Feature Overview (aka. Goal Summary)

Although MicroShift Ingress Controller default values covers a good amount of use cases, there are some corner cases that we may need to enforce TLS v1.3, change buffer sizes (ROUTER_BUF_SIZE, ROUTER_MAX_REWRITE_SIZE) or fine tune the amount of threads (ROUTER_THREADS).

Goals (aka. expected user outcomes)

• Expose configuration options for better control on ingress controller (see requirements)
• This is Part 2 of the feature, as not all requirements could be implemented in Part (https://issues.redhat.com/browse/OCPSTRAT-1413)

Requirements (aka. Acceptance Criteria):

provide same control over Ingress Controller configuration paremeters as OpenShift does. This is part two, covering the group of parameters

1. ingress errors & Logging customization
   1. httpErrorCodePages
   2. httpCaptureCookies
   3. httpCaptureHeaders
   4. IngressControllerLogging
2. Security
   1. defaultCertificate
   2. tlsSecurityProfile (see also linked feature for tls cipher config)
   3. clientTLS
   4. routeAdmission (see linked feature on router namespace ownership)

Out of Scope

n/a

Background

1. https://issues.redhat.com/browse/OCPSTRAT-1413
2. https://issues.redhat.com/browse/USHIFT-639
3. https://issues.redhat.com/browse/USHIFT-1806 
4. https://docs.google.com/document/d/1sXjyK-DTE6UzTDJ9ldQze8FIU5Q4Alnk3AQaESODsVQ/edit?usp=sharing
5. https://issues.redhat.com/browse/OCPBUGS-25391 

n/a

Customer Considerations

Requested by multiple EAP customers

Documentation Considerations

• Same as with Part 1 in V.18 (OCPSTRAT-1413)

Interoperability Considerations

None