search

ceph / ceph-csi-operator

Kubernetes operator for managing the CephCSI plugins
Apache License 2.0
16 stars 18 forks source link

remove decprecation warning from logs #119

Open subhamkrai opened 3 months ago

subhamkrai commented 3 months ago

operator logs start with the below warning in Rook CI, raising the issue for awarness

W0814 04:10:28.248745       1 options.go:164] 
==== Deprecation Warning ======================

Insecure listen address will be removed.
Using --insecure-listen-address won't be possible!

The ability to run kube-rbac-proxy without TLS certificates will be removed.
Not using --tls-cert-file and --tls-private-key-file won't be possible!

For more information, please go to https://github.com/brancz/kube-rbac-proxy/issues/187

===============================================

W0814 04:10:28.248863       1 options.go:215] 
==== Removed Flag Warning ======================

logtostderr is removed in the k8s upstream and has no effect any more.

===============================================
Madhu-1 commented 3 months ago

@subhamkrai can you please point me to the Rook job here?

subhamkrai commented 3 months ago

@subhamkrai can you please point me to the Rook job here?

it will not be in the job, but it will be artifacts of the job. currently job is running I'll share the job.

subhamkrai commented 3 months ago

logs--ceph-csi-operator-controller-manager-6b8ff59ff5-4jmb9.txt

this logs file

Madhu-1 commented 3 months ago

@leelavg are you also seeing this error in operator logs?

leelavg commented 3 months ago

well, I didn't look at kube-rbac-proxy container logs.

nb-ohad commented 3 months ago

@Madhu-1 @subhamkrai We will need to live with that deprecation warning for some time because we are targeting older k8s releases

travisn commented 3 months ago

What K8s version is needed to avoid that warning? Rook just updated the min version supported to v1.26. For running the CSI operator we could easily set the min supported version to v1.27, since that will be our min version for the next Rook release v1.16 where csi operator will no longer be experimental.

Madhu-1 commented 3 months ago

It doesn't look like kubernetes version problem but it's like container image problem, let me check this and see what is the exact problem

Madhu-1 commented 3 months ago

This is not related to kubernetes version, its related to kube-proxy https://github.com/brancz/kube-rbac-proxy/issues/187

leelavg commented 1 month ago

Looked into this for a bit and here are my thoughts

kube-rbac-proxy now wants tls cert & private key file, for d/s there are 2 solutions, https://docs.openshift.com/container-platform/4.17/security/certificates/service-serving-certificate.html or https://github.com/openshift/service-ca-operator but for u/s we need user to deploy https://cert-manager.io/docs/installation/helm/ or provide certificates manually.

however, iirc this dependency is being added by kubebuilder w/ the assumption that non-resource urls (for ex: metrics) also need authentication but csi-op doesn't export any metrics and this dep could be dropped altogether.

if we infact choose to continue, I don't see the seriousness in continuing to use the proxy w/o certs.

Madhu-1 commented 1 month ago

If not required, lets drop the container from the deployment. Lets discuss in the team meeting