mirror of
https://github.com/ansible/awx-operator.git
synced 2026-03-26 21:33:14 +00:00
5fb6bb7519
Bump operator-sdk, ansible-operator, and OPM binaries to align with the OCP 4.20 / AAP 2.7 target. Replace the deprecated kube-rbac-proxy sidecar (removed in operator-sdk v1.38.0) with controller-runtime's built-in WithAuthenticationAndAuthorization for metrics endpoint protection. Changes: - Makefile: operator-sdk v1.36.1 → v1.40.0, OPM v1.26.0 → v1.55.0 - Dockerfile: ansible-operator base image v1.36.1 → v1.40.0 - Remove kube-rbac-proxy sidecar and auth_proxy_* RBAC manifests - Add metrics_auth_role, metrics_reader, and metrics_service resources - Add --metrics-secure, --metrics-require-rbac, --metrics-bind-address flags via JSON patch to serve metrics directly from the manager on port 8443 with TLS and RBAC authentication Ref: AAP-65254 Authored By: Christian M. Adams <chadams@redhat.com> Assisted By: Claude
15 lines
504 B
YAML
15 lines
504 B
YAML
resources:
|
|
# All RBAC will be applied under this service account in
|
|
# the deployment namespace. You may comment out this resource
|
|
# if your manager will use a service account that exists at
|
|
# runtime. Be sure to update RoleBinding and ClusterRoleBinding
|
|
# subjects if changing service account names.
|
|
- service_account.yaml
|
|
- role.yaml
|
|
- role_binding.yaml
|
|
- leader_election_role.yaml
|
|
- leader_election_role_binding.yaml
|
|
- metrics_auth_role.yaml
|
|
- metrics_auth_role_binding.yaml
|
|
- metrics_reader_role.yaml
|