Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- migrated-from-sdn

Work Type:
Product / Portfolio Work
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
CORENET-5361
[QE] How to address?:
---
Intelligence Requested:
Market:

WSJF:
0

Target Version:

openshift-4.18

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

In CNO we have an approver that signs certs automatically, without checking any identity information. We should modify this to require that the certificate request contains the kubelet certificate (issued separately) to ensure the identity of the client is an openshift node. We should not just hand out certificates to anyone who asks for them.

is cloned by

CORENET-5884 Fix security issues with CNO IPSec certificate signing

To Do

links to

openshift/cluster-network-operator#2560: SDN-5342: Signer username validation

Assignee:: Periyasamy Palanisamy

Reporter:: Tim Rozet

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/10/09 5:19 PM

Updated:: 2025/06/27 11:58 AM

Resolved:: 2025/04/10 12:11 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty