-
Bug
-
Resolution: Unresolved
-
Normal
-
4.14
-
No
-
2
-
Sprint 247, Sprint 248, Sprint 249, Sprint 250, Sprint 251, Sprint 252, Sprint 253, Sprint 254, NE Sprint 255
-
9
-
Rejected
-
False
-
-
Description of problem:
tlsSecurityProfile definitions do not align with documentation. When using `oc explain` the field descriptions note that certain values are unsupported, but the same values are supported in the OpenShift Documentation. This needs to be clarified and the spacing should be fixed in the descriptions as they are hard to understand.
Version-Release number of selected component (if applicable):
4.14.1
How reproducible:
⇒ oc explain ingresscontroller.spec.tlsSecurityProfile.modern
Steps to Reproduce:
1. Check the `oc explain` output
Actual results:
⇒ oc explain ingresscontroller.spec.tlsSecurityProfile.modern KIND: IngressController VERSION: operator.openshift.io/v1DESCRIPTION: modern is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 NOTE: Currently unsupported.
Expected results:
An output that aligns with the documentation regarding support/unsupported TLS versions Additionally, fixing the output format would be useful as it is very hard to understand/read in it's current form.
Here in the 4.14 Documentation, it states:
```
The HAProxy Ingress Controller image supports TLS 1.3 and the Modern profile.
```
Additional info:
The `apiserver` CR should also be checked for the same thing.
