Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CMP-2196: Update instructions for ingresscontroller TLS ciphers #12355

Merged
merged 1 commit into from
Sep 6, 2024
Merged

CMP-2196: Update instructions for ingresscontroller TLS ciphers #12355

merged 1 commit into from
Sep 6, 2024

Conversation

rhmdnd
Copy link
Collaborator

@rhmdnd rhmdnd commented Aug 30, 2024

We can update the instructions so they tell the user what to check for,
instead of copy/pasting in a remediation for TLS ciphers, which may not
be what they want.

@rhmdnd rhmdnd added the OpenShift OpenShift product related. label Aug 30, 2024
@rhmdnd rhmdnd added this to the 0.1.75 milestone Aug 30, 2024
@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@rhmdnd rhmdnd mentioned this pull request Aug 30, 2024
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 30, 2024
edited
Loading

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:12355
This image was built from commit: 2a29bac

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12355

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12355 make deploy-local

@openshift-merge-robot openshift-merge-robot added the needs-rebase Used by openshift-ci bot. label Aug 31, 2024
@xiaojiey
Copy link
Collaborator

xiaojiey commented Sep 2, 2024
edited
Loading

Verification pass with ghcr.io/complianceascode/k8scontent:12355:

 % oc get rule upstream-ocp4-kubelet-configure-tls-cipher-suites-ingresscontroller  -o=jsonpath={.instructions}
Run the following command on the kubelet nodes(s):
oc get ingresscontrollers/default -n openshift-ingress-operator -o=jsonpath='{.status.tlsProfile.ciphers[:]}'
Is it the case that TLS cipher suite configuration is not configured?%                                                                                                                                         

% oc get ingresscontrollers/default -n openshift-ingress-operator -o=jsonpath='{.status.tlsProfile.ciphers[:]}'
ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256

@xiaojiey
Copy link
Collaborator

xiaojiey commented Sep 2, 2024

/lgtm

@yuumasato yuumasato self-assigned this Sep 3, 2024
@rhmdnd
CMP-2196: Update instructions for ingresscontroller TLS ciphers
2a29bac 
We can update the instructions so they tell the user what to check for,
instead of copy/pasting in a remediation for TLS ciphers, which may not
be what they want.
@rhmdnd rhmdnd force-pushed the CMP-2196-follow-up branch from 61a946d to 2a29bac Compare September 5, 2024 18:41
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Used by openshift-ci bot. label Sep 5, 2024
yuumasato
yuumasato approved these changes Sep 5, 2024
View reviewed changes
Copy link
Member

@yuumasato yuumasato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@codeclimate CodeClimate
Copy link

codeclimate bot commented Sep 5, 2024

Code Climate has analyzed commit 2a29bac and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.5% (0.0% change).

View more on Code Climate.

@yuumasato
Copy link
Member

/packit retest-failed

@yuumasato yuumasato merged commit f3e5c10 into ComplianceAsCode:master Sep 6, 2024
100 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xiaojiey xiaojiey xiaojiey left review comments

@yuumasato yuumasato yuumasato approved these changes

@Vincent056 Vincent056 Awaiting requested review from Vincent056

Assignees

@yuumasato yuumasato

Labels
OpenShift OpenShift product related.
Projects
None yet
Milestone
0.1.75
Development

Successfully merging this pull request may close these issues.
4 participants
@rhmdnd @xiaojiey @yuumasato @openshift-merge-robot