Last active
June 24, 2019 19:37
-
-
Save danehans/8e5232f1bf8c7db1cfbd5001319b7a22 to your computer and use it in GitHub Desktop.
oc explain sec api
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oc explain ingresscontrollers.spec.securitySpec.profile | |
| KIND: IngressController | |
| VERSION: operator.openshift.io/v1 | |
| RESOURCE: profile <Object> | |
| DESCRIPTION: | |
| profile defines the schema for a security profile. | |
| FIELDS: | |
| custom <Object> | |
| custom is a user-defined security profile. An example custom profile looks | |
| like this: cipers: >- | |
| ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305: | |
| ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256 securityProtocol: | |
| minimumVersion: TLSv1.1 maximumVersion: TLSv1.2 dhParamSize: 1024 | |
| intermediate <map[string]> | |
| intermediate is a security profile based on: | |
| https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 | |
| and looks like this: cipers: >- | |
| ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256: | |
| ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384: | |
| DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256: | |
| ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA: | |
| ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256: | |
| DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA: | |
| ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384: | |
| AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS | |
| securityProtocol: minimumVersion: TLSv1.0 maximumVersion: TLSv1.2 | |
| dhParamSize: 2048 | |
| modern <map[string]> | |
| modern is a security profile based on: | |
| https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and | |
| looks like this: cipers: >- | |
| ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305: | |
| ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256: | |
| ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 | |
| securityProtocol: minimumVersion: TLSv1.2 maximumVersion: TLSv1.2 | |
| dhParamSize: 2048 | |
| old <map[string]> | |
| old is a security profile based on: | |
| https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility | |
| and looks like this: cipers: >- | |
| ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256: | |
| ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: | |
| DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256: | |
| ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA: | |
| ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA: | |
| ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256: | |
| DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA: | |
| ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384: | |
| AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL: | |
| !eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA: | |
| !KRB5-DES-CBC3-SHA:!SRP securityProtocol: minimumVersion: TLSv1.0 | |
| maximumVersion: TLSv1.2 dhParamSize: 1024 | |
| type <string> -required- | |
| type is one of Old, Intermediate, Modern or Custom. Custom provides the | |
| ability to specify individual security profile parameters. Old, | |
| Intermediate and Modern are security profiles based on: | |
| https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations | |
| If unset, Intermediate is used. | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FIELDS: | |
| custom <Object> | |
| custom is a user-defined security profile. An example custom profile looks | |
| like this: cipers: | |
| ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256 | |
| securityProtocol: minimumVersion: TLSv1.1 maximumVersion: TLSv1.2 | |
| dhParamSize: 1024 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment