Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-31013

Automatic HTTPS Redirection for Central Route

XMLWordPrintable

    • Product / Portfolio Work
    • XS
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • 100% To Do, 0% In Progress, 0% Done
    • Yes

      Goal Summary
      Enable automatic HTTP to HTTPS redirection for the Red Hat Advanced Cluster Security (RHACS) Central route. This enhancement ensures that users who access the Central URL over HTTP are seamlessly redirected to HTTPS, improving security, user experience, and consistency with OpenShift platform standards.

      Goals and Expected User Outcomes

      • Primary Persona: Cluster Administrators and Security Operators
      • Users accessing the RHACS Central URL via http:// will be automatically redirected to https://
      • Aligns RHACS route behavior with OpenShift Console and OAuth routes for a consistent platform experience
      • Simplifies deployment by removing the need for administrators to manually edit the route after installation

      Acceptance Criteria

      • RHACS Central route is created with insecureEdgeTerminationPolicy: Redirect set by default
      • Redirection works reliably across all supported route termination types (passthrough, re-encrypt, edge)
      • No regression in Central route availability, upgrade scenarios, or operator reconciliation logic
      • Non-functional requirements:
        • Security: Enforces HTTPS-only access by default
        • Reliability: Central remains accessible post-upgrade with consistent redirection
        • Performance: No measurable latency introduced by redirection
        • Maintainability: Clearly documented and applied consistently by the operator
        • Scalability: Behavior is consistent across multi-cluster and high-scale deployments
        • Usability: Administrators can verify via oc get route that redirection is enabled

      Success Criteria or KPIs Measured

      • Adoption metric: % of RHACS clusters with redirection enabled (default on)
      • User experience metric: Reduction in support tickets related to HTTP access failures or confusion
      • Security metric: Elimination of insecure HTTP access paths to Central
      • Operational metric: Time saved by admins due to removal of post-install manual route configuration

      Use Cases (Optional)

      1. Default behavior: A user types http://central-stackrox.apps.ocp.example.com and is automatically redirected to https://central-stackrox.apps.ocp.example.com
      1. Consistency check: A cluster admin sees consistent behavior across OpenShift Console, OAuth, and RHACS Central routes, reducing onboarding confusion

      Out of Scope (Optional)

      • Changing termination type defaults (remains passthrough or re-encrypt)
      • Retrofitting automatic HTTPS redirection to other RHACS routes (e.g., Scanner, Collector)
      • Advanced HTTP routing features (e.g., custom redirect rules, path-based redirection)

              atelang@redhat.com Anjali Telang
              rhn-support-dpateriy Divyam Pateriya
              Anjali Telang Anjali Telang
              ACS Install
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: