Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-9633

[tkn-server]Centrally Managed TLS for tkn-serve

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • Pipelines 1.22.0
    • None
    • Tekton CLI
    • None

      Story (Required)

      To comply with OpenShift’s Post-Quantum Cryptography (PQC) readiness initiative, the httpd server used in the Console Plugin must stop using locally defined TLS settings and instead inherit TLS settings from the centrally managed APIServer TLS Profile.

      Currently, Nginx TLS configuration may include hardcoded TLS versions or cipher suites, creating potential security risks and inconsistency with platform-wide PQC requirements.

      This story requires refactoring the Console Plugin so that:

      1. TLS version and cipher suites for Nginx are dynamically inherited from the APIServer TLS Profile.
      1. TLS 1.3+ is supported to enable PQC-resilient algorithms.
      1. Configuration changes to the APIServer TLS Profile automatically propagate to the Console Plugin without code changes.

      Technical guide and Examples:https://docs.google.com/document/d/1cMc9E8psHfnoK06ntR8kHSWB8d3rMtmldhnmM4nImjs/edit?tab=t.4cxmujrb3zyn#heading=h.kah5ngeaf35x

      Background (Required)

      <Describes the context or background related to this story>

      Out of scope

      <Defines what is not included in this story>

      Approach (Required)

      <Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>

      Dependencies

      <Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

      Acceptance Criteria (Mandatory)

      <Describe edge cases to consider when implementing the story and defining tests>

      <Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>

      INVEST Checklist

      Dependencies identified

      Blockers noted and expected delivery timelines set

      Design is implementable

      Acceptance criteria agreed upon

      Story estimated

      Legend

      Unknown

      Verified

      Unsatisfied

      Done Checklist

      • Code is completed, reviewed, documented and checked in
      • Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
      • Continuous Delivery pipeline(s) is able to proceed with new code included
      • Customer facing documentation, API docs etc. are produced/updated, reviewed and published
      • Acceptance criteria are met

              shverma Shiv Verma
              jkhelil abdeljawed khelil
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: