From 09eda7b340a808e84e0b9869dedbb82fa3b9daf8 Mon Sep 17 00:00:00 2001 From: Carlo Lobrano Date: Tue, 24 Oct 2023 09:13:37 +0200 Subject: [PATCH] Update kube-rbac-proxy to v0.15.0 - update kube-rbac-proxy to v0.15.0 - disable HTTP/2 to prevent exploitation of CVE HTTP2 Rapid Reset Signed-off-by: Carlo Lobrano --- .../machine-deletion-remediation.clusterserviceversion.yaml | 3 ++- config/default/manager_auth_proxy_patch.yaml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/bundle/manifests/machine-deletion-remediation.clusterserviceversion.yaml b/bundle/manifests/machine-deletion-remediation.clusterserviceversion.yaml index dfed8cd6..e643584c 100644 --- a/bundle/manifests/machine-deletion-remediation.clusterserviceversion.yaml +++ b/bundle/manifests/machine-deletion-remediation.clusterserviceversion.yaml @@ -211,10 +211,11 @@ spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 + - --http2-disable - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 - image: quay.io/brancz/kube-rbac-proxy:v0.14.4 + image: quay.io/brancz/kube-rbac-proxy:v0.15.0 name: kube-rbac-proxy ports: - containerPort: 8443 diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 39b82e50..d977e03b 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -10,9 +10,10 @@ spec: spec: containers: - name: kube-rbac-proxy - image: quay.io/brancz/kube-rbac-proxy:v0.14.4 + image: quay.io/brancz/kube-rbac-proxy:v0.15.0 args: - "--secure-listen-address=0.0.0.0:8443" + - "--http2-disable" - "--upstream=http://127.0.0.1:8080/" - "--logtostderr=true" - "--v=10"