Merge pull request #6368 from pmtk/dns-pod-kube-rbac-proxy-fix-args

NO-ISSUE: Add DNS' core-rbac-proxy args and template TLS Cipher Suites & Min Version

Author: openshift-merge-bot[bot]

Makefile.version.aarch64.var

@@ -1 +1 @@
-OCP_VERSION := 4.22.0-0.nightly-arm64-2026-03-16-023946
+OCP_VERSION := 4.22.0-0.nightly-arm64-2026-03-17-075144

Makefile.version.x86_64.var

@@ -1 +1 @@
-OCP_VERSION := 4.22.0-0.nightly-2026-03-15-203841
+OCP_VERSION := 4.22.0-0.nightly-2026-03-17-104634

assets/components/multus/kustomization.aarch64.yaml

@@ -2,7 +2,7 @@
 images:
   - name: multus-cni-microshift
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:346179a6e0b2b56a4f1ba1a0085bdb58cd9ef1ac3514018d1f3351e48e81b275
+    digest: sha256:50e5e48edb99e4c89d03c0edcfc58ffbc3081d2b5b189431b6d6e8b565c749a0
   - name: containernetworking-plugins-microshift
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:40c1962394cb18ec4ea81eb0a301f76330fb7c4b0b27eaf5eded647b9e86b90e
+    digest: sha256:81ee1fcc06b556e5ba7fd737137e500bbf249006d022593958c67324d8ce74e6

assets/components/multus/kustomization.x86_64.yaml

@@ -2,7 +2,7 @@
 images:
   - name: multus-cni-microshift
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:a0d4399c420679b4b33edd4554c44ab825585d4efccca2291c20a627df8b09c6
+    digest: sha256:51f90ebc8bc3eb0d031cfc41a3720fffd5d3eaad4a31141bfee675b1f8d567ce
   - name: containernetworking-plugins-microshift
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:9a9e34cc3ccad8eba2b490c787113d20acacbb36a1b601783d3d41199e8cc6e7
+    digest: sha256:11f416d27af7b4c42a7ca5aba11afd5c57a919e8e142e5f4959b0d503dbfa327

assets/components/multus/release-multus-aarch64.json

@@ -1,9 +1,9 @@
 {
   "release": {
-    "base": "4.22.0-0.nightly-arm64-2026-03-16-023946"
+    "base": "4.22.0-0.nightly-arm64-2026-03-17-075144"
   },
   "images": {
-    "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:346179a6e0b2b56a4f1ba1a0085bdb58cd9ef1ac3514018d1f3351e48e81b275",
-    "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:40c1962394cb18ec4ea81eb0a301f76330fb7c4b0b27eaf5eded647b9e86b90e"
+    "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:50e5e48edb99e4c89d03c0edcfc58ffbc3081d2b5b189431b6d6e8b565c749a0",
+    "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:81ee1fcc06b556e5ba7fd737137e500bbf249006d022593958c67324d8ce74e6"
   }
 }

assets/components/multus/release-multus-x86_64.json

@@ -1,9 +1,9 @@
 {
   "release": {
-    "base": "4.22.0-0.nightly-2026-03-15-203841"
+    "base": "4.22.0-0.nightly-2026-03-17-104634"
   },
   "images": {
-    "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a0d4399c420679b4b33edd4554c44ab825585d4efccca2291c20a627df8b09c6",
-    "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9a9e34cc3ccad8eba2b490c787113d20acacbb36a1b601783d3d41199e8cc6e7"
+    "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:51f90ebc8bc3eb0d031cfc41a3720fffd5d3eaad4a31141bfee675b1f8d567ce",
+    "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:11f416d27af7b4c42a7ca5aba11afd5c57a919e8e142e5f4959b0d503dbfa327"
   }
 }

assets/components/openshift-dns/dns/daemonset.yaml

@@ -24,7 +24,7 @@ spec:
               readOnly: true
             - mountPath: /tmp
               name: tmp-dir
-            {{- if .HostsEnabled }}  
+            {{- if .HostsEnabled }}
             - mountPath: /tmp/hosts
               name: hosts
               readOnly: true
@@ -63,13 +63,6 @@ spec:
             readOnlyRootFilesystem: true
           image: '{{ .ReleaseImage.coredns }}'
         - name: kube-rbac-proxy
-          args:
-            - --logtostderr
-            - --secure-listen-address=:9154
-            - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-            - --upstream=http://127.0.0.1:9153/
-            - --tls-cert-file=/etc/tls/private/tls.crt
-            - --tls-private-key-file=/etc/tls/private/tls.key
           ports:
             - containerPort: 9154
               name: metrics
@@ -87,6 +80,13 @@ spec:
           securityContext:
             readOnlyRootFilesystem: true
           image: '{{ .ReleaseImage.kube_rbac_proxy }}'
+          args:
+            - --secure-listen-address=:9154
+            - --tls-cipher-suites={{ .TLSCipherSuites }}
+            - --tls-min-version={{ .TLSMinVersion }}
+            - --upstream=http://127.0.0.1:9153/
+            - --tls-cert-file=/etc/tls/private/tls.crt
+            - --tls-private-key-file=/etc/tls/private/tls.key
           imagePullPolicy: IfNotPresent
       dnsPolicy: Default
       volumes:

assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml

@@ -2,26 +2,26 @@
 images:
   - name: quay.io/operator-framework/olm
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:2117f6b445a949a484722170568f69b64ad35c728eb23a20f439e6dbbbf0c6ab
+    digest: sha256:e1fa426d6a06aaeb7a8922e09bceaf92e124dbfd40d018484ea0272c2d3d40ec
   - name: quay.io/operator-framework/configmap-operator-registry
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:ede57976518d8de0e2b466e1529a8acffe1bc2a9e59f65766362fae0bef88ada
+    digest: sha256:d4a73641d8d2f9e84ccc5bbe5529c2a45d57378dab0c3bdb5df6ab933231683e
   - name: quay.io/openshift/origin-kube-rbac-proxy
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:404e91fe9b4e8281891e017be366b9a7eb312a2cfd35df45c4e97442f000d897
+    digest: sha256:3808a275427e399c43f7b769542f32e15320c8984dd7b44e372ba4f8b06696db
 
 patches:
   - patch: |-
      - op: add
        path: /spec/template/spec/containers/0/env/-
        value:
          name: OPERATOR_REGISTRY_IMAGE
-         value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ede57976518d8de0e2b466e1529a8acffe1bc2a9e59f65766362fae0bef88ada
+         value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d4a73641d8d2f9e84ccc5bbe5529c2a45d57378dab0c3bdb5df6ab933231683e
      - op: add
        path: /spec/template/spec/containers/0/env/-
        value:
          name: OLM_IMAGE
-         value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2117f6b445a949a484722170568f69b64ad35c728eb23a20f439e6dbbbf0c6ab
+         value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e1fa426d6a06aaeb7a8922e09bceaf92e124dbfd40d018484ea0272c2d3d40ec
     target:
       kind: Deployment
       labelSelector: app=catalog-operator

assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml

@@ -2,26 +2,26 @@
 images:
   - name: quay.io/operator-framework/olm
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:c8b30a999339e0d278e12459cc6e9717fef134c31bf8d197f2decd58e69a3ce1
+    digest: sha256:b2c9e33a9bb2272fe959221d82a335dd3258b6fd703ab3c6bb795634f1d5685d
   - name: quay.io/operator-framework/configmap-operator-registry
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:37a44a613e53626d6adf4556219701e16455fb71603eca7865d464ffcb0d73ed
+    digest: sha256:52c91cf06f1971592b333f9350a8227e2b3d7c0cd1f38205f49ef1728db1fa64
   - name: quay.io/openshift/origin-kube-rbac-proxy
     newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-    digest: sha256:2ead40d6af5a9159a3452c2aeeb347bcc63064f7cc4858e789473581c7e0158b
+    digest: sha256:198863a1d295199013dbaf0d58077027af91abecf2af32968f7103368a0d2785
 
 patches:
   - patch: |-
      - op: add
        path: /spec/template/spec/containers/0/env/-
        value:
          name: OPERATOR_REGISTRY_IMAGE
-         value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:37a44a613e53626d6adf4556219701e16455fb71603eca7865d464ffcb0d73ed
+         value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52c91cf06f1971592b333f9350a8227e2b3d7c0cd1f38205f49ef1728db1fa64
      - op: add
        path: /spec/template/spec/containers/0/env/-
        value:
          name: OLM_IMAGE
-         value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c8b30a999339e0d278e12459cc6e9717fef134c31bf8d197f2decd58e69a3ce1
+         value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b2c9e33a9bb2272fe959221d82a335dd3258b6fd703ab3c6bb795634f1d5685d
     target:
       kind: Deployment
       labelSelector: app=catalog-operator

assets/optional/operator-lifecycle-manager/release-olm-aarch64.json

@@ -1,10 +1,10 @@
 {
   "release": {
-    "base": "4.22.0-0.nightly-arm64-2026-03-16-023946"
+    "base": "4.22.0-0.nightly-arm64-2026-03-17-075144"
   },
   "images": {
-    "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2117f6b445a949a484722170568f69b64ad35c728eb23a20f439e6dbbbf0c6ab",
-    "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ede57976518d8de0e2b466e1529a8acffe1bc2a9e59f65766362fae0bef88ada",
-    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:404e91fe9b4e8281891e017be366b9a7eb312a2cfd35df45c4e97442f000d897"
+    "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e1fa426d6a06aaeb7a8922e09bceaf92e124dbfd40d018484ea0272c2d3d40ec",
+    "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d4a73641d8d2f9e84ccc5bbe5529c2a45d57378dab0c3bdb5df6ab933231683e",
+    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3808a275427e399c43f7b769542f32e15320c8984dd7b44e372ba4f8b06696db"
   }
 }