-
Feature Request
-
Resolution: Done
-
Minor
-
None
-
None
-
False
-
False
-
Undefined
-
-
-
-
1. Proposed title of this feature request
Possibility to restrict api.<cluster>:6443/version to authenticated users only
2. What is the nature and description of the request?
During Security audit there is often the complain that api.<cluster>:6443/version can be queried even by unauthenticated users and that is should be protected to restrict access to authentication users only.
Even though it's well understood that obfuscating version information is not increasing security it was requested to have the possibility to configure whether `/version` is made available to unauthenticated users or only to authenticated users.
3. Why does the customer need this? (List the business requirements here)
This is related to OpenShift 4 audits done at customers, where exposing api.<cluster>:6443/version is a constant complain and red flag. Even though most customers are aware that obfuscating these data won't improve security, they are requesting the possibility to-do so as otherwise they may not pass Security audits and thus proceed with the usage of OpenShift 4.
4. List any affected packages or components.
kube-apiserver
- is incorporated by
-
OCPSTRAT-541 Document restricting api.<cluster>:6443/version to authenticated users
- New