Details
-
Feature
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
False
-
-
False
-
Not Selected
-
0
-
0%
-
0
Description
Feature Overview (aka. Goal Summary)
Customer's have network security requirements to be able to secure the IngressController tlsSecurityProfile to a more modern list of ciphers. Customer's also have network security requirements driving them to reduce the allowedSourceRanges for the default IngressController.
Requirements (aka. Acceptance Criteria):
- Customer's can set/edit/remove, day 2, the tlsSecurityProfile on the default IngressController
Background
- tlsSecurityProfile was a missed acceptance criteria from XCMSTRAT-120 (and ADR-0083)
- allowedSourceRanges is a new option from OCP (as of 4.13) that enabled controlling this from the IngressController, rather than patching the Service object
Attachments
Issue Links
- split from
-
XCMSTRAT-354 ROSA Classic: Support allowedSourceRanges for `default` IngressController
- New