diff --git a/cluster/gce/config-default.sh b/cluster/gce/config-default.sh index 6f8a590e567..56877f10417 100755 --- a/cluster/gce/config-default.sh +++ b/cluster/gce/config-default.sh @@ -560,5 +560,6 @@ export ETCD_PROGRESS_NOTIFY_INTERVAL="${ETCD_PROGRESS_NOTIFY_INTERVAL:-10m}" # unzipping the image layers to disk. export WINDOWS_ENABLE_PIGZ="${WINDOWS_ENABLE_PIGZ:-true}" -# TLS_CIPHER_SUITES defines cipher suites allowed to be used by kube-apiserver. If this variable is unset or empty, kube-apiserver is allowed to use any cipher it supports. +# TLS_CIPHER_SUITES defines cipher suites allowed to be used by kube-apiserver. +# If this variable is unset or empty, kube-apiserver will allow its default set of cipher suites. export TLS_CIPHER_SUITES="" diff --git a/cluster/gce/config-test.sh b/cluster/gce/config-test.sh index 538dad29879..86557c905f3 100755 --- a/cluster/gce/config-test.sh +++ b/cluster/gce/config-test.sh @@ -596,5 +596,6 @@ export ETCD_PROGRESS_NOTIFY_INTERVAL="${ETCD_PROGRESS_NOTIFY_INTERVAL:-10m}" # unzipping the image layers to disk. export WINDOWS_ENABLE_PIGZ="${WINDOWS_ENABLE_PIGZ:-true}" -# TLS_CIPHER_SUITES defines cipher suites allowed to be used by kube-apiserver. If this variable is unset or empty, kube-apiserver is allowed to use any cipher it supports. +# TLS_CIPHER_SUITES defines cipher suites allowed to be used by kube-apiserver. +# If this variable is unset or empty, kube-apiserver will allow its default set of cipher suites. export TLS_CIPHER_SUITES=""