I'm trying to disabling CBC ciphers on an Openshift Router (v 3.11) by editing the yaml file, but i can't find out how to setup the ROUTER_CIPHERS (want to set the value to modern) environment variable on the router level.
Any tips on the yaml structure to achieve this? Where sould the env variables be placed?
Some doc that i've already checked:
https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html#ciphers
CodePudding user response:
You can use the oc set env
command so set an environment variable in your Router DeploymentConfig (named "router" in my case):
oc set env dc/router ROUTER_CIPHERS=intermediate
or
oc set env dc/router ROUTER_CIPHERS=modern
The available profiles come from your second link. This will result in the environment variable being added to the spec.container.env
field for the Router container.