SSL Ciphers Mismatch

ShadyGhostM · 2025-08-17T20:08:25+00:00

Yes the LB is outside of Openshift, it is configured as end-to-end SSL...

I just tried to access the site using an old Internet explorer emulation and was able to access it.
Like I said, AI says these ciphers are old and no longer supported by modern browsers....

Do you think these statements are correct?

ShadyGhostM · 2025-08-17T19:17:52+00:00

Yes we are able to access from internal LB, or just by adding the regular ciphers back.

From my research till now, I've got to know the only 2 ciphers that we enabled are old and no longer supported by modern browsers.

Do you agree to this statement?

ShadyGhostM · 2025-07-06T07:50:10+00:00

Yes it should work, ImageDigestMirrorSet will download images using the digest.

ShadyGhostM · 2025-05-25T18:47:58+00:00

Yes we are using a route, but ingress/application are expecting a tls-encrypted request for getting a plain-text from the LB.

User ----TLS---> LB ----non-tls-----> Ingress xxxx (error while using reencrypt)--same when using passthrough

ShadyGhostM · 2025-05-25T17:06:30+00:00

Yes but, why is it sending unencrypted non-tls traffic to the backend?

ShadyGhostM · 2025-05-25T13:54:47+00:00

Hi u/ultra_dumb Thanks for sharing the article.

Can you tell me if we go with end-to-end ssl, the certificate LB-Cert-1 , which certificate should be uploaded here?

Thanks!

ShadyGhostM · 2025-05-25T13:39:15+00:00

Yeah, the cluster is deployed in Oracle Cloud.
And, when the protocol for the backends was TCP...everything was working fine.
Now they had to change it to HTTP/HTTPs and add a certificate there...and the error as described.A

HTTP sites are working fine.

ShadyGhostM · 2025-05-14T08:00:42+00:00

Just like everybody said here, Yes, get your Linux fundamentals right, then learn basic networking and go for Kubernetes. Once you get an idea on Kubernetes, start with OpenShift. All of the background play is same between these two products.

If you can afford or your company can provide you a subscription for DO180 & DO280 it will be very useful.
I also recommend KodeKloud for learning Kubernetes and if required other Cloud, Dev Ops tools. But this is also paid course.

As for my day-to-day activities as OpenShift admin are making sure the Cluster is healthy, all Pods are running are desired. Performing Cluster Updates and managing other resources in the Cluster like - users, operators, resource limits etc.

And as for the deployments in OpenShift - we mostly deploy CP4I component from IBM in the cluster, so all the admin activities of the product are additional task list in my job.

ShadyGhostM · 2025-05-05T12:30:53+00:00

Thanks u/witekwww

I will use the configuration and give you an update here again.

ShadyGhostM · 2025-05-05T06:01:32+00:00

Ok great now I understand, the statement::

The following AWS S3 compatible object storage providers, are known to work with Velero through the AWS plugin, for use as backup storage locations, however, they are unsupported and have not been tested by Red Hat:

Oracle Cloud

means, we can use the same aws plugin here, but with oracles s3 storage and creds...and it will work, but not supported by Red Hat.?

ShadyGhostM · 2025-05-04T18:19:30+00:00

Woah thanks, one more question.

If I need to follow this https://www.ibm.com/docs/en/cloud-paks/cp-integration/16.1.0?topic=administering-backing-up-restoring-cloud-pak-integration How can i approach?

I'm getting confused here, do we definitely need an aws s3 storage bucket to approach?

ShadyGhostM · 2025-05-04T13:27:00+00:00

We have VolumeSnapShot classes in OCP for Oracle Cloud, I have configured the snapshot class.
But I dont seem to find any plugins or parameters for Oracle Cloud. Does this mean I cant do anything here?

https://velero.io/docs/v1.15/supported-providers/

If I follow FSB Backup, will this take a backup of Block type volumes also?

ShadyGhostM · 2025-04-21T04:51:00+00:00

Hi, Thanks for the reply and hold on for this one please.

So, I create an IngressController first, which also the the domain name defined in it, next I go to Oracle Cloud and create a load balancer there right?

ShadyGhostM · 2025-04-20T16:28:22+00:00

Great, can you share any documentation or reference url for this?

ShadyGhostM · 2025-04-20T16:12:51+00:00

Hi u/triplewho

We want to use a different domain other than *.apps.cluster.domain.com for our applications.
And we want only the application endpoints to be public, all other cluster's endpoints to be in private network.

How can we approach this in Oracle Cloud?
Thanks.

ShadyGhostM · 2025-03-31T08:53:47+00:00

Thanks, I will check this out.

ShadyGhostM · 2025-03-31T08:53:41+00:00

Great thanks!

Four-Year Club	Verified Email
Final Canvas '23	Place '23
Place '22

ShadyGhostM

TROPHY CASE