Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Epic Link:
Minimum privileges for OVNController pod processes
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Dev Approval:
?
Docs Approval:
?
PM Approval:
?
QE Approval:
?
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

AF_INET ovsdb-server sockets may be exposed to unauthorized clients unless guarded by SSL certificates. To be able to safely switch to AF_INET for ovsdb-server communication for all its clients (configJob, ovn-controller, ovs-vswitchd), we should generate and inject SSL certificates for the server and its clients' containers.

Communication paths to cover:

ovsdb-server to ovn-controller
ovsdb-server to ovs-vswitchd
ovsdb-server to configJob spawn by OVNController controller

relates to

OSPRH-3020 Expose OVNController local ovsdb-server service via AF_INET socket

Assignee:: Unassigned

Reporter:: Ihar Hrachyshka

Team:: rhos-dfg-networking-squad-neutron

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/01/08 8:50 PM

Updated:: 2024/02/09 12:00 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty