Merge pull request #34152 from bergerhoffer/OSDOCS-1854-component-update

bergerhoffer · web-flow · commit 3a588648ced3 · 2021-07-01T10:19:31.000-04:00
OSDOCS-1854: Updating control plane component list
diff --git a/modules/tls-profiles-understanding.adoc b/modules/tls-profiles-understanding.adoc
@@ -2,12 +2,12 @@
 //
 // * security/tls-security-profiles.adoc
 
-[id="tls-profiles-ingress-understanding_{context}"]
+[id="tls-profiles-understanding_{context}"]
 = Understanding TLS security profiles
 
 You can use a TLS (Transport Layer Security) security profile to define which TLS ciphers are required by various {product-title} components. The {product-title} TLS security profiles are based on link:https://wiki.mozilla.org/Security/Server_Side_TLS[Mozilla recommended configurations].
 
-You can specify one of the following TLS security profiles:
+You can specify one of the following TLS security profiles for each component:
 
 .TLS security profiles
 [cols="1,2a",options="header"]
@@ -26,7 +26,7 @@ For the Ingress Controller, the minimum TLS version is converted from 1.0 to 1.1
 ====
 
 |`Intermediate`
-|This profile is the recommended configuration for the majority of clients. It is the  default TLS security profile for the Ingress Controller, kubelet, and Kubernetes control plane. The profile is based on the link:https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29[Intermediate compatibility] recommended configuration.
+|This profile is the recommended configuration for the majority of clients. It is the  default TLS security profile for the Ingress Controller, kubelet, and control plane. The profile is based on the link:https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29[Intermediate compatibility] recommended configuration.
 
 The `Intermediate` profile requires a minimum TLS version of 1.2.
 
@@ -52,7 +52,7 @@ Use caution when using a `Custom` profile, because invalid configurations can ca
 
 [NOTE]
 ====
-When using one of the predefined profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied, resulting in a rollout.
+When using one of the predefined profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 might cause a new profile configuration to be applied, resulting in a rollout.
 ====
 
 // TODO: Make sure all this is captured somewhere as necessary
diff --git a/modules/tls-profiles-view-details.adoc b/modules/tls-profiles-view-details.adoc
@@ -5,7 +5,7 @@
 [id="tls-profiles-view-details_{context}"]
 = Viewing TLS security profile details
 
-You can view the minimum TLS version and ciphers for the predefined TLS security profiles for each of the following components: Ingress Controller, Kubernetes control plane, and kubelet.
+You can view the minimum TLS version and ciphers for the predefined TLS security profiles for each of the following components: Ingress Controller, control plane, and kubelet.
 
 [IMPORTANT]
 ====
@@ -22,7 +22,7 @@ $ oc explain <component>.spec.tlsSecurityProfile.<profile> <1>
 ----
 <1> For `<component>`, specify `ingresscontroller`, `apiserver`, or `kubeletconfig`. For `<profile>`, specify `old`, `intermediate`, or `custom`.
 +
-For example, to check the ciphers included for the `intermediate` profile for the Kubernetes control plane:
+For example, to check the ciphers included for the `intermediate` profile for the control plane:
 +
 [source,terminal]
 ----
diff --git a/security/tls-security-profiles.adoc b/security/tls-security-profiles.adoc
@@ -9,8 +9,13 @@ TLS security profiles provide a way for servers to regulate which ciphers a conn
 
 Cluster administrators can choose which TLS security profile to use for each of the following components:
 
-* the Ingress controller
-* the Kubernetes control plane (Kubernetes API server, Kubernetes controller manager, and Kubernetes scheduler)
+* the Ingress Controller
+* the control plane
++
+This includes the Kubernetes API server, Kubernetes controller manager, Kubernetes scheduler, OpenShift API server, OpenShift OAuth API server, and OpenShift OAuth server.
++
+// NOTE: etcd and OpenShift controller manager are not included
+
 * the kubelet, when it acts as an HTTP server for the Kubernetes API server
 // TODO: add links once the procedures have been added?
 
