-
Task
-
Resolution: Obsolete
-
Blocker
-
1.1, 1.2
-
3
-
False
-
-
False
-
RHIDP-4212 - Feature parity between Helm Chart and Operator
-
Release Note Not Required
-
-
-
RHDH Core Team 3264
The deployment "rhdh-operator" installed by the Developer Hub 1.1 operator CSV includes a container with name "kube-rbac-proxy." This container image is:
registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:95ed239eb427c7b1e422ece28c5277b5018efb751c2b472bf502b8216219c047This container image can be found on Red Hat container registry:
https://catalog.redhat.com/software/containers/openshift4/ose-kube-rbac-proxy/5cdb2634dd19c778293b4d98?image=66203aed29005a819106722b&architecture=amd64&container-tabs=securityThis container image has a low health index. It also appears to be specifically for OCP 4.12.
When will this operator be updated to contain a newer version of this image, which contains a higher health index, and possibly with an image version specific to the currently installed OCP version (this cluster is 4.13).
Upgrading to RHDH 1.2 will move to the latest version of v4.12 which is grade A from https://catalog.redhat.com/software/containers/openshift4/ose-kube-rbac-proxy/5cdb2634dd19c778293b4d98?architecture=amd64&image=66508d7ea9115f5432986398
BUt for 1.3 we might consider moving to v4.16 as long as that works on OCP 4.12 clusters, which we still support. https://catalog.redhat.com/software/containers/openshift4/ose-kube-rbac-proxy-rhel9/652809a5244cb343fb4a4b66?architecture=amd64&image=6656da4836bbe7def14e8e19
TODO:
- update container build scripts in janus-idp/operator for both upstream and downstream to use the latest 4.16 kube-rbac-proxy.
- run builds
- verify that things can still be deployed
- verify that an update from 1.2 -> 1.3 works via OLM upgrade
- account is impacted by
-
-
- Closed
-
- blocks
-
-
- Closed
-
- is related to
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
[RHIDP-2830] Upgrade to latest supported stream of ose-kube-rbac-proxy-rhel9 4.16
Comparing the pod logs for 4.12, 4.14, and rhel9 4.16:
4.14 - two deprecations:
- Using --insecure-listen-address won't be possible!
- Not using --tls-cert-file and --tls-private-key-file won't be possible! https://github.com/brancz/kube-rbac-proxy/issues/187
4.16 - the same deprecations and one removed flag:
- logtostderr is removed in the k8s upstream and has no effect any more.
Experimenting in the 1.3 branch to see if we can deploy via operator on OCP <4.16 using the OSE RHEL9 4.16 image.
diff --git a/manifests/rhdh-operator.csv.yaml b/manifests/rhdh-operator.csv.yaml index ddeab83..ac87edd 100644 --- a/manifests/rhdh-operator.csv.yaml +++ b/manifests/rhdh-operator.csv.yaml @@ -219,7 +219,7 @@ spec: - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=0 - image: registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.12 + image: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9:v4.16 name: kube-rbac-proxy $➔ brw -s brew container-build rhdh-1.3-rhel-9-containers-candidate git+https://pkgs.devel.redhat.com/git/containers/rhdh-operator-bundle#e18445f3cefd2d9878f2d02e1974f79f723e4516 --git-branch rhdh-1.3-rhel-9 --nowait --scratch
Scratch build at: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=64557798
==> quay.io/rhdh/rhdh-operator-bundle:rhdh-1.3-rhel-9-containers-candidate-50167-20240926132959
TODO:
- install 1.3 via operator, then switch to this image and see if deployment works and pods are started
As of today, the latest A grade container by floating tag (latest) is v4.15.0-202407021637.p0.ge8e8c84.assembly.stream.el8 (27 days old) but the most recent build is v4.13.0-202407121908.p0.gae32bfa.assembly.stream.el8 (6 days ago)
There is no 4.16 tag.
So we could use caution and move to 4.13, or throw caution to the wind and move to 4.15.
Either way this is not urgent as the latest 4.12 builds are grade A as well, having been updated only 12 days ago
1.2 operator is live https://catalog.redhat.com/search?gs&q=rhdh&searchType=containers – you just have to go look for it 
However we're investigating a helm chart issue at the moment in RHIDP-2931
Hi @Nick Boldt for this case you mentioned that it is fixed in 1.2 to share it with our customer, however the latest version available is rhdh-operator.v1.1.2. Do you know when rhdh-operator.v1.2 will be release ?
Closed as no longer needed now that
RHIDP-4236is implemented.