OSDOCS-14578: adds ingress control options to MicroShift

Author: ShaunaDiaz

modules/microshift-config-yaml-custom.adoc

@@ -5,6 +5,7 @@
 :_mod-docs-content-type: CONCEPT
 [id="microshift-yaml-custom_{context}"]
 = Using custom settings
+
 To create custom configurations, make a copy of the `config.yaml.default` file that is provided in the `/etc/microshift/` directory, renaming it `config.yaml`. Keep this file in the `/etc/microshift/` directory, and then you can change supported settings that are expected to override the defaults before starting or restarting {microshift-short}.
 
 [IMPORTANT]

modules/microshift-default-settings.adoc

@@ -33,7 +33,15 @@ apiServer:
   subjectAltNames: []
   tls:
     cipherSuites:
-            - ""
+    - TLS_AES_128_GCM_SHA256
+    - TLS_AES_256_GCM_SHA384
+    - TLS_CHACHA20_POLY1305_SHA256
+    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
     minVersion: VersionTLS12
 debugging:
   logLevel: "Normal"
@@ -42,6 +50,30 @@ dns:
 etcd:
   memoryLimitMB: 0
 ingress:
+  accessLogging:
+    destination:
+      container:
+        maxLength: 1024
+      syslog:
+        address: ""
+        facility: ""
+        maxLength: 1024
+        port: 0
+      type: ""
+    httpCaptureCookies:
+      - matchType: ""
+        maxLength: 0
+        name: ""
+        namePrefix: ""
+    httpCaptureHeaders:
+      request:
+        - maxLength: 0
+          name: ""
+      response:
+        - maxLength: 0
+          name: ""
+    httpLogFormat: ""
+    status: Disabled
   certificateSecret: router-certs-default
   clientTLS:
     allowedSubjectPatterns:
@@ -54,8 +86,9 @@ ingress:
     mimeTypes:
       - ""
   httpEmptyRequestsPolicy: Respond
-  listenAddress:
-    - ""
+  httpErrorCodePages:
+      name: ""
+  listenAddress: []
   logEmptyRequests: Log
   ports:
     http: 80
@@ -65,14 +98,7 @@ ingress:
     wildcardPolicy: WildcardPolicyAllowed
   status: Managed
   tlsSecurityProfile:
-    type: Custom
-    custom:
-      ciphers:
-        - ECDHE-ECDSA-CHACHA20-POLY1305
-        - ECDHE-RSA-CHACHA20-POLY1305
-        - ECDHE-RSA-AES128-GCM-SHA256
-        - ECDHE-ECDSA-AES128-GCM-SHA256
-      minTLSVersion: VersionTLS12
+    type: Intermediate
   tuningOptions:
       clientFinTimeout: "1s"
       clientTimeout: "30s"

modules/microshift-ingress-controller-config.adoc

@@ -41,6 +41,30 @@ Configuration snippet YAMLs take precedence over both built-in settings and the
 apiServer:
 # ...
 ingress:
+  accessLogging:
+    destination:
+      container:
+        maxLength: 1024
+      syslog:
+        address: ""
+        facility: ""
+        maxLength: 1024
+        port: 0
+      type: ""
+    httpCaptureCookies:
+      - matchType: ""
+        maxLength: 0
+        name: ""
+        namePrefix: ""
+    httpCaptureHeaders:
+      request:
+        - maxLength: 0
+          name: ""
+      response:
+        - maxLength: 0
+          name: ""
+    httpLogFormat: ""
+    status: Disabled
   certificateSecret: router-certs-custom
   clientTLS:
     allowedSubjectPatterns: []
@@ -53,6 +77,8 @@ ingress:
     mimeTypes:
       - ""
   httpEmptyRequestsPolicy: Respond
+  httpErrorCodePages:
+      name: ""
   listenAddress: []
   logEmptyRequests: Log
   ports:
@@ -91,7 +117,79 @@ ingress:
 |Parameter |Description
 
 |`ingress`
-|The `ingress` section of the {microshift-short} `config.yaml` file defines the configurable parameters for the implemented portions of the {OCP} Ingress Control Operator. All parameters in the rest of this table are subsections in the `ingress` section of the `config.yaml`.
+|The `ingress` section of the {microshift-short} `config.yaml` file defines the configurable parameters for the implemented portions of the {OCP} Ingress Control Operator. All of the following parameters in this table are subsections in the `ingress` section of the `config.yaml`.
+
+|`accessLogging`
+|
+
+|`accessLogging.destination`
+|
+
+|`accessLogging.destination.container`
+|
+
+|`accessLogging.destination.container.maxLength`
+|Default value is 1024.
+
+|`accessLogging.destination.syslog`
+|
+
+|`accessLogging.destination.syslog.address`
+|
+
+|`accessLogging.destination.syslog.facility`
+|
+
+|`accessLogging.destination.syslog.maxLength`
+|Default value is 1024.
+
+|`accessLogging.destination.syslog.port`
+|Default value is 0.
+
+|`accessLogging.destination.type`
+|Default value is 0.
+
+|`httpCaptureCookies`
+|
+
+|`httpCaptureCookiesmatchType`
+|
+
+|`httpCaptureCookiesmaxLength`
+|
+
+|`httpCaptureCookiesname`
+|
+
+|`httpCaptureCookiesnamePrefix`
+|
+
+|`httpCaptureHeaders`
+|
+
+|`httpCaptureHeaders.request`
+|
+
+|`httpCaptureHeaders.request.maxLength`
+|
+
+|`httpCaptureHeaders.request.name`
+|
+
+|`httpCaptureHeaders.response`
+|
+
+|`httpCaptureHeaders.responsemaxLength`
+|
+
+|`httpCaptureHeaders.responsename`
+|
+
+|`httpLogFormat`
+|
+
+|`status`
+|Default value is `Disabled`.
 
 |`certificateSecret`
 |A reference to a `kubernetes.io/tls` type of secret that contains the default certificate that is served by the {microshift-short} ingress controller. When routes do not specify their own certificate, the `certificateSecret` parameter is used. All secrets used must contain `tls.key` key file contents and `tls.crt` certificate file contents.