From 6abaf7014924f3895082ddc6421739172038c6a4 Mon Sep 17 00:00:00 2001 From: Carlo Lobrano Date: Tue, 24 Oct 2023 10:00:35 +0200 Subject: [PATCH] Update kube-rbac-proxy to v0.15.0 - Update kube-rbac-proxy to v0.15.0 - disable HTTP/2 to prevent exploitation of CVE HTTP2 Rapid Reset Signed-off-by: Carlo Lobrano --- .../fence-agents-remediation.clusterserviceversion.yaml | 3 ++- config/default/manager_auth_proxy_patch.yaml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml b/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml index 4c5eb6e9..556a048f 100644 --- a/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml +++ b/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml @@ -230,10 +230,11 @@ spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 + - --http2-disable - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=0 - image: quay.io/brancz/kube-rbac-proxy:v0.14.4 + image: quay.io/brancz/kube-rbac-proxy:v0.15.0 name: kube-rbac-proxy ports: - containerPort: 8443 diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 9391d3fb..359ee3e9 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -10,9 +10,10 @@ spec: spec: containers: - name: kube-rbac-proxy - image: quay.io/brancz/kube-rbac-proxy:v0.14.4 + image: quay.io/brancz/kube-rbac-proxy:v0.15.0 args: - "--secure-listen-address=0.0.0.0:8443" + - "--http2-disable" - "--upstream=http://127.0.0.1:8080/" - "--logtostderr=true" - "--v=0"