.Termination policy added to S3 route
Adding the `insecureEdgeTerminationPolicy` to the `s3-rout.yaml` adds the ability to change it from its default (Allow) to Allow, Disable or Redirect.
Description of problem (please be detailed as possible and provide log
snippets):
- Add termination policy to s3 and ocs-storagecluster-cephobjectstore route
Version of all relevant components (if applicable):
- All
Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
- Cu is getting compliant issues because of "EdgeTerminationPolicy" of these
routes.
Is there any workaround available to the best of your knowledge?
- The route can be patched with the following command but it gets reconciled.
oc patch route s3 -n openshift-storage --type merge -p '{"spec":{"tls":{"insecureEdgeTerminationPolicy":"Redirect","termination":"reencrypt"}}}'
- Thus we need to add this parameter in the Cephobjectstore CR so that it won't
be reconciled.
Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
N/A
Can this issue reproducible?
N/A
Can this issue reproduce from the UI?
N/A
If this is a regression, please provide more details to justify this:
N/A
Steps to Reproduce:
N/A
Actual results:
- The termination policy to s3 and ocs-storagecluster-cephobjectstore route gets reconciled.
Expected results:
- Add termination policy to s3 and ocs-storagecluster-cephobjectstore route without reconcilation.
Additional info:
In the next steps.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2022:6156
Description of problem (please be detailed as possible and provide log snippets): - Add termination policy to s3 and ocs-storagecluster-cephobjectstore route Version of all relevant components (if applicable): - All Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? - Cu is getting compliant issues because of "EdgeTerminationPolicy" of these routes. Is there any workaround available to the best of your knowledge? - The route can be patched with the following command but it gets reconciled. oc patch route s3 -n openshift-storage --type merge -p '{"spec":{"tls":{"insecureEdgeTerminationPolicy":"Redirect","termination":"reencrypt"}}}' - Thus we need to add this parameter in the Cephobjectstore CR so that it won't be reconciled. Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? N/A Can this issue reproducible? N/A Can this issue reproduce from the UI? N/A If this is a regression, please provide more details to justify this: N/A Steps to Reproduce: N/A Actual results: - The termination policy to s3 and ocs-storagecluster-cephobjectstore route gets reconciled. Expected results: - Add termination policy to s3 and ocs-storagecluster-cephobjectstore route without reconcilation. Additional info: In the next steps.