search

grafana / k6-operator

An operator for running distributed k6 tests.
Apache License 2.0
597 stars 166 forks source link

Switch away from authProxy in favor of NetworkPolicies (Kubebuilder deprecation) #440

Open frittentheke opened 3 months ago

frittentheke commented 3 months ago

Feature Description

Kubebuilder is discontinuing the use of Kube RBAC Proxy in favor of NetworkPolicies, see https://github.com/kubernetes-sigs/kubebuilder/issues/3871

Suggested Solution (optional)

When switching to creating network policies, it might

Already existing or connected issues / PRs (optional)

While not immediately related to using a NetworkPolicy to protect the /metrics endpoints the same endpoint is also used to control (e.g. start / stop) the k6 instances. It might make sense to also add a NetworkPolicy protecting the runner pods from being contacted by any other source but the operator.

Related issues:

yorugac commented 3 months ago

Hi @frittentheke, thanks for the issue! ATM, I hope this might be resolved with #235 actually :smile: For now, we can keep this open: let's see how it shapes up in the future :+1: