Fix 'ocp4-moderate-routes-protected-by-tls' Compliance failure #2040
Conversation
According to: https://github.com/ComplianceAsCode/content/blob/master/applications/openshift/networking/routes_protected_by_tls/rule.yml All Routes on the cluster should have either 'None' or 'Redirect' setting under their .spec.tls.insecureEdgeTerminationPolicy We chose 'Redirect', to be aligned with all other default routes on an OCP cluster, and not to fail HTTP requests but redirect them to HTTPS requests. https://bugzilla.redhat.com/show_bug.cgi?id=2110562 Signed-off-by: Oren Cohen <ocohen@redhat.com>
kubevirt-bot
added
release-note
|
Kudos, SonarCloud Quality Gate passed!
|
Pull Request Test Coverage Report for Build 2739364629
💛 - Coveralls |
|
/approve |
|
/cherry-pick release-1.7 |
|
@tiraboschi: once the present PR merges, I will cherry-pick it on top of release-1.7 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tiraboschi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
|
hco-e2e-kv-smoke-gcp lane succeeded. |
|
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-kv-smoke-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
hco-e2e-upgrade-index-azure lane succeeded. |
|
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-upgrade-index-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest |
|
@orenc1: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
hco-e2e-upgrade-prev-index-aws lane succeeded. |
|
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-upgrade-prev-index-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@tiraboschi: new pull request created: #2042 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
According to:
https://github.com/ComplianceAsCode/content/blob/master/applications/openshift/networking/routes_protected_by_tls/rule.yml
The ocp4-moderate profile of the compliance operator expects that all Routes on the cluster should have either
NoneorRedirectsetting under their.spec.tls.insecureEdgeTerminationPolicyWe chose
Redirect, to be aligned with all other default routes on an OCP cluster, and not to fail HTTP requests but redirect them to HTTPS requests.https://bugzilla.redhat.com/show_bug.cgi?id=2110562
Signed-off-by: Oren Cohen ocohen@redhat.com
Reviewer Checklist
Release note: