relyt0925
commented
3 years ago Ensure no leaks of secrets from management control plane into user control plane
Closed relyt0925 closed 3 years ago
relyt0925
commented
3 years ago Ensure no leaks of secrets from management control plane into user control plane
relyt0925
commented
3 years ago done
Currently their appears to be one spot where a "ingress-crt" used on the control plane side for it's ingress controller is also sent into a customer cluster. This provides exposure of the management control plane's ingress certs in every user cluster. Unique certs should be presented to each individual user cluster and in general nothing should be shared between the management cluster ingress and per user cluster ingress: https://github.com/openshift/hypershift/blob/22ebe6637bdf56638efe45e78e18bee6671145ad/control-plane-operator/controllers/hostedcontrolplane/ingress/ingresscontroller.go#L18