WHY
Keep images up to date to reduce CVE possibilities

WHAT

• RHSSO
• Grafana
• Envoy
• grafana-ose-oauth-proxy
  Check if updates to the above images are available and add to RHOAM

HOW
RHSSO:
RHOAM installs both RHSSO Operators using the bundle generated by the RHSSO productization pipeline, meaning that RHSSO is essentially available on Red Hat Index.
First step is to check which version of RHSSO we are currently using, this information can be found here: https://github.com/integr8ly/integreatly-operator/blob/master/bundles/rhsso-operator/bundles.yaml#L46
Next go to the Red Hat catalog: https://catalog.redhat.com/software/containers/rh-sso-7/sso7-rhel8-operator-bundle/6160639f5cfcf7adc247ac43?architecture=amd64&image=6583619a6cc4de7fa432e7b0&container-tabs=overview
Check what is the latest available version in here by clicking on "Tags" and selecting the most recent one (up on top).
Compare this against the bundle that integreatly file is currently pointing to.
In the bundle file in integreatly operator repository, you will need to include all the bundles between what RHOAM currently is on, and what your are bumping RHOAM to. For example, if RHOAM is on bundle 7.6.5-8 and you want to upgrade to 7.6.6-3 this means that the bundles:
7.6.6-2 and 7.6.6-1 will also need to be included in the bundle file. Reason for this is that each version of RHSSO operator replaces previous version and there is no skipRanges. For RHOAM to maintain healthy index chain, we need to be including all bundles.

Once you have identified new image, you can follow this document to get the pipelines running and update the rest of the files: https://docs.google.com/document/d/11R-Xab8ioVJW1lXtZEaPkGnd-q7JNx7st9V8qJzxq2k/edit#heading=h.rlksp3sdvxw9
Please note, the "delorean ews" commands aren't necessary.

Grafana & Grafana-ose-oauth-proxy

RHOAMs grafana and grafana-ose-auth-proxy are specified within the RHOAMs codebase here: https://github.com/integr8ly/integreatly-operator/blob/master/pkg/products/grafana/reconciler.go#L350 and https://github.com/integr8ly/integreatly-operator/blob/master/pkg/products/grafana/reconciler.go#L476

Like in RHSSO case, we are using productized images, which means they are available on the Red Hat Catalog.
Find latest Grafana image here: https://catalog.redhat.com/software/containers/rhel9/grafana/6144937d1ea8a4ec32b378f0?architecture=amd64&image=65a8fa78d27014b7bb780b07 > click on "Get this image" and copy/paste the image in your PR
Find latest grafana-ose-oauth-proxy here: https://catalog.redhat.com/software/containers/openshift4/ose-oauth-proxy/5cdb2133bed8bd5717d5ae64?architecture=amd64&image=65a21974087c7c82b05804fb > click on "Get this image" and copy/paste the image in your PR
Also, update the images in this file: https://github.com/integr8ly/integreatly-operator/blob/master/products/additional-images.yaml#L12 for both, Grafana and Proxy.

Envoy:
Envoy image (service-mesh) image is also productized. It can be found Red Hat Catalog here: https://catalog.redhat.com/software/containers/openshift-service-mesh/proxyv2-rhel8/5d2cda455a134672890f640a?architecture=amd64&image=653bb6548d50211cd6b5b1fe
Like in previous cases, get the image and copy/past here: https://github.com/integr8ly/integreatly-operator/blob/master/products/additional-images.yaml#L6 and here: https://github.com/integr8ly/integreatly-operator/blob/master/pkg/resources/ratelimit/envoy.go#L22
Bare in mind that Envoy requires often specific version of the Marin3r, so if bumping Marin3r in the same release as Envoy it is generally better to bump the Marin3r first, then envoy since there's usually more envoy versions available than marin3r.

Dependabot PRs
Review RHOAMs dependabot PRs and merge or close all of them.

DONE:

• New RHSSO version is available and still works (pipeline tests around IDP should be enough to confirm this) including upgrade test
• New Grafana and Grafana OSE images are in RHOAM and Grafana is accessible and works as expected (this must include upgrade testing validation)
• New Envoy image is available and the Rate Limiting still works as expected (sample verification steps can be found here: https://github.com/integr8ly/integreatly-operator/pull/3411)
• No opened Dependabot PRs against Intly repo are present, all PRs are either closed or merged.