From 1cf56c22e660c15cf2406e7d17b5a221ab0885d0 Mon Sep 17 00:00:00 2001
From: Daniel Fajmon <dfajmon@redhat.com>
Date: Tue, 3 Feb 2026 14:34:47 +0100
Subject: [PATCH] Central TLS Profile consistency

add TLS cipher version
enable tls-profiles feature
---
 assets/templates/diskmaker-discovery-daemonset.yaml             | 2 ++
 assets/templates/diskmaker-manager-daemonset.yaml               | 2 ++
 .../stable/local-storage-operator.clusterserviceversion.yaml    | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/assets/templates/diskmaker-discovery-daemonset.yaml b/assets/templates/diskmaker-discovery-daemonset.yaml
index 387c7d61e..c825cb510 100644
--- a/assets/templates/diskmaker-discovery-daemonset.yaml
+++ b/assets/templates/diskmaker-discovery-daemonset.yaml
@@ -62,6 +62,8 @@ spec:
         - --upstream=http://127.0.0.1:8383/
         - --tls-cert-file=/etc/tls/private/tls.crt
         - --tls-private-key-file=/etc/tls/private/tls.key
+        - --tls-cipher-suites=${TLS_CIPHER_SUITES}
+        - --tls-min-version=${TLS_MIN_VERSION}
         image: ${RBAC_PROXY_IMAGE}
         imagePullPolicy: IfNotPresent
         name: kube-rbac-proxy
diff --git a/assets/templates/diskmaker-manager-daemonset.yaml b/assets/templates/diskmaker-manager-daemonset.yaml
index ac5613d1c..6a6f244ee 100644
--- a/assets/templates/diskmaker-manager-daemonset.yaml
+++ b/assets/templates/diskmaker-manager-daemonset.yaml
@@ -65,6 +65,8 @@ spec:
         - --upstream=http://127.0.0.1:8383/
         - --tls-cert-file=/etc/tls/private/tls.crt
         - --tls-private-key-file=/etc/tls/private/tls.key
+        - --tls-cipher-suites=${TLS_CIPHER_SUITES}
+        - --tls-min-version=${TLS_MIN_VERSION}
         image: ${RBAC_PROXY_IMAGE}
         imagePullPolicy: IfNotPresent
         name: kube-rbac-proxy
diff --git a/config/manifests/stable/local-storage-operator.clusterserviceversion.yaml b/config/manifests/stable/local-storage-operator.clusterserviceversion.yaml
index befc21c6c..2b4761c53 100644
--- a/config/manifests/stable/local-storage-operator.clusterserviceversion.yaml
+++ b/config/manifests/stable/local-storage-operator.clusterserviceversion.yaml
@@ -127,7 +127,7 @@ metadata:
     features.operators.openshift.io/disconnected: "true"
     features.operators.openshift.io/fips-compliant: "true"
     features.operators.openshift.io/proxy-aware: "true"
-    features.operators.openshift.io/tls-profiles: "false"
+    features.operators.openshift.io/tls-profiles: "true"
     features.operators.openshift.io/csi: "false"
     features.operators.openshift.io/token-auth-aws: "false"
     features.operators.openshift.io/token-auth-azure: "false"