This machine config operator manifest is currently using hardcoded a TLS profile for a kube-rbac-proxy sidecar, which is used to serve MachineConfigPool related metrics. This manifest cannot be dynamically updated by the MCO, as it is installed via the CVO. Additionally, the kube-rbac-proxy cannot dynamically change its TLS config; only via command line arguments.

Therefore, the easiest solution to not have a deployment managed by the CVO to not include a kube-rbac-proxy pod. To do this, we need to:

• Move all the metrics currently served from the operator's metric server to the controller's metrics server. The controller's TLS config is defined the MCC manifest, which can be dynamically updated by our operator pod. 
• Remove the metrics server from the operator deployment