Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-8745

To be able to configure OAuth Behind a Proxy Server (e.g., WAF) in HCP cluster.

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Hosted Control Planes
    • None
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      1. Proposed title of this feature request
      Configure OAuth Behind a Proxy Server (e.g., WAF) in HCP cluster

      2. What is the nature and description of the request?

      In high-security enterprise environments, all web traffic must be inspected and authenticated by a Web Application Firewall (WAF) or Reverse Proxy before reaching the cluster.

      In standard OpenShift, this is achieved by patching console.operator.openshift.io and ingress.config.openshift.io to set a custom consoleURL and componentRoutes. However, in HCP (HyperShift), users do not have direct access to modify the Console Operator or the Control Plane Ingress configuration in the same manner, as these are managed by the HyperShift Operator in the management cluster. This prevents customers from placing an HCP console behind a WAF with a custom hostname.

      Similar to as possible in normal OpenShift cluster steps mentioned in the below kcs:

      3. Why does the customer need this? (List the business requirements here)

      In high-security enterprise environments, all web traffic must be inspected and authenticated by a Web Application Firewall (WAF) or Reverse Proxy before reaching the cluster.

      4. List any affected packages or components.

              racedoro@redhat.com Ramon Acedo
              rhn-support-vdurgam Vedant Durgam
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                None
                None