STIG ID: CNTR-OS-000820 | SRG: SRG-APP-000439-CTR-001080 | Severity: medium | CCI: | Vulnerability Id: V-257567
OpenShift provides for two types of application level ingress types, Routes, and Ingresses. Routes have been a part of OpenShift since version 3. Ingresses were promoted out of beta in Aug 2020 (kubernetes v1.19). Routes provides for three type of TLS configuration options; Edge, Passthrough, and Re-encrypt. Each of those options provide TLS encryption over HTTP for inbound transmissions originating outside the cluster. Ingresses will have an IngressController associated that manages the routing and proxying of inbound transmissions.
Delete any Route or Ingress that does not use a secure transport.
oc delete route
or
oc delete ingress
Verify that routes and ingress are using secured transmission ports and protocols by executing the following:
oc get routes --all-namespaces
Review the ingress ports, if the Ingress is not using a secure TLS transport, this is a finding.