Skip to content

[WIP] OSDOCS-13371-2: Ingress security parameters MicroShift #91560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[WIP] OSDOCS-13371-2: Ingress security parameters MicroShift #91560

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions microshift_configuring/microshift-ingress-controller.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ include::modules/microshift-ingress-controller-conc.adoc[leveloffset=+1]

include::modules/microshift-ingress-controller-config.adoc[leveloffset=+1]

include::modules/microshift-ingress-controller-replace-default-certificate.adoc[leveloffset=+2]

include::modules/microshift-ingress-controller-tls-config.adoc[leveloffset=+2]

[id="additional-resources_microshift-ingress-controller_{context}"]
[role="_additional-resources"]
== Additional resources
Expand Down
9 changes: 8 additions & 1 deletion modules/microshift-ingress-controller-conc.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,11 @@ With more configuration options, you can fine-tune ingress to meet your specific
* If your application starts processing requests from clients but the connection is
closed before it can respond, you can set the `ingress.tuningOptions.serverTimeout` parameter in the configuration file to a higher value to accommodate the speed of the response from the server.

* If the router has many connections open because an application running on the cluster does not close connections properly, you can set the `ingress.tuningOptions.serverTimeout` and `spec.tuningOptions.serverFinTimeout` parameters to a lower value, forcing those connections to close sooner.
* If the router has many connections open because an application running on the cluster does not close connections properly, you can set the `ingress.tuningOptions.serverTimeout` and `spec.tuningOptions.serverFinTimeout` parameters to a lower value, forcing those connections to close sooner.

* If you need to configure the ingress controller to verify client certificates, you can use the `ingress.clientTLS` parameter to set a clientCA value, which is a reference to a config map. The config map contains the PEM-encoded CA certificate bundle that is used to verify a client's certificate. Optionally, you can also configure a list of certificate subject filters.

* If you need to configure a TLS security profile for an ingress controller, you can use the `ingress.tlsSecurityProfile` parameter to specify a specified or custom individual TLS security profiles. The TLS security profile defines the minimum TLS version and the TLS ciphers for TLS connections for the ingress controllers.
If a TLS security profile is not configured, the default value is based on the TLS security profile set for the API server.

* If you need to define a policy for handling new route claims, you can use the `routeAdmission` parameter to allow or deny claims across namespaces. You set the `routeAdmission` parameter to describe how hostname claims across namespaces should be handled and to describe how routes with wildcard policies are handled by the ingress controller.
Loading