Bug 1847318: set prometheus operator TLS min version to 1.2

The default TLS min version in prometheus operator is 1.3. TLS version 1.3 causes a communication failure between the API server and prometheus-operator "tls: protocol version not supported".
openshift · Jun 29, 2020 · 2894fa2 · 2894fa2
1 parent 3d25c0d
commit 2894fa2
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/assets/prometheus-operator/deployment.yaml b/assets/prometheus-operator/deployment.yaml
@@ -34,6 +34,7 @@ spec:
         - --config-reloader-memory=0
         - --web.enable-tls=true
         - --web.tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+        - --web.tls-min-version=VersionTLS12
         image: quay.io/coreos/prometheus-operator:v0.38.1
         name: prometheus-operator
         ports:

diff --git a/jsonnet/prometheus-operator.jsonnet b/jsonnet/prometheus-operator.jsonnet
@@ -49,6 +49,7 @@ local certsCAVolumeName = 'operator-certs-ca-bundle';
                           '--config-reloader-memory=0',
                           '--web.enable-tls=true',
                           '--web.tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
+                          '--web.tls-min-version=VersionTLS12',
                         ],
                         securityContext: {},
                         resources: {

diff --git a/pkg/manifests/bindata.go b/pkg/manifests/bindata.go