From 9a15e7eabfbf21d70494bd192391f4032593e055 Mon Sep 17 00:00:00 2001
From: Jeff Mesnil <jmesnil@redhat.com>
Date: Wed, 26 Nov 2025 10:42:31 +0100
Subject: [PATCH] OCPBUGS-62239: update list of tls cipher suites

This updates the list of tls cipher suites allowed for the kube-rbac-proxy
container of the insight-runtime-extractor resources.

JIRA: https://issues.redhat.com/browse/OCPBUGS-62239

Signed-off-by: Jeff Mesnil <jmesnil@redhat.com>
---
 manifests/10-insights-runtime-extractor.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/10-insights-runtime-extractor.yaml b/manifests/10-insights-runtime-extractor.yaml
index bc6cfd7e0..8b3a23985 100644
--- a/manifests/10-insights-runtime-extractor.yaml
+++ b/manifests/10-insights-runtime-extractor.yaml
@@ -44,6 +44,7 @@ spec:
             - '--config-file=/etc/kube-rbac-proxy/config.yaml'
             - '--tls-cert-file=/etc/tls/private/tls.crt'
             - '--tls-private-key-file=/etc/tls/private/tls.key'
+            - '--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305'
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
             - mountPath: /etc/tls/private