-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PWX-32188: TLS cipher-suite/version annotations #1153
Conversation
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## master #1153 +/- ##
==========================================
- Coverage 76.12% 76.11% -0.02%
==========================================
Files 64 64
Lines 17932 17980 +48
==========================================
+ Hits 13651 13685 +34
- Misses 3322 3328 +6
- Partials 959 967 +8
☔ View full report in Codecov by Sentry. |
} | ||
req = strings.Trim(req, " \t") | ||
|
||
if req == "VersionTLS10" || req == "VersionTLS11" || req == "VersionTLS12" || req == "VersionTLS13" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Is this a case insensitive string? If yes, should we do a case insensitive match too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in 06111b0
* adding annotations to select TLS version and cipher-suites for kube-controller-manager Signed-off-by: Zoran Rajic <zox@portworx.com>
8219b8b
to
06111b0
Compare
Thanks for the review Piyush -- merging this PR, cherry-picking for px-rel-23.7.0 |
* adding annotations to select TLS version and cipher-suites for kube-controller-manager Signed-off-by: Zoran Rajic <zox@portworx.com> Manualy fixed Conflicts: drivers/storage/portworx/util/util.go drivers/storage/portworx/util/util_test.go
* adding annotations to select TLS version and cipher-suites for kube-controller-manager Signed-off-by: Zoran Rajic <zox@portworx.com>
What this PR does / why we need it:
Customers requested to fine-tune the TLS cipher-suites
FIX:
portworx.io/tls-cipher-suites
annotation to select the TLS cipher suitesportworx.io/tls-min-version
annotation to select the minimal TLS versionportworx-pvc-controller-manager
-- but we should extend it to all TLS-enabled services in PX deploymentAlso note:
Which issue(s) this PR fixes (optional)
Closes # PWX-32188
Special notes for your reviewer:
New annotations look like this:
As a result, the parameters are added to the
kube-controller-manager
command:kubectl get pod -Al name=portworx-pvc-controller