-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.21
Description of problem:
The oauth-apiserver operand deployed by CPO isn't started with the the TLS cipher suites configured in the apiserver resource, unlike the operand deployed by the authentication-operator:
containers:
- args:
exec oauth-apiserver start \
(...)
--tls-cipher-suites=TLS_AES_128_GCM_SHA256 \
--tls-cipher-suites=TLS_AES_256_GCM_SHA384 \
--tls-cipher-suites=TLS_CHACHA20_POLY1305_SHA256 \
--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \
--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \
--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
--tls-cipher-suites=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Version-Release number of selected component (if applicable):
4.21
How reproducible:
Always
Steps to Reproduce:
1.Just create a hosted cluster and check the oauth-apiserver deployment
Actual results:
Expected results:
Additional info: