Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE]: Restrict the version of TLS to v1.2 for all requests to CSM authorization proxy server #642

Closed
bharathsreekanth opened this issue Jan 31, 2023 · 1 comment
Closed

[FEATURE]: Restrict the version of TLS to v1.2 for all requests to CSM authorization proxy server #642

bharathsreekanth opened this issue Jan 31, 2023 · 1 comment
Assignees
@bharathsreekanth
Labels
area/csm-authorization Issue pertains to the CSM Authorization module type/feature A feature. This label is applied to a feature issues.
Milestone
v1.6.0

Comments

@bharathsreekanth
Copy link
Contributor

bharathsreekanth commented Jan 31, 2023
edited by rodrigobassil
Loading

Restrict the version of TLS to v1.2 for all requests to CSM auth proxy server.

Additionally:

  • Update K3S version, Cert-manager version
  • Configure Traefik to only use the signed or self-signed certificate generated for the proxy server and not to return the default Traefik cert ([https://doc.traefik.io/traefik/https/tls/#default-certificate)]
  • During install of Traefik load balancer service, set NodePorts to static ports so they can be blocked by iptables. If not explicitly set, these are randomized and difficult to block. This could be done as part of a post-install process (k3s kubectl patch svc/traefik ...)
  • Option to set Nodeports for the ingress controller during CSM authorization install/upgrade.
  • Restrict CSM authorization requests to use either signed or self-signed certificate generated for the proxy server.
@bharathsreekanth bharathsreekanth added needs-triage Issue requires triage. type/feature-request New feature request. This is the default label associated with a feature request issue. area/csm-authorization Issue pertains to the CSM Authorization module labels Jan 31, 2023
@bharathsreekanth bharathsreekanth added this to the v1.6.0 milestone Jan 31, 2023
@bharathsreekanth bharathsreekanth self-assigned this Jan 31, 2023
@csmbot
Copy link
Collaborator

csmbot commented Jan 31, 2023

@bharathsreekanth: Thank you for submitting this issue!

The issue is currently awaiting triage. Please make sure you have given us as much context as possible.

If the maintainers determine this is a relevant issue, they will remove the needs-triage label and assign an appropriate priority label.

We want your feedback! If you have any questions or suggestions regarding our contributing process/workflow, please reach out to us at ses.csm.engineering@dell.com.

@bharathsreekanth bharathsreekanth mentioned this issue Jan 31, 2023
Merged
7 tasks
@bharathsreekanth bharathsreekanth removed the needs-triage Issue requires triage. label Jan 31, 2023
@rodrigobassil rodrigobassil mentioned this issue Feb 22, 2023
Merged
5 tasks
@bjiang27 bjiang27 added type/feature A feature. This label is applied to a feature issues. and removed type/feature-request New feature request. This is the default label associated with a feature request issue. labels Feb 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bharathsreekanth bharathsreekanth

Labels
area/csm-authorization Issue pertains to the CSM Authorization module type/feature A feature. This label is applied to a feature issues.
Projects
None yet
Milestone
v1.6.0
Development

No branches or pull requests
4 participants
@sharmilarama @bharathsreekanth @csmbot @bjiang27