Merge pull request #773 from oruharo/remove_auth-proxy

remove auth-proxy

.github/dependabot.yml

@@ -16,9 +16,3 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 0
-
-  - package-ecosystem: "npm" # See documentation for possible values
-    directory: "/web/auth-proxy-ui" # Location of package manifests
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 0

.github/release-drafter.yml

@@ -35,7 +35,6 @@ template: |
   ## Docker Images
   [ghcr.io/cosmo-workspace/cosmo-controller-manager:v$RESOLVED_VERSION](https://github.com/cosmo-workspace/cosmo/pkgs/container/cosmo-controller-manager)
   [ghcr.io/cosmo-workspace/cosmo-dashboard:v$RESOLVED_VERSION](https://github.com/cosmo-workspace/cosmo/pkgs/container/cosmo-dashboard)
-  [ghcr.io/cosmo-workspace/cosmo-auth-proxy:v$RESOLVED_VERSION](https://github.com/cosmo-workspace/cosmo/pkgs/container/cosmo-auth-proxy)
 
   ## How to install
 
@@ -58,9 +57,6 @@ template: |
   # upgrade cosmo-controller-manager
   helm upgrade cosmo-controller-manager cosmo/cosmo-controller-manager -n cosmo-system --values controller-manager.values.yaml
 
-  # update default Templates
-  kubectl apply -f https://raw.githubusercontent.com/cosmo-workspace/cosmo/v$RESOLVED_VERSION/config/user-addon/auth-proxy/user-addon-cosmo-auth-proxy-role.yaml
-
   # upgrade cosmo-dashboard
   helm upgrade cosmo-dashboard cosmo/cosmo-dashboard -n cosmo-system --values dashboard.values.yaml
   ```

.github/workflows/release.yaml

@@ -122,36 +122,6 @@ jobs:
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
 
-  # auth-proxy:
-  #   runs-on: ubuntu-latest
-  #   needs:
-  #     - fix_version
-  #   steps:
-  #     - name: Checkout
-  #       uses: actions/checkout@v3
-  #       with:
-  #         fetch-depth: 0
-  #         ref: main
-  #     - name: Set up QEMU
-  #       uses: docker/setup-qemu-action@v1
-  #     - name: Set up Docker Buildx
-  #       uses: docker/setup-buildx-action@v1
-  #     - name: Login to GitHub Container Registry
-  #       uses: docker/login-action@v1
-  #       with:
-  #         registry: ghcr.io
-  #         username: ${{ github.repository_owner }}
-  #         password: ${{ secrets.GITHUB_TOKEN }}
-  #     - name: Build and push
-  #       id: docker_build
-  #       uses: docker/build-push-action@v2
-  #       with:
-  #         push: true
-  #         file: dockerfile/auth-proxy.Dockerfile
-  #         tags: ${{ 'ghcr.io/' }}${{ github.repository }}${{ '-auth-proxy' }}:${{ needs.fix_version.outputs.version }}
-  #     - name: Image digest
-  #       run: echo ${{ steps.docker_build.outputs.digest }}
-
   traefik-plugins:
     runs-on: ubuntu-latest
     needs:

Makefile

@@ -7,7 +7,6 @@ QUICK_BUILD ?= no
 MANAGER_VERSION   ?= $(VERSION)
 DASHBOARD_VERSION ?= $(VERSION)
 COSMOCTL_VERSION  ?= $(VERSION)
-AUTHPROXY_VERSION ?= $(VERSION)
 TRAEFIK_PLUGINS_VERSION ?= $(VERSION)
 
 
@@ -17,7 +16,6 @@ CHART_TRAEFIK_VERSION ?= $(TRAEFIK_PLUGINS_VERSION)
 
 IMG_MANAGER ?= cosmo-controller-manager:$(MANAGER_VERSION)
 IMG_DASHBOARD ?= cosmo-dashboard:$(DASHBOARD_VERSION)
-IMG_AUTHPROXY ?= cosmo-auth-proxy:$(AUTHPROXY_VERSION)
 IMG_TRAEFIK_PLUGINS ?= cosmo-traefik-plugins:$(TRAEFIK_PLUGINS_VERSION)
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:generateEmbeddedObjectMeta=true"
@@ -48,7 +46,7 @@ help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
 .PHONY: all
-all: manager cosmoctl dashboard auth-proxy
+all: manager cosmoctl dashboard
 
 ##---------------------------------------------------------------------
 ##@ Development
@@ -208,10 +206,6 @@ cosmoctl: go generate fmt vet ## Build cosmoctl binary.
 dashboard: go generate fmt vet ## Build dashboard binary.
 	CGO_ENABLED=0 $(GO) build -o bin/dashboard ./cmd/dashboard/main.go
 
-.PHONY: auth-proxy
-auth-proxy: go generate fmt vet ## Build auth-proxy binary.
-	CGO_ENABLED=0 $(GO) build -o bin/auth-proxy ./cmd/auth-proxy/main.go
-
 .PHONY: update-version
 update-version: kustomize ## Update version in version.go.
 ifndef VERSION
@@ -226,7 +220,6 @@ endif
 	sed -i.bk -e "s/v[0-9]\+.[0-9]\+.[0-9]\+.* cosmo-workspace/${MANAGER_VERSION} cosmo-workspace/" ./cmd/controller-manager/main.go
 	sed -i.bk -e "s/v[0-9]\+.[0-9]\+.[0-9]\+.* cosmo-workspace/${DASHBOARD_VERSION} cosmo-workspace/" ./internal/dashboard/root.go
 	sed -i.bk -e "s/v[0-9]\+.[0-9]\+.[0-9]\+.* cosmo-workspace/${COSMOCTL_VERSION} cosmo-workspace/" ./internal/cmd/version/version.go
-	sed -i.bk -e "s/v[0-9]\+.[0-9]\+.[0-9]\+.* cosmo-workspace/${AUTHPROXY_VERSION} cosmo-workspace/" ./cmd/auth-proxy/main.go
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG_MANAGER}
 	cd config/dashboard && $(KUSTOMIZE) edit set image dashboard=${IMG_DASHBOARD}
 	sed -i.bk \
@@ -279,17 +272,6 @@ endif
 run-dashboard-ui: ## Run dashboard-ui.
 	cd web/dashboard-ui && yarn install && yarn start
 
-.PHONY: run-auth-proxy
-run-auth-proxy: go generate fmt vet manifests ## Run auth-proxy against the configured Kubernetes cluster in ~/.kube/config.
-	$(GO) run ./cmd/auth-proxy/main.go \
-		--zap-log-level $(LOG_LEVEL) \
-		--zap-time-encoding=iso8601 \
-		--insecure
-
-.PHONY: run-auth-proxy-ui
-run-auth-proxy-ui: ## Run auth-proxy-ui.
-	cd web/auth-proxy-ui && yarn install && yarn dev --port 3010
-
 .PHONY: run
 run: go generate fmt vet manifests ## Run controller-manager against the configured Kubernetes cluster in ~/.kube/config.
 	$(GO) run ./cmd/controller-manager/main.go \
@@ -302,7 +284,7 @@ run: go generate fmt vet manifests ## Run controller-manager against the configu
 ##@ Docker build
 ##---------------------------------------------------------------------
 .PHONY: docker-build
-docker-build: docker-build-manager docker-build-dashboard docker-build-auth-proxy docker-build-traefik-plugins ## Build the docker image.
+docker-build: docker-build-manager docker-build-dashboard docker-build-traefik-plugins ## Build the docker image.
 
 .PHONY: docker-build-manager
 docker-build-manager: test ## Build the docker image for controller-manager.
@@ -312,16 +294,12 @@ docker-build-manager: test ## Build the docker image for controller-manager.
 docker-build-dashboard: test ## Build the docker image for dashboard.
 	DOCKER_BUILDKIT=1 docker build . -t ${IMG_DASHBOARD} -f dockerfile/dashboard.Dockerfile
 
-.PHONY: docker-build-auth-proxy
-docker-build-auth-proxy: test ## Build the docker image for auth-proxy.
-	DOCKER_BUILDKIT=1 docker build . -t ${IMG_AUTHPROXY} -f dockerfile/auth-proxy.Dockerfile
-
 .PHONY: docker-build-traefik-plugins
 docker-build-traefik-plugins: test ## Build the docker image for traefik-plugins.
 	DOCKER_BUILDKIT=1 docker build . -t ${IMG_TRAEFIK_PLUGINS} -f dockerfile/traefik-plugins.Dockerfile
 
-.PHONY: docker-push docker-push-manager docker-push-dashboard docker-push-auth-proxy docker-push-traefik-plugins
-docker-push: docker-push-manager docker-push-dashboard docker-push-auth-proxy docker-push-traefik-plugins ## Build the docker image.
+.PHONY: docker-push docker-push-manager docker-push-dashboard docker-push-traefik-plugins
+docker-push: docker-push-manager docker-push-dashboard docker-push-traefik-plugins ## Build the docker image.
 
 REGISTORY ?= ghcr.io/cosmo-workspace
 
@@ -333,10 +311,6 @@ docker-push-dashboard: docker-build-dashboard ## push cosmo dashboard image.
 	docker tag ${IMG_DASHBOARD} ${REGISTORY}/${IMG_DASHBOARD}
 	docker push ${REGISTORY}/${IMG_DASHBOARD}
 
-docker-push-auth-proxy: docker-build-auth-proxy ## push cosmo auth-proxy image.
-	docker tag ${IMG_AUTHPROXY} ${REGISTORY}/${IMG_AUTHPROXY}
-	docker push ${REGISTORY}/${IMG_AUTHPROXY}
-
 docker-push-traefik-plugins: docker-build-traefik-plugins ## push cosmo traefik-plugins image.
 	docker tag ${IMG_TRAEFIK_PLUGINS} ${REGISTORY}/${IMG_TRAEFIK_PLUGINS}
 	docker push ${REGISTORY}/${IMG_TRAEFIK_PLUGINS}

config/default/kustomization.yaml

@@ -26,11 +26,6 @@ bases:
 #- ../prometheus
 
 patchesStrategicMerge:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
-
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
 #- manager_config_patch.yaml
@@ -72,4 +67,4 @@ vars:
   objref:
     kind: Service
     version: v1
-    name: webhook-service
+    name: webhook-service

config/rbac/kustomization.yaml

@@ -1,18 +1,11 @@
 resources:
-# All RBAC will be applied under this service account in
-# the deployment namespace. You may comment out this resource
-# if your manager will use a service account that exists at
-# runtime. Be sure to update RoleBinding and ClusterRoleBinding
-# subjects if changing service account names.
-- service_account.yaml
-- role.yaml
-- role_binding.yaml
-- leader_election_role.yaml
-- leader_election_role_binding.yaml
-# Comment the following 4 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml
-- auth_proxy_client_clusterrole.yaml
+  # All RBAC will be applied under this service account in
+  # the deployment namespace. You may comment out this resource
+  # if your manager will use a service account that exists at
+  # runtime. Be sure to update RoleBinding and ClusterRoleBinding
+  # subjects if changing service account names.
+  - service_account.yaml
+  - role.yaml
+  - role_binding.yaml
+  - leader_election_role.yaml
+  - leader_election_role_binding.yaml