summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2019-03-15 15:49:01 +0000
committerGerrit Code Review <review@openstack.org>2019-03-15 15:49:01 +0000
commitbdd8bf0d9da4ff3a78f533638b9683488be79df6 (patch)
tree9e2ae43f297963e641a98282dd015e335b0b454f
parent1fbe3e9e4420dc9cce82b8dbea1b817cce82fee5 (diff)
parent95a1a9f431e19852e36bdb9ec5de268cd59f209c (diff)
Merge "Disable weak tls ciphers for kube-apiserver"
-rw-r--r--global/software/charts/kubernetes/core/apiserver.yaml5
1 files changed, 5 insertions, 0 deletions
diff --git a/global/software/charts/kubernetes/core/apiserver.yaml b/global/software/charts/kubernetes/core/apiserver.yaml
index e64ed9b..b74b207 100644
--- a/global/software/charts/kubernetes/core/apiserver.yaml
+++ b/global/software/charts/kubernetes/core/apiserver.yaml
@@ -123,6 +123,11 @@ data:
123 apiserver: 123 apiserver:
124 etcd: 124 etcd:
125 endpoints: https://127.0.0.1:2378 125 endpoints: https://127.0.0.1:2378
126 tls:
127 tls-cipher-suites: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
128 # https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
129 # Possible values: VersionTLS10, VersionTLS11, VersionTLS12
130 tls-min-version: 'VersionTLS12'
126 command_prefix: 131 command_prefix:
127 - /apiserver 132 - /apiserver
128 - --service-cluster-ip-range=SERVICE_CIDR 133 - --service-cluster-ip-range=SERVICE_CIDR