Skip to content

Commit

Permalink
Upgrade kube-rbac-proxy image to v0.15.0 and disable HTTP/2
Browse files Browse the repository at this point in the history 
The kube-rbac-proxy image was upgraded to version v0.15.0 in both manager_auth_proxy_patch.yaml and node-healthcheck-operator.clusterserviceversion.yaml. Additionally, a new argument was added to disable HTTP/2 to increase security levels following a recently discovered vulnerability.

Signed-off-by: Marc Sluiter <[email protected]>
  • Loading branch information
@slintes
slintes authored and openshift-cherrypick-robot committed Oct 24, 2023
1 parent f734f69 commit ee21e6e
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion bundle/manifests/node-healthcheck-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -401,10 +401,11 @@ spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --http2-disable
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: quay.io/brancz/kube-rbac-proxy:v0.14.4
image: quay.io/brancz/kube-rbac-proxy:v0.15.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
Expand Down
3 changes: 2 additions & 1 deletion config/default/manager_auth_proxy_patch.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,10 @@ spec:
spec:
containers:
- name: kube-rbac-proxy
image: quay.io/brancz/kube-rbac-proxy:v0.14.4
image: quay.io/brancz/kube-rbac-proxy:v0.15.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--http2-disable"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
Expand Down

0 comments on commit ee21e6e

Please sign in to comment.