Feature Overview (aka. Goal Summary)

Although MicroShift Ingress Controller default values covers a good amount of use cases, there are some corner cases that we may need to enforce TLS v1.3, change buffer sizes (ROUTER_BUF_SIZE, ROUTER_MAX_REWRITE_SIZE) or fine tune the amount of threads (ROUTER_THREADS).

Goals (aka. expected user outcomes)

• Expose configuration options for better control on ingress controller (see requirements)

Requirements (aka. Acceptance Criteria):

1. provide same control over Ingress Controller configuration paremeters as OpenShift does. See https://docs.openshift.com/container-platform/4.15/networking/ingress-operator.html#nw-installation-ingress-config-asset_configuring-ingress for a full list of openshift supported parameters. The following parameters do make sense to be configurable with MicroShift:
   1. defaultCertificate
   2. tlsSecurityProfile (see also linked feature for tls cipher config)
   3. clientTLS
   4. routeAdmission (see linked feature on router namespace ownership)
   5. IngressControllerLogging
   6. httpHeaders
   7. httpCompression
   8. httpErrorCodePages
   9. httpCaptureCookies
   10. httpCaptureHeaders
   11. tuningOptions
   12. logEmptyRequests
   13. HTTPEmptyRequestsPolicy
2. Enable/disable HTTP/2 connectivity (see https://docs.openshift.com/container-platform/4.15/networking/ingress-operator.html#nw-http2-haproxy_configuring-ingress) 

Out of Scope

n/a

Background

1. https://issues.redhat.com/browse/USHIFT-639
2. https://issues.redhat.com/browse/USHIFT-1806 
3. https://docs.google.com/document/d/1sXjyK-DTE6UzTDJ9ldQze8FIU5Q4Alnk3AQaESODsVQ/edit?usp=sharing
4. https://issues.redhat.com/browse/OCPBUGS-25391 

n/a

Customer Considerations

Requested by multiple EAP customers

Documentation Considerations

• Maybe we want a "Configure the router" in the "networking" book

Interoperability Considerations

None