-
Feature
-
Resolution: Unresolved
-
Major
-
None
-
None
-
Strategic Product Work
-
False
-
-
False
-
OCPSTRAT-1131MicroShift Enhancements 2024 for Industrial, Retail and Public Sector edge customers
-
67% To Do, 0% In Progress, 33% Done
-
0
Feature Overview (aka. Goal Summary)
Allows customers to configure TLS and Cypher used by MicroShift
Goals (aka. expected user outcomes)
- Customers (esp. in the public sector) can configure which TLS version and which TLS Ciphers are offered/used by TLS endpoints of MicroShift.
Requirements (aka. Acceptance Criteria):
- For all MicroShift endpoints that use TLS (API, Router, Kubelet, etcd, ????), provide a way to pass allowed tls cipher suit configuration, e.g.
{{ }}
apiServer: tlsCipherSuites: - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Out of Scope
n/a
Background
none
Customer Considerations
none
Documentation Considerations
- Configuration option needs to be documented in the "configuring" book
- Optionally, as this is relevant to networking, the same parts could be in the "networking" book under "Configuring TLS cipher suites"
Interoperability Considerations
None
- clones
-
OCPSTRAT-1068 Enable workload partitioning for MicroShift
- Closed
- is related to
-
OCPSTRAT-1413 MicroShift support for Ingress Controller customization
- In Progress