github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-08 03:33:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #115399 from 3u13r/feat/documentTLS13Exception

Browse Source 
Add note about TLS 1.3 cipher suites
This commit is contained in:
Kubernetes Prow Robot 2023-04-11 15:35:27 -07:00 committed by GitHub
commit 779abe6ebe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/kubelet/app/server.go
View File

@ -1061,6 +1061,12 @@ func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletCo
return nil, err return nil, err
} }
if minTLSVersion == tls.VersionTLS13 {
if len(tlsCipherSuites) != 0 {
klog.InfoS("Warning: TLS 1.3 cipher suites are not configurable, ignoring --tls-cipher-suites")
}
}
tlsOptions := &server.TLSOptions{ tlsOptions := &server.TLSOptions{
Config: &tls.Config{ Config: &tls.Config{
MinVersion: minTLSVersion, MinVersion: minTLSVersion,

2
pkg/generated/openapi/zz_generated.openapi.go generated
View File

@ -58160,7 +58160,7 @@ func schema_k8sio_kubelet_config_v1beta1_KubeletConfiguration(ref common.Referen
}, },
"tlsCipherSuites": { "tlsCipherSuites": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "tlsCipherSuites is the list of allowed cipher suites for the server. Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). Default: nil", Description: "tlsCipherSuites is the list of allowed cipher suites for the server. Note that TLS 1.3 ciphersuites are not configurable. Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). Default: nil",
Type: []string{"array"}, Type: []string{"array"},
Items: &spec.SchemaOrArray{ Items: &spec.SchemaOrArray{
Schema: &spec.Schema{ Schema: &spec.Schema{

1
pkg/kubelet/apis/config/types.go
View File

@ -123,6 +123,7 @@ type KubeletConfiguration struct {
// tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile // tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile
TLSPrivateKeyFile string TLSPrivateKeyFile string
// TLSCipherSuites is the list of allowed cipher suites for the server. // TLSCipherSuites is the list of allowed cipher suites for the server.
// Note that TLS 1.3 ciphersuites are not configurable.
// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
TLSCipherSuites []string TLSCipherSuites []string
// TLSMinVersion is the minimum TLS version supported. // TLSMinVersion is the minimum TLS version supported.

1
staging/src/k8s.io/kubelet/config/v1beta1/types.go
View File

@ -150,6 +150,7 @@ type KubeletConfiguration struct {
// +optional // +optional
TLSPrivateKeyFile string `json:"tlsPrivateKeyFile,omitempty"` TLSPrivateKeyFile string `json:"tlsPrivateKeyFile,omitempty"`
// tlsCipherSuites is the list of allowed cipher suites for the server. // tlsCipherSuites is the list of allowed cipher suites for the server.
// Note that TLS 1.3 ciphersuites are not configurable.
// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
// Default: nil // Default: nil
// +optional // +optional