Fix 'ocp4-moderate-routes-protected-by-tls' Compliance failure (#2374)

According to: https://github.com/ComplianceAsCode/content/blob/master/applications/openshift/networking/routes_protected_by_tls/rule.yml The ocp4-moderate profile of the compliance operator expects that all Routes on the cluster should have either None or Redirect setting under their .spec.tls.insecureEdgeTerminationPolicy We chose Redirect, to be aligned with all other default routes on an OCP cluster, and not to fail HTTP requests but redirect them to HTTPS requests. This PR adds the expected field to the cdi-uploadproxy route deployed by CDI. https://bugzilla.redhat.com/show_bug.cgi?id=2110562 Signed-off-by: Oren Cohen <ocohen@redhat.com>
2025-06-03 06:30:22 +00:00 · 2022-07-28 05:19:13 +03:00 · 2022-07-28 05:19:13 +03:00 · 14ad5454d6
commit 14ad5454d6
parent 57fc2639ae
1 changed files with 3 additions and 2 deletions
--- a/pkg/operator/controller/route.go
+++ b/pkg/operator/controller/route.go
@ -89,8 +89,9 @@ func ensureUploadProxyRouteExists(logger logr.Logger, c client.Client, scheme *r
 				Name: uploadProxyServiceName,
 			},
 			TLS: &routev1.TLSConfig{
-				Termination:              routev1.TLSTerminationReencrypt,
-				DestinationCACertificate: string(cert),
+				Termination:                   routev1.TLSTerminationReencrypt,
+				InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect,
+				DestinationCACertificate:      string(cert),
 			},
 		},
 	}