From 8097d83e9b06dcf2f5c22436e0f2562345e58dfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20=C5=9Awi=C4=85tek?= Date: Fri, 21 Jun 2024 12:58:45 +0200 Subject: [PATCH] deps: upgrade kube-rbac-proxy to v0.18.0 This fixes CVE-2023-45288 and CVE-2022-21698. --- helm/tailing-sidecar-operator/values.yaml | 4 ++-- operator/config/default/manager_auth_proxy_patch.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/tailing-sidecar-operator/values.yaml b/helm/tailing-sidecar-operator/values.yaml index dca13867..cdf2fc33 100644 --- a/helm/tailing-sidecar-operator/values.yaml +++ b/helm/tailing-sidecar-operator/values.yaml @@ -67,7 +67,7 @@ kubeRbacProxy: image: pullPolicy: IfNotPresent repository: quay.io/brancz/kube-rbac-proxy - tag: v0.11.0 + tag: v0.18.0 resources: limits: cpu: 500m @@ -82,7 +82,7 @@ kubeRbacProxy: webhook: failurePolicy: Ignore reinvocationPolicy: Never - + objectSelector: {} # matchLabels: # tailing-sidecar: "true" diff --git a/operator/config/default/manager_auth_proxy_patch.yaml b/operator/config/default/manager_auth_proxy_patch.yaml index 04d0bd5e..8245dc87 100644 --- a/operator/config/default/manager_auth_proxy_patch.yaml +++ b/operator/config/default/manager_auth_proxy_patch.yaml @@ -1,4 +1,4 @@ -# This patch inject a sidecar container which is a HTTP proxy for the +# This patch inject a sidecar container which is a HTTP proxy for the # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 kind: Deployment @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: quay.io/brancz/kube-rbac-proxy:v0.11.0 + image: quay.io/brancz/kube-rbac-proxy:v0.18.0 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/"