This is about CAPC upgrade from v0.5.0 to v0.6.0. When we were testing the CAPC upgrade, cluster creation failed because CAPC controller pod kept crashing due to the 8443 port conflicts from kube-rbac-proxy and CAPI diagnostic feature (enabled in v0.6.0)
Looks like int the past, rbac proxy was added as a workaround to serve metrics. With diagnostic feature enabled, I believe this rbac proxy is not needed because CAPI diagnostic feature now servers the same purpose - serving metrics endpoint via https (8443)and protected via authentication and authorization.
Given that is it not needed now and also the port conflicts issue, we are proposing to remove the kube-rbac-proxy in the CAPC. Looking forward to your thoughts on this. Thanks!
This is about CAPC upgrade from v0.5.0 to v0.6.0. When we were testing the CAPC upgrade, cluster creation failed because CAPC controller pod kept crashing due to the 8443 port conflicts from kube-rbac-proxy and CAPI diagnostic feature (enabled in v0.6.0)
Looks like int the past, rbac proxy was added as a workaround to serve metrics. With diagnostic feature enabled, I believe this rbac proxy is not needed because CAPI diagnostic feature now servers the same purpose - serving metrics endpoint via https (8443)and protected via authentication and authorization.
Given that is it not needed now and also the port conflicts issue, we are proposing to remove the kube-rbac-proxy in the CAPC. Looking forward to your thoughts on this. Thanks!