Andrew Azores

- Leaving `kube-rbac-proxy` as v0.5.0 but setting its container to override `runAsNonRoot: false` like so: ``` --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -11,6 +11,8 @@ spec: containers: - name: kube-rbac-proxy image:...

- Updating `kube-rbac-proxy` to v0.8.0 and setting `runAsNonRoot:true` and `runAsUser: 65532` as suggested in some related bug reports on other repos, like so: ``` --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -10,7...

All of the failure classes have to do specifically with the `kube-rbac-proxy` container and not the `manager` container, so I have left out any previously tested scenarios where I changed...

https://github.com/operator-framework/operator-sdk/issues/4684 Looks the same or closely related.

I think it could be valuable for troubleshooting purposes to be able to force oauth2_proxy use on OpenShift, which seems like it could be done with a similar or the...

Needs to be revisited for 3.0 with the new authproxy architecture.

Does this still apply now that we deploy the openshift-oauth-proxy instead?

Depends on https://github.com/cryostatio/cryostat3/issues/238

Looks like this was already completed. In 3.0 it will be implemented slightly differently via oauth2_proxy/openshift-oauth-proxy, but the CR API will be the same or very similar for the user...

No real updates at this point. I think we would need to tackle these two issues first before we can do anything meaningful here: - https://github.com/cryostatio/cryostat-grafana-dashboard/issues/25 - https://github.com/cryostatio/cryostat-grafana-dashboard/issues/60