mirror of
https://github.com/ansible/awx-operator.git
synced 2026-03-26 21:33:14 +00:00
5fb6bb7519
Bump operator-sdk, ansible-operator, and OPM binaries to align with the OCP 4.20 / AAP 2.7 target. Replace the deprecated kube-rbac-proxy sidecar (removed in operator-sdk v1.38.0) with controller-runtime's built-in WithAuthenticationAndAuthorization for metrics endpoint protection. Changes: - Makefile: operator-sdk v1.36.1 → v1.40.0, OPM v1.26.0 → v1.55.0 - Dockerfile: ansible-operator base image v1.36.1 → v1.40.0 - Remove kube-rbac-proxy sidecar and auth_proxy_* RBAC manifests - Add metrics_auth_role, metrics_reader, and metrics_service resources - Add --metrics-secure, --metrics-require-rbac, --metrics-bind-address flags via JSON patch to serve metrics directly from the manager on port 8443 with TLS and RBAC authentication Ref: AAP-65254 Authored By: Christian M. Adams <chadams@redhat.com> Assisted By: Claude
13 lines
498 B
YAML
13 lines
498 B
YAML
# This patch adds the args to allow exposing the metrics endpoint using HTTPS
|
|
- op: add
|
|
path: /spec/template/spec/containers/0/args/0
|
|
value: --metrics-bind-address=:8443
|
|
# This patch adds the args to allow securing the metrics endpoint
|
|
- op: add
|
|
path: /spec/template/spec/containers/0/args/0
|
|
value: --metrics-secure
|
|
# This patch adds the args to allow RBAC-based authn/authz for the metrics endpoint
|
|
- op: add
|
|
path: /spec/template/spec/containers/0/args/0
|
|
value: --metrics-require-rbac
|