kube-rbac-proxy currently protects the /metric endpoint in the prometheus-operator.

The operator is deployed as a TLS enabled server, and its metrics endpoint is scraped by Prometheus through kube-rbac-proxy over mTLS.

This task is to investigate the removal of kube-rbac-proxy entirely since the current setup allows anyone to query other endpoints from any pod in the cluster

For example, the following will return a 200 response.

curl -k 'https://prometheus-operator.openshift-monitoring.svc:8080/apis/monitoring.coreos.com/v1/namespaces/openshift-monitoring/prometheuses/k8s/status'