-
Feature
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
BU Product Work
-
False
-
-
False
-
OCPSTRAT-1131MicroShift Enhancements 2024 for Industrial, Retail and Public Sector edge customers
-
50% To Do, 50% In Progress, 0% Done
-
M
-
0
-
-
-
Customers need to configure ingress
-
-
Feature Overview (aka. Goal Summary)
Although MicroShift Ingress Controller default values covers a good amount of use cases, there are some corner cases that we may need to enforce TLS v1.3, change buffer sizes (ROUTER_BUF_SIZE, ROUTER_MAX_REWRITE_SIZE) or fine tune the amount of threads (ROUTER_THREADS).
Goals (aka. expected user outcomes)
- Expose configuration options for better control on ingress controller (see requirements)
Requirements (aka. Acceptance Criteria):
- provide same control over Ingress Controller configuration paremeters as OpenShift does. See https://docs.openshift.com/container-platform/4.15/networking/ingress-operator.html#nw-installation-ingress-config-asset_configuring-ingress for a full list of openshift supported parameters. The following parameters do make sense to be configurable with MicroShift:
- defaultCertificate
- tlsSecurityProfile (see also linked feature for tls cipher config)
- clientTLS
- routeAdmission (see linked feature on router namespace ownership)
- IngressControllerLogging
- httpHeaders
- httpCompression
- httpErrorCodePages
- httpCaptureCookies
- httpCaptureHeaders
- tuningOptions
- logEmptyRequests
- HTTPEmptyRequestsPolicy
- Enable/disable HTTP/2 connectivity (see https://docs.openshift.com/container-platform/4.15/networking/ingress-operator.html#nw-http2-haproxy_configuring-ingress)
Out of Scope
n/a
Background
- https://issues.redhat.com/browse/USHIFT-639
- https://issues.redhat.com/browse/USHIFT-1806
- https://docs.google.com/document/d/1sXjyK-DTE6UzTDJ9ldQze8FIU5Q4Alnk3AQaESODsVQ/edit?usp=sharing
- https://issues.redhat.com/browse/OCPBUGS-25391
n/a
Customer Considerations
Requested by multiple EAP customers
Documentation Considerations
- Maybe we want a "Configure the router" in the "networking" book
Interoperability Considerations
None
- clones
-
OCPSTRAT-1069 Make MicroShift Ingress configurable
- Closed
- is triggered by
-
RFE-5561 MicroShift support for Ingress Controller customization
- Accepted
- relates to
-
OCPSTRAT-1070 TLS Cypher configuration for MicroShift
- New
-
OCPSTRAT-1067 make router namespace ownership check configurable with MicroShift
- Closed
-
OCPSTRAT-1069 Make MicroShift Ingress configurable
- Closed