Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-33336

[Operator] Propagate OpenShift TLS profile to ACS components

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • OpenShift Operator
    • None

      Overview:

      The Operator needs to:

      1. Read the cluster TLS profile from `apiserver.config.openshift.io/v1` on OpenShift clusters. Expand predefined profiles (Old/Intermediate/Modern) using configv1.TLSProfiles. No-op on vanilla Kubernetes.
      2. Inject env vars into all managed Deployments/DaemonSets:
        • ROX_TLS_MIN_VERSION — TLSv1.2 or TLSv1.3
        • ROX_TLS_CIPHER_SUITES — comma-separated IANA names (pass-through from API)
        • ROX_OPENSSL_TLS_CIPHER_SUITES — OpenSSL cipher string format (converted from IANA names), for PostgreSQL/C++/Rust
      3. Apply TLS profile to the Operator's own metrics server (:8443). Since the Operator sets the env vars rather than consuming them, it must apply the parsed values directly to its controller-runtime TLSOpts.

      Note that the API is not yet available, so this ticket is blocked for now.

      Acceptance Criteria:

      A list of specific needs or objectives that this task must deliver in order to be considered complete. Complete during Refinement status.

              rh-ee-vbologa Vlad Bologa
              rh-ee-vbologa Vlad Bologa
              ACS Install
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: