From e08bf984c31d59c5c25e16d7ce228d81559149a4 Mon Sep 17 00:00:00 2001 From: Carlo Lobrano Date: Tue, 24 Oct 2023 09:13:37 +0200 Subject: [PATCH] Update kube-rbac-proxy to v0.15.0 - update kube-rbac-proxy to v0.15.0 - disable HTTP/2 to prevent exploitation of CVE HTTP2 Rapid Reset Signed-off-by: Carlo Lobrano --- .../machine-deletion-remediation.clusterserviceversion.yaml | 5 +++-- config/default/manager_auth_proxy_patch.yaml | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/bundle/manifests/machine-deletion-remediation.clusterserviceversion.yaml b/bundle/manifests/machine-deletion-remediation.clusterserviceversion.yaml index dfed8cd6..3cac65c2 100644 --- a/bundle/manifests/machine-deletion-remediation.clusterserviceversion.yaml +++ b/bundle/manifests/machine-deletion-remediation.clusterserviceversion.yaml @@ -47,7 +47,7 @@ metadata: capabilities: Basic Install categories: OpenShift Optional containerImage: "" - createdAt: "" + createdAt: "2023-10-24T07:11:43Z" description: Machine Deletion Remediation operator for reprovisioning unhealthy nodes using the Machine API. olm.skipRange: '>=0.0.1' @@ -211,10 +211,11 @@ spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 + - --http2-disable - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 - image: quay.io/brancz/kube-rbac-proxy:v0.14.4 + image: quay.io/brancz/kube-rbac-proxy:v0.15.0 name: kube-rbac-proxy ports: - containerPort: 8443 diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 39b82e50..d977e03b 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -10,9 +10,10 @@ spec: spec: containers: - name: kube-rbac-proxy - image: quay.io/brancz/kube-rbac-proxy:v0.14.4 + image: quay.io/brancz/kube-rbac-proxy:v0.15.0 args: - "--secure-listen-address=0.0.0.0:8443" + - "--http2-disable" - "--upstream=http://127.0.0.1:8080/" - "--logtostderr=true" - "--v=10"