-
Story
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
None
-
None
-
None
-
None
As a cluster admin I want the image registry to use the APIServer Config CR as the single source of truth for TLS configuration, so that I can ensure the use of modern and secure ciphers.
Note that the defeault TLS security profile is "Intermediate", which uses TLS 1.2, making these changes backward compatible (all registry operator and operand endpoints currently use TLS 1.2).
ACCEPTANCE CRITERIA
- Changes to APIServer TLS profile automatically propagate to cluster-image-registry-operator metrics server (/metrics, in pkg/metrics/server.go)
- Changes to APIServer TLS profile automatically propagate to image-registry apis (/v2 and /metrics)
- E2E tests in openshift CI for the above
TESTING
- Refer to https://github.com/openshift/tls-scanner?tab=readme-ov-file#command-line-options for validation
DOCS
- Needs to be mentioned in the release notes
- Specific documentation for this is not needed, since APIServer Config is what governs this configuration
- duplicates
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- In Progress
-