Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: 4.18.0
Affects Version/s: 4.17.0
Component/s: kube-apiserver
Labels:
- pre-merge-tested

Severity:
Important
Regression:
None
Epic Link:
Enable TLS v1.3
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.19.0
Target Backport Versions:

4.17.z, 4.16.z, 4.18.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Description of problem:

Modern TLS security profile is one of 4.16 we support, see https://docs.openshift.com/container-platform/4.16/security/tls-security-profiles.html, but actually it dones't work.

Version-Release number of selected component (if applicable):

$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.16.0-0.nightly-2024-08-21-192930   True        False         5h42m   Cluster version is 4.16.0-0.nightly-2024-08-21-192930

How reproducible:

always

Steps to Reproduce:

    1. $ oc patch apiservers/cluster --type=merge -p '{"spec": {"tlsSecurityProfile":{"modern":{},"type":"Modern"}}}'
The APIServer "cluster" is invalid: spec.tlsSecurityProfile.type: Unsupported value: "Modern": supported values: "Old", "Intermediate", "Custom"

Actual results:

    Modern TLS security profile doesn't work

Expected results:

    Modern TLS security profile should work

Additional info:

is related to

API-1854 Enable TLS v1.3

In Progress

OCPSTRAT-1364 Support TLS v1.3: Improve validation of TLS Modern Profile for Control-Plane components

In Progress

links to

openshift/kubernetes#2135: OCPBUGS-37706: allow TLS1.3 or modern profile to be specified

TLS1.3 support

Assignee:: Luis Sanchez

Reporter:: Ke Wang

QA Contact:: Ke Wang

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/07/30 11:18 AM

Updated:: 2024/12/19 8:16 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates