🧹chore: Bump kube-rbac-proxy image version to v0.16.0 (#1457)

slntopp · web-flow · commit 2ff3d6979c9f · 2026-03-31T13:36:05.000+02:00
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -30,13 +30,9 @@ bases:
 #- ../prometheus
 
 patchesStrategicMerge:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
+# Uncomment the following line to protect the /metrics endpoint with kube-rbac-proxy.
 # - manager_auth_proxy_patch.yaml
 
-# Don't protect the /metrics endpoint and just allow
-# Prometheus to directly scrape over http.
 - manager_public_metrics_patch.yaml
 
 # Mount the controller config file for loading manager configurations
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -13,7 +13,7 @@ spec:
     spec:
       containers:
       - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+        image: registry.k8s.io/kubebuilder/kube-rbac-proxy:v0.16.0
         args:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -12,9 +12,7 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-# Comment the following 4 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
+# Uncomment the following 4 lines to enable the kube-rbac-proxy auth proxy.
 #- auth_proxy_service.yaml
 #- auth_proxy_role.yaml
 #- auth_proxy_role_binding.yaml
