Bug 1957822
| Summary: | Update apiserver tlsSecurityProfile description to include Custom profile | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Andrea Hoffer <ahoffer> |
| Component: | apiserver-auth | Assignee: | Standa Laznicka <slaznick> |
| Status: | CLOSED ERRATA | QA Contact: | liyao |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 4.8 | CC: | aos-bugs, mfojtik, pmali, xxia |
| Target Milestone: | --- | ||
| Target Release: | 4.8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-27 23:06:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Tested in 4.8.0-0.nightly-2021-06-06-164529:
oc explain apiserver.spec output shows only Old and Intermediate profiles, Custom is not added.
tlsSecurityProfile <Object>
tlsSecurityProfile specifies settings for TLS connections for externally
exposed servers. If unset, a default (which may change between releases) is
chosen. Note that only Old and Intermediate profiles are currently
supported, and the maximum available MinTLSVersions is VersionTLS12.
Tested in 4.8.0-0.nightly-2021-06-14-145150
oc explain apiserver.spec output shows Custom Profile is added.
tlsSecurityProfile <Object>
tlsSecurityProfile specifies settings for TLS connections for externally
exposed servers. If unset, a default (which may change between releases) is
chosen. Note that only Old, Intermediate and Custom profiles are currently
supported, and the maximum available MinTLSVersions is VersionTLS12.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |
Description of problem: oc explain apiserver.spec shows this description for the tlsSecurityProfile field: > tlsSecurityProfile <Object> > tlsSecurityProfile specifies settings for TLS connections for externally > exposed servers. If unset, a default (which may change between releases) is > chosen. Note that only Old and Intermediate profiles are currently > supported, and the maximum available MinTLSVersions is VersionTLS12. This mentions that only Old and Intermediate profiles are supported, but Custom should also be added. Should also take a look at the output for "oc explain apiserver.spec.tlsSecurityProfile". This lists the "modern" field and "Modern as an option for "type", which I don't think is a valid option. Version-Release number of selected component (if applicable): Client Version: 4.8.0-202104292348.p0-a765590 Server Version: 4.8.0-0.nightly-2021-04-30-201824 Kubernetes Version: v1.21.0-rc.0+aa1dc1f