Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-1070

TLS Cypher configuration for MicroShift

XMLWordPrintable

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-1131MicroShift Enhancements 2024 for Industrial, Retail and Public Sector edge customers
    • 67% To Do, 0% In Progress, 33% Done
    • 0

      Feature Overview (aka. Goal Summary)

      Allows customers to  configure TLS and Cypher used by MicroShift

      Goals (aka. expected user outcomes)

      • Customers (esp. in the public sector) can configure which TLS version and which TLS Ciphers are offered/used by TLS endpoints of MicroShift. 

      Requirements (aka. Acceptance Criteria):

      1. For all MicroShift endpoints that use TLS (API, Router, Kubelet, etcd, ????), provide a way to pass allowed tls cipher suit configuration, e.g.

      {{ }}

      apiServer:
         tlsCipherSuites:
            - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
            - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      

       

      Out of Scope

      n/a

      Background

      none

      Customer Considerations

      none

      Documentation Considerations

      • Configuration option needs to be documented in the "configuring" book
      • Optionally, as this is relevant to networking, the same parts could be in the "networking" book under "Configuring TLS cipher suites"

      Interoperability Considerations

      None

       

            dfroehli42rh Daniel Fröhlich
            dfroehli42rh Daniel Fröhlich
            John George John George
            Shauna Diaz Shauna Diaz
            Jeremy Peterson Jeremy Peterson
            Daniel Fröhlich Daniel Fröhlich
            Jon Thomas Jon Thomas
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: