Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Kubernetes Settings
Kubernetes - Network Configuration and Firewalls
Ensure that all OpenShift Routes prefer TLS
Ensure that all OpenShift Routes prefer TLS
An XCCDF Rule
Details
Profiles
Prose
Ensure that all OpenShift Routes prefer TLS
Medium Severity
OpenShift Container Platform provides methods for communicating from outside the cluster with services running in the cluster. TLS must be used to protect these communications. OpenShift Routes provide the ability to configure the needed TLS settings. With these, one is able to configure that any request coming from the outside must use TLS. To verify this, ensure that every Route in the system has a policy of
Disable
or
Redirect
to ensure a secure endpoint is used. The aforementioned policy will be set in a Routes
.spec.tls.insecureEdgeTerminationPolicy
setting.