New Kubebuilder / controller-runtime supports securing metrics directly.
Use:
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
Metrics: server.Options{
BindAddress: ":8443",
SecureServing: true,
// authentication + authorization
},
})
This uses controller-runtime’s WithAuthenticationAndAuthorization metrics server, replacing the proxy sidecar.
Benefits
- no sidecar container
- fewer manifests
- officially recommended
- works with new Kubernetes versions
👉 This is what Kubebuilder scaffolds now.
New Kubebuilder / controller-runtime supports securing metrics directly.
Use:
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
Metrics: server.Options{
BindAddress: ":8443",
SecureServing: true,
// authentication + authorization
},
})
This uses controller-runtime’s WithAuthenticationAndAuthorization metrics server, replacing the proxy sidecar.
Benefits
👉 This is what Kubebuilder scaffolds now.