Update operand images to Red Hat Konflux released versions

[sayak-redhat]

Replace upstream ghcr.io/spiffe images with registry.redhat.io RHEL9-based images pinned by SHA256 digest, sourced from the release-1.0.0 branch of the release repo.

Summary by CodeRabbit

• Chores
  • Updated operator and controller images to Red Hat registry with SHA256 digest pinning for improved supply-chain security and reproducible deployments.
  • Synchronized declared related images to match the digest-pinned references to ensure consistent runtime image resolution.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 0728339a-8e8d-41f0-b06b-9d0349f658b0

📥 Commits

Reviewing files that changed from the base of the PR and between 5743164 and 7955734.

📒 Files selected for processing (2)

• bundle/manifests/zero-trust-workload-identity-manager.clusterserviceversion.yaml
• config/manager/manager.yaml

🚧 Files skipped from review as they are similar to previous changes (2)

• bundle/manifests/zero-trust-workload-identity-manager.clusterserviceversion.yaml
• config/manager/manager.yaml

---

Walkthrough

Controller manifests and the CSV bundle were updated to replace tag-based container image references with Red Hat registry coordinates pinned to specific SHA256 digests for SPIRE, SPIFFE CSI, OIDC discovery, controller-manager, CSI node-driver-registrar, and the UBI9 init container.

Changes

Container Image Registry Migration

Layer / File(s)	Summary
Manager Deployment Environment config/manager/manager.yaml	Updated seven RELATED_IMAGE_* env vars in the controller-manager Deployment: replaced tag-based GHCR/registry.k8s.io/registry.access.redhat.com references with registry.redhat.io/...@sha256:<digest> coordinates.
CSV Controller Env bundle/manifests/zero-trust-workload-identity-manager.clusterserviceversion.yaml	Mirrored the same RELATED_IMAGE_* environment variable replacements in the CSV's controller-manager container env section to match manager config.
CSV spec.relatedImages bundle/manifests/zero-trust-workload-identity-manager.clusterserviceversion.yaml	Updated spec.relatedImages entries so each related image entry uses the new registry.redhat.io digest-pinned image references for the same set of components.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: updating operand images to Red Hat Konflux released versions, which aligns with the file changes showing image references switched from upstream ghcr.io/spiffe to registry.redhat.io Red Hat-built images.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sayak-redhat
Once this PR has been reviewed and has the lgtm label, please assign iamp1 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sayak-redhat]

/retest

[openshift-ci]

@sayak-redhat: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[iamP1]

Changes looks good. But let's ensure that it's safe to change these values and it doesn't interfere during release build

[sayak-redhat]

dnd