Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-2467

Configure lokistack-gateway to honor the global tlsSecurityProfile

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Undefined Undefined
    • Logging 5.6.0
    • None
    • Log Storage, Loki
    • None
    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Log Storage - Sprint 223, Log Storage - Sprint 224, Log Storage - Sprint 225

      The lokistack-gateway deployment should ensure to use the minimum TLS version and TLS cipher suites provided by the operator via command-line flags for:

      • observatorium-api container
      • opa-openshift container

      Acceptance criteria

      • The lokistack-gateway api container is configured via command line arguments to accept: 
        -tls.min-version
-tls.cipher-suites
      • The opa-openshift  container is configured via command line arguments to accept: 
        -tls.min-version
-tls.cipher-suites

      Developer Notes

      • The observatorium-api already supports the above parameters. Thus we need to ensure only that the operator passes them down.
      • The opa-openshift does not expose the above parameters. Thus we need to add support for them.
      • We need for both address that these parameters are used for both TLS listeners (server, internal).

              rh-ee-mbouqsim Mohamed-Amine Bouqsimi (Inactive)
              ptsiraki@redhat.com Periklis Tsirakidis
              Ishwar Kanse Ishwar Kanse
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: