Fkube-rbac-proxy&type=code

I also noticed that your project closely follows the proposed Kubebuilder layout. A great approach here would be:

  • Download the latest Kubebuilder CLI release.
  • Use kubebuilder alpha generate to regenerate the project based on the PROJECT configuration file.
  • Review the updated project in your IDE and ensure that your code integrates smoothly with the latest structure and updates.

This process ensures your project adopts a default implementation (similar to kube-rbac-proxy) with enhanced options for production readiness, such as securely configuring certificates. Additionally, it enables you to leverage other improvements, bug fixes, and the latest updates.

Another option might be to fix it manually; check out the FAQ section: "How can I manually change my project to switch to Controller-Runtime's built-in auth protection?" for detailed instructions.

Let me know if you need any help with this process!

@achetronic
Copy link
Member

Oh, I see. Thank you for taking care about this!

Don't worry about the process. As I maintain several operators, I have the process quite clear. I will release a new version using the last scaffolding :)

@camilamacedo86
Copy link
Author

Hi @achetronic

That is amazing !!! 🚀
By the way, it's out of topic.

I know that this manual process is painful, and we are looking for solutions to improve it and make things simpler in the future. If you want to take a look at the proposal (kubernetes-sigs/kubebuilder#4302) and contribute to it, please feel free. Your input is invaluable to us.

@achetronic
Copy link
Member

Of course, I will take a look on it and give some feedback about the process and the things I have done in my own to make it easier :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@camilamacedo86 @achetronic