-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
4.11.0
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
When we try to set TLS security profile to old and intermediate for api-server as per below mentioned document we are able to see TLS ciphers is it expected? is it also expected?
Version-Release number of selected component (if applicable):
How reproducible:
We can apply TLS security profile using below mentioned document to mentioned profiles i.e. intermediate and old. https://docs.openshift.com/container-platform/4.11/security/tls-security-profiles.html#tls-profiles-kubernetes-configuring_tls-security-profiles
Steps to Reproduce:
1. 2. 3.
Actual results:
result for old profile:
# oc describe apiserver cluster
Name: cluster
Namespace:
Labels: <none>
Annotations: include.release.openshift.io/ibm-cloud-managed: true
include.release.openshift.io/self-managed-high-availability: true
include.release.openshift.io/single-node-developer: true
oauth-apiserver.openshift.io/secure-token-storage: true
release.openshift.io/create-only: true
API Version: config.openshift.io/v1
Kind: APIServer
Metadata:
Creation Timestamp: 2022-09-06T10:53:42Z
Generation: 5
Managed Fields:
API Version: config.openshift.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:include.release.openshift.io/ibm-cloud-managed:
f:include.release.openshift.io/self-managed-high-availability:
f:include.release.openshift.io/single-node-developer:
f:oauth-apiserver.openshift.io/secure-token-storage:
f:release.openshift.io/create-only:
f:ownerReferences:
.:
k:{"uid":"8fbc6782-689d-49b9-a7e8-4a2f9c6f60bd"}:
f:spec:
.:
f:audit:
.:
f:profile:
Manager: cluster-version-operator
Operation: Update
Time: 2022-09-06T10:53:42Z
API Version: config.openshift.io/v1
Fields Type: FieldsV1
fieldsV1:
f:spec:
f:tlsSecurityProfile:
.:
f:old:
f:type:
Manager: kubectl-edit
Operation: Update
Time: 2022-09-08T13:08:36Z
Owner References:
API Version: config.openshift.io/v1
Kind: ClusterVersion
Name: version
UID: 8fbc6782-689d-49b9-a7e8-4a2f9c6f60bd
Resource Version: 994448
UID: 116f22f6-eb90-4134-b1da-96c4077bc22f
Spec:
Audit:
Profile: Default
Tls Security Profile:
Old:
Type: Old
Events: <none>
Result for intermediate:
# oc describe apiserver cluster
Name: cluster
Namespace:
Labels: <none>
Annotations: include.release.openshift.io/ibm-cloud-managed: true
include.release.openshift.io/self-managed-high-availability: true
include.release.openshift.io/single-node-developer: true
oauth-apiserver.openshift.io/secure-token-storage: true
release.openshift.io/create-only: true
API Version: config.openshift.io/v1
Kind: APIServer
Metadata:
Creation Timestamp: 2022-09-06T10:53:42Z
Generation: 6
Managed Fields:
API Version: config.openshift.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:include.release.openshift.io/ibm-cloud-managed:
f:include.release.openshift.io/self-managed-high-availability:
f:include.release.openshift.io/single-node-developer:
f:oauth-apiserver.openshift.io/secure-token-storage:
f:release.openshift.io/create-only:
f:ownerReferences:
.:
k:{"uid":"8fbc6782-689d-49b9-a7e8-4a2f9c6f60bd"}:
f:spec:
.:
f:audit:
.:
f:profile:
Manager: cluster-version-operator
Operation: Update
Time: 2022-09-06T10:53:42Z
API Version: config.openshift.io/v1
Fields Type: FieldsV1
fieldsV1:
f:spec:
f:tlsSecurityProfile:
.:
f:intermediate:
f:type:
Manager: kubectl-edit
Operation: Update
Time: 2022-09-08T13:46:39Z
Owner References:
API Version: config.openshift.io/v1
Kind: ClusterVersion
Name: version
UID: 8fbc6782-689d-49b9-a7e8-4a2f9c6f60bd
Resource Version: 1009352
UID: 116f22f6-eb90-4134-b1da-96c4077bc22f
Spec:
Audit:
Profile: Default
Tls Security Profile:
Intermediate:
Type: Intermediate
Events: <none>
Expected results:
We should get TLS ciphers for both profiles as we are getting for other component like etcd.
Additional info:
