-
Bug
-
Resolution: Done-Errata
-
None
-
Quality / Stability / Reliability
-
1
-
False
-
-
False
-
CLOSED
-
CNV Infra 230
-
Moderate
-
None
Description of problem:
SSP logging at the moment show
{"level":"info","ts":1664398497.9982593,"logger":"setup","msg":"Got Ciphers and tlsProfile:","ciphers: ":["DHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES128-GCM-SHA256"],"tlsProfile: ":"VersionTLS12"}It doesn't show from which source the ciphers are being enforced. In this case, i got the ciphers from APIServer and not from HCO as HCO doesn't have tlsSecurityProfile set. It will be good to know the source of getting ciphers and other details like TLS session based information.
Example :
[cnv-qe-jenkins@c01-gkcrypt26-xr7zz-executor ~]$ oc get apiserver cluster -ojsonpath=
{"custom":{"ciphers":["DHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES128-GCM-SHA256"],"minTLSVersion":"VersionTLS12
[cnv-qe-jenkins@c01-gkcrypt26-xr7zz-executor ~]$ oc get hco kubevirt-hyperconverged -ojsonpath={.spec.tlsSecurityProfile}
[cnv-qe-jenkins@c01-gkcrypt26-xr7zz-executor ~]$ oc get ssp ssp-kubevirt-hyperconverged -ojsonpath=
{.spec.tlsSecurityProfile}{"custom":
{"ciphers":["DHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES128-GCM-SHA256"],"minTLSVersion":"VersionTLS12"},"type":"Custom"}
Version-Release number of selected component (if applicable):
4.12
How reproducible:
always
Steps to Reproduce:
1.
2.
3.
Actual results:
Logging Improvement needed
Expected results:
Logging Improvement to help users to get useful information at one place and easily accessible using must-gather
Additional info:
- external trackers
