Remove kube-rbac-proxy

[dgn]

Replaces proxy with controller-runtime functionality. Fixes #502.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 18 lines in your changes missing coverage. Please review.

Project coverage is 75.33%. Comparing base (9159944) to head (7a07d4e).
Report is 5 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/main.go	0.00%	18 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #556      +/-   ##
==========================================
- Coverage   75.65%   75.33%   -0.33%     
==========================================
  Files          40       40              
  Lines        2481     2497      +16     
==========================================
+ Hits         1877     1881       +4     
- Misses        514      527      +13     
+ Partials       90       89       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[FilipB]

@dgn could you please confirm that following can be removed after this?

[dgn]

@dgn could you please confirm that following can be removed after this?

Yep!

[dgn]

/retest

[dgn]

/retest

[dgn]

/retest

[dgn]

/cherry-pick release-1.0

[istio-testing]

@dgn: once the present PR merges, I will cherry-pick it on top of release-1.0 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[sridhargaddam]

Nice work Daniel. I verified the PR in both v4 and dualStack clusters and it works fine.

$ curl -4 -s -k -H "Authorization: Bearer `cat /var/run/secrets/kubernetes.io/serviceaccount/token`" https://sail-operator-metrics-service.sail-operator.svc.cluster.local:8443/metrics
# HELP certwatcher_read_certificate_errors_total Total number of certificate read errors
# TYPE certwatcher_read_certificate_errors_total counter
certwatcher_read_certificate_errors_total 0
# HELP certwatcher_read_certificate_total Total number of certificate reads
# TYPE certwatcher_read_certificate_total counter
certwatcher_read_certificate_total 0

$ curl -6 -s -k -H "Authorization: Bearer `cat /var/run/secrets/kubernetes.io/serviceaccount/token`" https://sail-operator-metrics-service.sail-operator.svc.cluster.local:8443/metrics
# HELP certwatcher_read_certificate_errors_total Total number of certificate read errors
# TYPE certwatcher_read_certificate_errors_total counter
certwatcher_read_certificate_errors_total 0
# HELP certwatcher_read_certificate_total Total number of certificate reads
# TYPE certwatcher_read_certificate_total counter
certwatcher_read_certificate_total 0

Suggestion:

1. Instead of spawning the "curl-metrics" pod in the "sail-operator" namespace, probably it would be good to create a new namespace and run the curl from that namespace.

2. In the current state after running the e2e test, the curl-metrics pod continues to stay in "completed" state. If we use a different namespace, we can even delete the namespace after the validation (i.e., in Line 178) to remove all the test artifacts.

[dgn]

Thanks Sridhar! Good idea to use a different namespace. Will push a change

[istio-testing]

@dgn: new pull request created: #577

In response to this:

/cherry-pick release-1.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.