Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1621

Possibility to restrict api.<cluster>:6443/version to authenticated users only

XMLWordPrintable

    • False
    • False
    • Undefined

      1. Proposed title of this feature request
      Possibility to restrict api.<cluster>:6443/version to authenticated users only

      2. What is the nature and description of the request?
      During Security audit there is often the complain that api.<cluster>:6443/version can be queried even by unauthenticated users and that is should be protected to restrict access to authentication users only.

      Even though it's well understood that obfuscating version information is not increasing security it was requested to have the possibility to configure whether `/version` is made available to unauthenticated users or only to authenticated users.

      3. Why does the customer need this? (List the business requirements here)
      This is related to OpenShift 4 audits done at customers, where exposing api.<cluster>:6443/version is a constant complain and red flag. Even though most customers are aware that obfuscating these data won't improve security, they are requesting the possibility to-do so as otherwise they may not pass Security audits and thus proceed with the usage of OpenShift 4.

      4. List any affected packages or components.
      kube-apiserver

              wcabanba@redhat.com William Caban
              rhn-support-sreber Simon Reber
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: