-
Task
-
Resolution: Obsolete
-
Blocker
-
1.1, 1.2
-
3
-
False
-
-
False
-
RHIDP-4212 - Feature parity between Helm Chart and Operator
-
Release Note Not Required
-
-
-
RHDH Core Team 3264
The deployment "rhdh-operator" installed by the Developer Hub 1.1 operator CSV includes a container with name "kube-rbac-proxy." This container image is:
registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:95ed239eb427c7b1e422ece28c5277b5018efb751c2b472bf502b8216219c047This container image can be found on Red Hat container registry:
https://catalog.redhat.com/software/containers/openshift4/ose-kube-rbac-proxy/5cdb2634dd19c778293b4d98?image=66203aed29005a819106722b&architecture=amd64&container-tabs=securityThis container image has a low health index. It also appears to be specifically for OCP 4.12.
When will this operator be updated to contain a newer version of this image, which contains a higher health index, and possibly with an image version specific to the currently installed OCP version (this cluster is 4.13).
Upgrading to RHDH 1.2 will move to the latest version of v4.12 which is grade A from https://catalog.redhat.com/software/containers/openshift4/ose-kube-rbac-proxy/5cdb2634dd19c778293b4d98?architecture=amd64&image=66508d7ea9115f5432986398
BUt for 1.3 we might consider moving to v4.16 as long as that works on OCP 4.12 clusters, which we still support. https://catalog.redhat.com/software/containers/openshift4/ose-kube-rbac-proxy-rhel9/652809a5244cb343fb4a4b66?architecture=amd64&image=6656da4836bbe7def14e8e19
TODO:
- update container build scripts in janus-idp/operator for both upstream and downstream to use the latest 4.16 kube-rbac-proxy.
- run builds
- verify that things can still be deployed
- verify that an update from 1.2 -> 1.3 works via OLM upgrade
- account is impacted by
-
RHIDP-4236 Remove usage of the kube-rbac-proxy sidecar in the Operator deployment and switch to 'WithAuthenticationAndAuthorization' instead
- Closed
- blocks
-
RHIDP-2298 Consider adding health checks for operator's kube-rbac-proxy container
- Closed
- is related to
-
RHIDP-4236 Remove usage of the kube-rbac-proxy sidecar in the Operator deployment and switch to 'WithAuthenticationAndAuthorization' instead
- Closed
- relates to
-
RHIDP-3784 [1.2.3-0.1724956299] Bump OSE and postgres image refs to the latest working versions
- Closed
-
RHIDP-4097 [1.2.4] Bump OSE & postgresql image refs to the latest working versions (again)
- Closed