Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-1070

TLS Cypher configuration for MicroShift

XMLWordPrintable

    • Strategic Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-1131MicroShift Enhancements 2024 for Industrial, Retail and Public Sector edge customers
    • 33% To Do, 33% In Progress, 33% Done
    • S
    • 0

      Feature Overview (aka. Goal Summary)

      Allows customers to  configure TLS and Cypher used by MicroShift

      Goals (aka. expected user outcomes)

      • Customers (esp. in the public sector) can configure which TLS version and which TLS Ciphers are offered/used by TLS endpoints of MicroShift. 

      Requirements (aka. Acceptance Criteria):

      1. For all MicroShift endpoints that use TLS (API, Router, Kubelet, etcd, ????), provide a way to pass allowed tls cipher suit configuration, e.g.

      {{ }}

      apiServer:
         tlsCipherSuites:
            - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
            - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      

       

      Out of Scope

      n/a

      Background

      none

      Customer Considerations

      none

      Documentation Considerations

      • Configuration option needs to be documented in the "configuring" book
      • Optionally, as this is relevant to networking, the same parts could be in the "networking" book under "Configuring TLS cipher suites"

      Interoperability Considerations

      None

       

              dfroehli42rh Daniel Fröhlich
              dfroehli42rh Daniel Fröhlich
              John George John George
              Shauna Diaz Shauna Diaz
              Jeremy Peterson Jeremy Peterson
              Pablo Acevedo Montserrat Pablo Acevedo Montserrat
              Daniel Fröhlich Daniel Fröhlich
              Jon Thomas Jon Thomas
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: