Remove kube-rbac-proxy references and implement upgrade-sdk 1.38 changes (#1565)

* remove kube-rbac-proxy references and implement upgrade-sdk 1.38 changes

* fix kustomize references

* fix container number for debug

* cleanup

* fix service for metrics

---------

Co-authored-by: Patryk Wasielewski <pwasiele@splunk.com>

Author: patrykw-splunk

config/debug/kustomization-cluster.yaml

@@ -119,7 +119,7 @@ patches:
     name: controller-manager
   patch: |-
     - op: add
-      path: /spec/template/spec/containers/2/env
+      path: /spec/template/spec/containers/1/env
       value: 
       - name: WATCH_NAMESPACE
         value: WATCH_NAMESPACE_VALUE

config/debug/kustomization-namespace.yaml

@@ -119,7 +119,7 @@ patches:
     name: controller-manager
   patch: |-
     - op: add
-      path: /spec/template/spec/containers/2/env
+      path: /spec/template/spec/containers/1/env
       value: 
       - name: WATCH_NAMESPACE
         valueFrom:

config/debug/kustomization.yaml

@@ -25,12 +25,10 @@ bases:
 #- ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
+# [METRICS] Expose the controller manager metrics service.
+- metrics_service.yaml
 
 patchesStrategicMerge:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
 - debug-sidecar-patch.yaml
 
 
@@ -121,7 +119,7 @@ patches:
     name: controller-manager
   patch: |-
     - op: add
-      path: /spec/template/spec/containers/2/env
+      path: /spec/template/spec/containers/1/env
       value: 
       - name: WATCH_NAMESPACE
         value: WATCH_NAMESPACE_VALUE
@@ -134,4 +132,9 @@ patches:
       - name: POD_NAME
         valueFrom:
           fieldRef:
-            fieldPath: metadata.name
+            fieldPath: metadata.name
+# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
+# More info: https://book.kubebuilder.io/reference/metrics
+- path: manager_metrics_patch.yaml
+  target:
+    kind: Deployment

config/debug/manager_auth_proxy_patch.yaml

@@ -0,0 +1,4 @@
+# This patch adds the args to allow exposing the metrics endpoint using HTTPS
+- op: add
+  path: /spec/template/spec/containers/1/args/0
+  value: --metrics-bind-address=:8443

config/debug/manager_config_patch.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: controller-manager
+    app.kubernetes.io/managed-by: kustomize
+  name: controller-manager-metrics-service
+  namespace: system
+spec:
+  ports:
+    - name: https
+      port: 8443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    control-plane: controller-manager

config/debug/manager_metrics_patch.yaml

@@ -119,7 +119,7 @@ patches:
     name: controller-manager
   patch: |-
     - op: add
-      path: /spec/template/spec/containers/2/env
+      path: /spec/template/spec/containers/0/env
       value: 
       - name: WATCH_NAMESPACE
         value: WATCH_NAMESPACE_VALUE

config/debug/metrics_service.yaml

@@ -119,7 +119,7 @@ patches:
     name: controller-manager
   patch: |-
     - op: add
-      path: /spec/template/spec/containers/2/env
+      path: /spec/template/spec/containers/0/env
       value: 
       - name: WATCH_NAMESPACE
         valueFrom:

config/default/kustomization-cluster.yaml

@@ -25,13 +25,11 @@ bases:
 #- ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
+# [METRICS] Expose the controller manager metrics service.
+- metrics_service.yaml
 
-patchesStrategicMerge:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
 
+patchesStrategicMerge:
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
 #- manager_config_patch.yaml
@@ -119,7 +117,7 @@ patches:
     name: controller-manager
   patch: |-
     - op: add
-      path: /spec/template/spec/containers/2/env
+      path: /spec/template/spec/containers/0/env
       value: 
       - name: WATCH_NAMESPACE
         value: WATCH_NAMESPACE_VALUE
@@ -132,4 +130,9 @@ patches:
       - name: POD_NAME
         valueFrom:
           fieldRef:
-            fieldPath: metadata.name
+            fieldPath: metadata.name
+# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
+# More info: https://book.kubebuilder.io/reference/metrics
+- path: manager_metrics_patch.yaml
+  target:
+    kind: Deployment