Tang Operator Controller Manager reports a kube-rbac-proxy warning

[prb112]

Background

The Tang Operator Controller Manager reports a warning.

oc logs pod/tang-operator-controller-manager-7c8b6bf748-gsnq4 -n nbde

W0229 18:07:54.932304       1 kube-rbac-proxy.go:155] 
==== Deprecation Warning ======================

Insecure listen address will be removed.
Using --insecure-listen-address won't be possible!

The ability to run kube-rbac-proxy without TLS certificates will be removed.
Not using --tls-cert-file and --tls-private-key-file won't be possible!

For more information, please go to https://github.com/brancz/kube-rbac-proxy/issues/187

===============================================

It could be caused by https://github.com/search?q=repo%3Alatchset%2Ftang-operator+http%3A%2F%2F127.0.0.1%3A8080%2F&type=code

and source is https://github.com/brancz/kube-rbac-proxy/blob/master/cmd/kube-rbac-proxy/app/options/options.go#L163

I hope this helps

Thanks,

Paul

[sarroutbi]

Hello. I tried starting kube-rbac-proxy in https address, by setting this change:

+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -14,7 +14,7 @@ spec:
         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
         args:
         - "--secure-listen-address=0.0.0.0:8443"
-        - "--upstream=http://127.0.0.1:8080/"
+        - "--upstream=https://127.0.0.1:8080/"
         - "--logtostderr=true"
         - "--v=10"
         - "--http2-disable"

I have also checked that the change is applied on starting controller pod ...

$ oc describe pod tang-operator-controller-manager
...
    Args:
      --secure-listen-address=0.0.0.0:8443
      --upstream=https://127.0.0.1:8080/
      --logtostderr=true
      --v=10
      --http2-disable
...

However, it seems warning is still dumped. I need to continue investigating how to fix this ...

[sarroutbi]

Sorry, forget my previous comment. Certificates must be provided for the warning to disappear. We will keep this open and review operator-sdk provided solution