Ensure the openshift-oauth-apiserver service uses TLS
An XCCDF Rule
Description
By default, the OpenShift API Server uses TLS. HTTPS should be used for connections between openshift-apiserver and kube-apiserver. By default, the OpenShift OAuth API Server uses Intermediate profile which requires a minimum TLS version of 1.2.
warning alert: Warning
This rule's check operates on the cluster configuration dump.
Therefore, you need to use a tool that can query the OCP API, retrieve the
/apis/config.openshift.io/v1/apiservers/cluster
API endpoint to the local /apis/config.openshift.io/v1/apiservers/cluster
file. Rationale
Connections between the kube-apiserver and the extension openshift-apiserver could potentially carry sensitive data such as secrets and keys. It is important to use in-transit encryption for any communication between the kube-apiserver and the extension openshift-apiserver.
- ID
- xccdf_org.ssgproject.content_rule_api_server_openshift_https_serving_cert
- Severity
- Medium
- References
- Updated