From 0c5b054f53b5f22a5bfe96ca8266706e74a6fc78 Mon Sep 17 00:00:00 2001
From: Xunzhuo <bitliu@tencent.com>
Date: Wed, 1 Nov 2023 09:56:02 +0800
Subject: [PATCH] helm: remove kube-rbac-proxy and update metrics service
 (#2108)

---
 .../templates/envoy-gateway-deployment.yaml    | 17 -----------------
 .../templates/metrics-reader-rbac.yaml         | 12 ------------
 charts/gateway-helm/values.tmpl.yaml           | 18 +++---------------
 site/content/en/latest/install/api.md          | 13 +++----------
 4 files changed, 6 insertions(+), 54 deletions(-)
 delete mode 100644 charts/gateway-helm/templates/metrics-reader-rbac.yaml

diff --git a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml
index 8bcd26a0b0f..52e9c419fd9 100644
--- a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml
+++ b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml
@@ -71,23 +71,6 @@ spec:
         - mountPath: /certs
           name: certs
           readOnly: true
-      - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --logtostderr=true
-        - --v=0
-        env:
-        - name: KUBERNETES_CLUSTER_DOMAIN
-          value: {{ .Values.kubernetesClusterDomain }}
-        image: {{ .Values.deployment.kubeRbacProxy.image.repository }}:{{ .Values.deployment.kubeRbacProxy.image.tag | default .Chart.AppVersion }}
-        imagePullPolicy: {{ .Values.deployment.kubeRbacProxy.imagePullPolicy }}
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
-          protocol: TCP
-        resources: {{- toYaml .Values.deployment.kubeRbacProxy.resources | nindent 10
-          }}
       securityContext:
         runAsNonRoot: true
       serviceAccountName: envoy-gateway
diff --git a/charts/gateway-helm/templates/metrics-reader-rbac.yaml b/charts/gateway-helm/templates/metrics-reader-rbac.yaml
deleted file mode 100644
index 3b77e714185..00000000000
--- a/charts/gateway-helm/templates/metrics-reader-rbac.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "eg.fullname" . }}-metrics-reader
-  namespace: '{{ .Release.Namespace }}'
-  labels:
-  {{- include "eg.labels" . | nindent 4 }}
-rules:
-- nonResourceURLs:
-  - /metrics
-  verbs:
-  - get
diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml
index ce5519ae040..b4236aa37c8 100644
--- a/charts/gateway-helm/values.tmpl.yaml
+++ b/charts/gateway-helm/values.tmpl.yaml
@@ -13,18 +13,6 @@ deployment:
       requests:
         cpu: 100m
         memory: 256Mi
-  kubeRbacProxy:
-    image:
-      repository: gcr.io/kubebuilder/kube-rbac-proxy
-      tag: v0.14.1
-    imagePullPolicy: IfNotPresent
-    resources:
-      limits:
-        cpu: 500m
-        memory: 128Mi
-      requests:
-        cpu: 5m
-        memory: 64Mi
   ports:
     - name: grpc
       port: 18000
@@ -49,10 +37,10 @@ config:
 
 envoyGatewayMetricsService:
   ports:
-    - name: https
-      port: 8443
+    - name: http
+      port: 19001
       protocol: TCP
-      targetPort: https
+      targetPort: 19001
 
 createNamespace: false
 
diff --git a/site/content/en/latest/install/api.md b/site/content/en/latest/install/api.md
index f6c859863b0..253d528bdfb 100644
--- a/site/content/en/latest/install/api.md
+++ b/site/content/en/latest/install/api.md
@@ -40,13 +40,6 @@ The Helm chart for Envoy Gateway
 | deployment.envoyGateway.resources.limits.memory | string | `"1024Mi"` |  |
 | deployment.envoyGateway.resources.requests.cpu | string | `"100m"` |  |
 | deployment.envoyGateway.resources.requests.memory | string | `"256Mi"` |  |
-| deployment.kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` |  |
-| deployment.kubeRbacProxy.image.tag | string | `"v0.14.1"` |  |
-| deployment.kubeRbacProxy.imagePullPolicy | string | `"IfNotPresent"` |  |
-| deployment.kubeRbacProxy.resources.limits.cpu | string | `"500m"` |  |
-| deployment.kubeRbacProxy.resources.limits.memory | string | `"128Mi"` |  |
-| deployment.kubeRbacProxy.resources.requests.cpu | string | `"5m"` |  |
-| deployment.kubeRbacProxy.resources.requests.memory | string | `"64Mi"` |  |
 | deployment.pod.annotations | object | `{}` |  |
 | deployment.pod.labels | object | `{}` |  |
 | deployment.ports[0].name | string | `"grpc"` |  |
@@ -56,9 +49,9 @@ The Helm chart for Envoy Gateway
 | deployment.ports[1].port | int | `18001` |  |
 | deployment.ports[1].targetPort | int | `18001` |  |
 | deployment.replicas | int | `1` |  |
-| envoyGatewayMetricsService.ports[0].name | string | `"https"` |  |
-| envoyGatewayMetricsService.ports[0].port | int | `8443` |  |
+| envoyGatewayMetricsService.ports[0].name | string | `"http"` |  |
+| envoyGatewayMetricsService.ports[0].port | int | `19001` |  |
 | envoyGatewayMetricsService.ports[0].protocol | string | `"TCP"` |  |
-| envoyGatewayMetricsService.ports[0].targetPort | string | `"https"` |  |
+| envoyGatewayMetricsService.ports[0].targetPort | int | `19001` |  |
 | kubernetesClusterDomain | string | `"cluster.local"` |  |