Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: 4.13.z, 4.12.z, 4.14.z, 4.15
Affects Version/s: 4.13, 4.12, 4.14, 4.15
Component/s: Documentation / Installer
Labels:

Severity:
Important
Regression:
None
Story Points:
1
Release Blocker:
Rejected
Architecture:

Unspecified
Release Note Text:
N/A
Release Note Type:
Release Note Not Required
Customer Impact:

Customer Facing
Internal Whiteboard:
Target Version:

4.13.z, 4.12.z, 4.14.z, 4.15

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:
PX Priority Data:
PX Review Complete:

Document URL:

https://docs.openshift.com/container-platform/4.5/installing/installing_bare_metal/installing-bare-metal.html#network-topology-requirements

https://docs.openshift.com/container-platform/4.5/installing/installing_vsphere/installing-restricted-networks-vsphere.html#network-topology-requirements

https://docs.openshift.com/container-platform/4.5/installing/installing_ibm_z/installing-restricted-networks-ibm-z.html#network-topology-requirements

Section Number and Name:

Network topology requirements

Describe the issue:

Load balancing SSL Bridge/Re-encrypt termination is likely to break mTLS for the OAuth component, unless a mechanism is put in place to validate client certificates.

Suggestions for improvement:

SSL Passthrough requirement for API and Ingress should prevail and SSL Bridge/Re-encrypt should be (likely, temporarily) removed, at least until a more fine-grained list of load balancing requirements (and supported SSL/TLS Terminations) is made available following this [0] parallel Documentation bug.

—
[0] Lack of information on prerequisites for external load balancers - https://bugzilla.redhat.com/show_bug.cgi?id=1809694

relates to

RFE-3651 support for SSL bridging through an additional ingress controller

Accepted

links to

openshift/openshift-docs#71751: OCPBUGS-8817: Proposal to remove SSL Bridge Mode from docs

openshift/openshift-docs#71764: [enterprise-4.12] OCPBUGS-8817: Proposal to remove SSL Bridge Mode from docs

openshift/openshift-docs#71765: [enterprise-4.13] OCPBUGS-8817: Proposal to remove SSL Bridge Mode from docs

openshift/openshift-docs#71766: [enterprise-4.14] OCPBUGS-8817: Proposal to remove SSL Bridge Mode from docs

openshift/openshift-docs#71767: [enterprise-4.15] OCPBUGS-8817: Proposal to remove SSL Bridge Mode from docs

(1 links to)

Assignee:: James Brigman

Reporter:: Robert Sandu

QA Contact:: Melvin Joseph

Doc Contact:: Latha Sreenivasa Murthy

Contributing Groups:: Red Hat Employee

Need Info From:: Marc Curry

Votes:: 0 Vote for this issue

Watchers:: 19 Start watching this issue

Created:: 2020/10/27 12:15 PM

Updated:: 2024/02/16 8:30 PM

Resolved:: 2024/02/16 6:56 PM

Estimated:

Not Specified

Remaining:

0m

Logged:

10w 1d