You can enable obfuscation to mask sensitive and identifiable IPv4 addresses and cluster base domains that the Insights Operator sends to console.redhat.com.
|
Although this feature is available, Red Hat recommends keeping obfuscation disabled for a more effective support experience.
|
Obfuscation assigns non-identifying values to cluster IPv4 addresses, and uses a translation table that is retained in memory to change IP addresses to their obfuscated versions throughout the Insights Operator archive before uploading the data to console.redhat.com.
For cluster base domains, obfuscation changes the base domain to a hardcoded substring. For example, cluster-api.openshift.example.com
becomes cluster-api.<CLUSTER_BASE_DOMAIN>
.
The following procedure enables obfuscation using the support
secret in the openshift-config
namespace.
Procedure
-
Navigate to Workloads → secrets.
-
Select the openshift-config project.
-
Search for the support secret using the Search by name field. If it does not exist, click Create → Key/value secret to create it.
-
Click the Options menu , and then click Edit secret.
-
Click Add Key/Value.
-
Create a key named enableGlobalObfuscation
with a value of true
, and click Save.
-
Navigate to Workloads → Pods
-
Select the openshift-insights
project.
-
Find the insights-operator
pod.
-
To restart the insights-operator
pod, click the Options menu , and then click Delete Pod.
Verification
-
Navigate to Workloads → secrets.
-
Select the openshift-insights project.
-
Search for the obfuscation-translation-table secret using the Search by name field.
If the obfuscation-translation-table
secret exists, then obfuscation is enabled and working.
Alternatively, you can inspect /insights-operator/gathers.json
in your Insights Operator archive for the value "is_global_obfuscation_enabled": true
.