Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-1364

Improve validation of TLS Modern Profile for Control-Plane components

XMLWordPrintable

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 67% To Do, 33% In Progress, 0% Done
    • XS
    • 0
    • Program Call

      Feature Overview (aka. Goal Summary)  

      Customers in highly regulated environments are required to adopt strong ciphers. For control-plane components, this means all components must support the modern TLSProfile with TLS 1.3.

      During internal discussions [1] for RFE-4992 and follow-up conversations, it became clear we need a dedicated CI job to track and validate that OpenShift control-plane components are aligned and functional with the TLSProfiles configured on the system.

      [1] https://redhat-internal.slack.com/archives/CB48XQ4KZ/p1713288937307359 

      Goals (aka. expected user outcomes)

      1. The resulting user outcome from this internal CI validation will be the support of TLS 1.3 in the OpenShift control-plane components.

      Requirements (aka. Acceptance Criteria):

      • Create a CI job that would test that the cluster stays fully operational when enabling the Modern TLS profile
      • This requires updates to our docs

       

      Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed.  Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.

      Deployment considerations List applicable specific needs (N/A = not applicable)
      Self-managed, managed, or both both
      Classic (standalone cluster) yes
      Hosted control planes yes
      Multi node, Compact (three node), or Single node (SNO), or all all
      Connected / Restricted Network all
      Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x) all
      Operator compatibility ??
      Backport needed (list applicable versions) n/a
      UI need (e.g. OpenShift Console, dynamic plugin, OCM) n/a
      Other (please specify) unknown

       

              jjung@redhat.com JP Jung
              wcabanba@redhat.com William Caban
              Amy Fredj, Anjali Telang, Gaurav Singh, Kirsten Newcomer, Maria Simon Marcos, Ramon Acedo, William Caban
              Stanislav Láznička Stanislav Láznička (Inactive)
              Xingxing Xia Xingxing Xia
              JP Jung JP Jung
              Votes:
              1 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated: