diff --git a/config/v1/types_tlssecurityprofile.go b/config/v1/types_tlssecurityprofile.go index b18ef647c2f..01b5c6eeb72 100644 --- a/config/v1/types_tlssecurityprofile.go +++ b/config/v1/types_tlssecurityprofile.go @@ -213,6 +213,16 @@ type TLSProfileSpec struct { // // +listType=atomic Ciphers []string `json:"ciphers"` + // curves is used to specify the elliptic curves that are used during + // the TLS handshake. Operators may remove entries their operands do + // not support. For example, to use X25519 and P-256 (yaml): + // + // curves: + // - X25519 + // - P-256 + // +optional + // +listType=atomic + Curves []string `json:"curves,omitempty"` // minTLSVersion is used to specify the minimal version of the TLS protocol // that is negotiated during the TLS handshake. For example, to use TLS // versions 1.1, 1.2 and 1.3 (yaml): diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index f4416bf9b3c..49aa6fa5fc8 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -330,6 +330,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml index 37662cb58d8..4f87422a234 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -261,6 +261,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index bfeefa11f36..2145c85007a 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -330,6 +330,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index a49976e0dfd..7197e59a689 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -330,6 +330,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/config/v1/zz_generated.deepcopy.go b/config/v1/zz_generated.deepcopy.go index 0863934f22a..a67dd035494 100644 --- a/config/v1/zz_generated.deepcopy.go +++ b/config/v1/zz_generated.deepcopy.go @@ -6226,6 +6226,11 @@ func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.Curves != nil { + in, out := &in.Curves, &out.Curves + *out = make([]string, len(*in)) + copy(*out, *in) + } return } diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml index 2fe53f839aa..2c4bea4da46 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml @@ -261,6 +261,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml index a3919b9a489..951ebc1047a 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml @@ -330,6 +330,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index be7d462a507..d144dfaa3f2 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -2975,6 +2975,7 @@ func (OldTLSProfile) SwaggerDoc() map[string]string { var map_TLSProfileSpec = map[string]string{ "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "curves": "curves is used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support. For example, to use X25519 and P-256 (yaml):\n\n curves:\n - X25519\n - P-256", "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", } diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml index b056dc99c17..cf48033e2e1 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml @@ -144,6 +144,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml index 579f6f2c280..0429947b02e 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml @@ -145,6 +145,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 4085b738481..98ea6aa672b 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -11828,6 +11828,26 @@ func schema_openshift_api_config_v1_CustomTLSProfile(ref common.ReferenceCallbac }, }, }, + "curves": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "curves is used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support. For example, to use X25519 and P-256 (yaml):\n\n curves:\n - X25519\n - P-256", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, "minTLSVersion": { SchemaProps: spec.SchemaProps{ Description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", @@ -20288,6 +20308,26 @@ func schema_openshift_api_config_v1_TLSProfileSpec(ref common.ReferenceCallback) }, }, }, + "curves": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "curves is used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support. For example, to use X25519 and P-256 (yaml):\n\n curves:\n - X25519\n - P-256", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, "minTLSVersion": { SchemaProps: spec.SchemaProps{ Description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", diff --git a/openapi/openapi.json b/openapi/openapi.json index 86d5da21ac4..7d0042eef25 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -6016,6 +6016,15 @@ }, "x-kubernetes-list-type": "atomic" }, + "curves": { + "description": "curves is used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support. For example, to use X25519 and P-256 (yaml):\n\n curves:\n - X25519\n - P-256", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, "minTLSVersion": { "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", "type": "string", @@ -10984,6 +10993,15 @@ }, "x-kubernetes-list-type": "atomic" }, + "curves": { + "description": "curves is used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support. For example, to use X25519 and P-256 (yaml):\n\n curves:\n - X25519\n - P-256", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, "minTLSVersion": { "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", "type": "string", @@ -14268,6 +14286,76 @@ } } }, + "com.github.openshift.api.example.v1.FormatMarkerExamples": { + "description": "FormatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This struct provides a comprehensive reference for format marker validation. Each field uses a different format marker to validate its value.", + "type": "object", + "properties": { + "base64Data": { + "description": "base64Data must be valid base64-encoded data. Valid examples include aGVsbG8= (encodes \"hello\") or SGVsbG8gV29ybGQh (encodes \"Hello World!\").", + "type": "string" + }, + "cidrNotation": { + "description": "cidrNotation must be a valid CIDR notation IP address range. Valid examples include IPv4 CIDR (10.0.0.0/8, 192.168.1.0/24) or IPv6 CIDR (fd00::/8, 2001:db8::/32).\n\nUse of Format=cidr is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isCIDR(self)` to validate CIDR notation. Additionally, use `isCIDR(self) && cidr(self).ip().family() == X` to validate IPvX specifically.", + "type": "string" + }, + "dateField": { + "description": "dateField must be a valid date in RFC 3339 full-date format (YYYY-MM-DD). Valid examples include 2024-01-15 or 2023-12-31.", + "type": "string" + }, + "dateTimeField": { + "description": "dateTimeField must be a valid RFC 3339 date-time. Valid examples include 2024-01-15T14:30:00Z, 2024-01-15T14:30:00+00:00, or 2024-01-15T14:30:00.123Z.", + "type": "string" + }, + "durationField": { + "description": "durationField must be a valid duration string parseable by Go's time.ParseDuration. Valid time units are ns, us (or µs), ms, s, m, h. Valid examples include 30s, 5m, 1h30m, 100ms, or 1h.", + "type": "string" + }, + "emailAddress": { + "description": "emailAddress must be a valid email address. Valid examples include user@example.com or firstname.lastname@company.co.uk.", + "type": "string" + }, + "hostnameField": { + "description": "hostnameField must be a valid Internet hostname per RFC 1034. Valid examples include example.com, api.example.com, or my-service.", + "type": "string" + }, + "ipv4Address": { + "description": "ipv4Address must be a valid IPv4 address in dotted-quad notation. Valid values range from 0.0.0.0 to 255.255.255.255 (e.g., 192.168.1.1).\n\nUse of Format=ipv4 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 4` to validate IPv4 addresses.", + "type": "string" + }, + "ipv6Address": { + "description": "ipv6Address must be a valid IPv6 address. Valid examples include full form (2001:0db8:0000:0000:0000:0000:0000:0001) or compressed form (2001:db8::1 or ::1).\n\nUse of Format=ipv6 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 6` to validate IPv6 addresses.", + "type": "string" + }, + "macAddress": { + "description": "macAddress must be a valid MAC address. Valid examples include 00:1A:2B:3C:4D:5E or 00-1A-2B-3C-4D-5E.", + "type": "string" + }, + "passwordField": { + "description": "passwordField is a marker for sensitive data. Note that the password format marker does not perform any actual validation - it accepts any string value. This marker is primarily used to signal that the field contains sensitive information.", + "type": "string" + }, + "uriField": { + "description": "uriField must be a valid URI following RFC 3986 syntax. Valid examples include https://example.com/path?query=value or /absolute-path.", + "type": "string" + }, + "uuid3Field": { + "description": "uuid3Field must be a valid UUID version 3 (MD5 hash-based). Version 3 UUIDs are generated using MD5 hashing of a namespace and name. Valid example: a3bb189e-8bf9-3888-9912-ace4e6543002.", + "type": "string" + }, + "uuid4Field": { + "description": "uuid4Field must be a valid UUID version 4 (random). Version 4 UUIDs are randomly generated. Valid example: 550e8400-e29b-41d4-a716-446655440000.", + "type": "string" + }, + "uuid5Field": { + "description": "uuid5Field must be a valid UUID version 5 (SHA-1 hash-based). Version 5 UUIDs are generated using SHA-1 hashing of a namespace and name. Valid example: 74738ff5-5367-5958-9aee-98fffdcd1876.", + "type": "string" + }, + "uuidField": { + "description": "uuidField must be a valid UUID (any version) in 8-4-4-4-12 format. Valid examples include 550e8400-e29b-41d4-a716-446655440000 or 123e4567-e89b-12d3-a456-426614174000.", + "type": "string" + } + } + }, "com.github.openshift.api.example.v1.StableConfigType": { "description": "StableConfigType is a stable config type that may include TechPreviewNoUpgrade fields.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", @@ -14357,6 +14445,10 @@ "default": {}, "$ref": "#/definitions/com.github.openshift.api.example.v1.EvolvingUnion" }, + "formatMarkerExamples": { + "description": "formatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This field serves as a comprehensive reference for format marker validation.", + "$ref": "#/definitions/com.github.openshift.api.example.v1.FormatMarkerExamples" + }, "immutableField": { "description": "immutableField is a field that is immutable once the object has been created. It is required at all times.", "type": "string", diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml index 25c51d79566..5ab6a91c8ba 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml @@ -1977,6 +1977,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -3236,6 +3249,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index c271527c418..000dc16aded 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -1971,6 +1971,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -3219,6 +3232,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index f4416bf9b3c..49aa6fa5fc8 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -330,6 +330,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml index 37662cb58d8..4f87422a234 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -261,6 +261,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index bfeefa11f36..2145c85007a 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -330,6 +330,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index a49976e0dfd..7197e59a689 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -330,6 +330,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml index b056dc99c17..cf48033e2e1 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml @@ -144,6 +144,19 @@ spec: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. For example, to use X25519 and P-256 (yaml): + + curves: + - X25519 + - P-256 + items: + type: string + type: array + x-kubernetes-list-type: atomic minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol