Update oauth proxy to v4.10

[lucferbux]

Description

Closes #1400

How Has This Been Tested?

1. Delete the dashboard kfdef from the Open Data Hub Operator if you had it deployed.
2. Run make undeploy if you already have a dashboard version deployed
3. Run make deploy
4. Got to your cluster and in the opendatahub namespace, look for the odh-dashboard deployment.
5. Check in the specification that the oauth proxy is using registry.redhat.io/openshift4/ose-oauth-proxy:v4.10
6. Go to the odh-dashboard pods, and check that the oauth-proxy container log is not raising any issue
7. Try to log in into the dashboard in the cluster

Test Impact

No testing coverage for infra update

Request review criteria:

Self checklist (all need to be checked):

• The developer has manually tested the changes and verified that the changes work
• The commits have meaningful messages (squashes happen on merge by the bot).
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has added tests or explained why testing cannot be added (unit tests & storybook for related changes)

If you have UI changes:

• Included any necessary screenshots or gifs if it was a UI change.
• Included tags to the UX team if it was a UI/UX change.

After the PR is posted & before it merges:

• The developer has tested their solution on a cluster by using the image produced by the PR to main

[lucferbux]

/hold

I'm checking if we need to modify the deployment in case something is deprecated, but so far it's working just fine.

[lucferbux]

/unhold

Ok, according to the docs, none of the parameters we use are deprecated.

[andrewballantyne]

Good first pass. We'll have to swing back and do proper sha references -- covered by #1470.

[andrewballantyne]

/hold

Someone other than the author should test this on the cluster first :)

[shalberd]

I'd use digest notation instead, and a snapshot point in time, i.e. today, July 6 2023, digest value of v4.10. See also opendatahub-io/odh-manifests#869

Source: Manifest link digest from today of v4.10 tag https://catalog.redhat.com/software/containers/openshift4/ose-oauth-proxy/5cdb2133bed8bd5717d5ae64?architecture=amd64&tag=v4.10.0-202306170106.p0.g799d414.assembly.stream&push_date=1688610772000&container-tabs=overview

alternative way with downloading, just to show it is in fact the most current v4.10 digest:

docker pull registry.redhat.io/openshift4/ose-oauth-proxy:v4.10
v4.10: Pulling from openshift4/ose-oauth-proxy
1df162fae087: Already exists 
d20a374ee8f7: Already exists 
e88a8f7a57fc: Pull complete 
dcbbfecd111e: Pull complete 
Digest: sha256:ab112105ac37352a2a4916a39d6736f5db6ab4c29bad4467de8d613e80e9bb33
Status: Downloaded newer image for registry.redhat.io/openshift4/ose-oauth-proxy:v4.10
registry.redhat.io/openshift4/ose-oauth-proxy:v4.10

[lucferbux]

mmmm that's what @andrewballantyne commented above, we are planning to use digest in all our images, but we are going to do the migration all at once, we are going to keep the scope of this PR to just update the version of the oauth-proxy image.

[andrewballantyne]

I wanted to do this in layers, because I want us to take the time to get the right sha -- compare it with everyone, hopefully get a constant or something going.

This PR is to correct a lossy effect of us not paying attention to our "lowest supported OCP version"... Not the final solution. I onboarded last year and wasn't even close to looking at this version change, so this is a "catch up" effort.

I do get your point though, @shalberd -- it is much better to use sha digests everywhere because it is very specific and helps a lot. But I think it's important that we do these two things in two steps because conversations and ideas can slow down this basic upgrade.

I'm suggesting we continue the path with this PR as-is, and I'll log something in odh-manifests to see if we can unify across the board.

[shalberd]

Good idea. Regarding odh.manifests, I've already initiated a unifying PR https://github.com/opendatahub-io/odh-manifests/pull/869/files#diff-100131d24ded424b92afb1f01bc131586ed11798e6d1f2011d1633bafaf7c94d

[andrewballantyne]

I made some comments here: opendatahub-io/odh-manifests#869 to start things rolling that direction.

[shalberd]

I have tested this via manually-modified odh-manifests, working well on an OCP 4.10 cluster

[lucferbux]

@uidoyen @manaswinidas @DaoDaoNoCode @Gkrumbach07 can you guys check this out?

[pnaik1]

/lgtm

odh-dashboard pods is not raising any issue
and the dashboard is working just fine

[uidoyen]

auth-proxy container log looks good.

2023/07/07 17:25:01 provider.go:314: Delegation of authentication and authorization to OpenShift is enabled for bearer tokens and client certificates.
2023/07/07 17:25:01 oauthproxy.go:203: mapping path "/" => upstream "http://localhost:8080/"
2023/07/07 17:25:01 oauthproxy.go:224: compiled skip-auth-regex => "^/metrics"
2023/07/07 17:25:01 oauthproxy.go:230: OAuthProxy configured for Client ID: dashboard-oauth-client
2023/07/07 17:25:01 oauthproxy.go:240: Cookie settings: name:_oauth_proxy secure(https):true httponly:true expiry:23h0m0s domain:<default> samesite: refresh:disabled
2023/07/07 17:25:01 http.go:61: HTTP: listening on 127.0.0.1:4180
2023/07/07 17:25:01 http.go:107: HTTPS: listening on [::]:8443
I0707 17:25:01.082227 1 dynamic_serving_content.go:130] Starting serving::/etc/tls/private/tls.crt::/etc/tls/private/tls.key

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andrewballantyne, uidoyen

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [andrewballantyne]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[andrewballantyne]

/unhold