netbox-community
diff --git a/‎config/rbac/auth_proxy_client_clusterrole.yaml‎
Lines changed: 0 additions & 16 deletions b/‎config/rbac/auth_proxy_client_clusterrole.yaml‎
Lines changed: 0 additions & 16 deletions
diff --git a/‎config/rbac/auth_proxy_role.yaml‎
Lines changed: 0 additions & 24 deletions b/‎config/rbac/auth_proxy_role.yaml‎
Lines changed: 0 additions & 24 deletions
diff --git a/‎config/rbac/auth_proxy_role_binding.yaml‎
Lines changed: 0 additions & 19 deletions b/‎config/rbac/auth_proxy_role_binding.yaml‎
Lines changed: 0 additions & 19 deletions
diff --git a/‎config/rbac/auth_proxy_service.yaml‎
Lines changed: 0 additions & 22 deletions b/‎config/rbac/auth_proxy_service.yaml‎
Lines changed: 0 additions & 22 deletions
diff --git a/‎config/rbac/kustomization.yaml‎
Lines changed: 9 additions & 7 deletions b/‎config/rbac/kustomization.yaml‎
Lines changed: 9 additions & 7 deletions
diff --git a/‎config/rbac/metrics_auth_role.yaml‎
Lines changed: 17 additions & 0 deletions b/‎config/rbac/metrics_auth_role.yaml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎config/rbac/metrics_auth_role_binding.yaml‎
Lines changed: 12 additions & 0 deletions b/‎config/rbac/metrics_auth_role_binding.yaml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎config/rbac/metrics_reader_role.yaml‎
Lines changed: 9 additions & 0 deletions b/‎config/rbac/metrics_reader_role.yaml‎
Lines changed: 9 additions & 0 deletions
@@ -9,13 +9,15 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-# Comment the following 4 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
-# - auth_proxy_service.yaml
-# - auth_proxy_role.yaml
-# - auth_proxy_role_binding.yaml
-# - auth_proxy_client_clusterrole.yaml
+# The following RBAC configurations are used to protect
+# the metrics endpoint with authn/authz. These configurations
+# ensure that only authorized users and service accounts
+# can access the metrics endpoint. Comment the following
+# permissions if you want to disable this protection.
+# More info: https://book.kubebuilder.io/reference/metrics.html
+- metrics_auth_role.yaml
+- metrics_auth_role_binding.yaml
+- metrics_reader_role.yaml
 # For each CRD, "Editor" and "Viewer" roles are scaffolded by
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines
 
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-auth-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-auth-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metrics-auth-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-reader
+rules:
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get