Skip to content

Commit

Permalink
Bug 1847318: set prometheus operator TLS min version to 1.2
Browse files Browse the repository at this point in the history 
The default TLS min version in prometheus operator is 1.3.
TLS version 1.3 causes a communication failure between the API server and
prometheus-operator "tls: protocol version not supported".
  • Loading branch information
@pgier
pgier committed Jun 30, 2020
1 parent 782b26a commit 4f56414
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 2 deletions.
1 change: 1 addition & 0 deletions assets/prometheus-operator/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ spec:
- --config-reloader-memory=0
- --web.enable-tls=true
- --web.tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- --web.tls-min-version=VersionTLS12
- --manage-crds=false
image: quay.io/coreos/prometheus-operator:v0.38.1
name: prometheus-operator
Expand Down
1 change: 1 addition & 0 deletions jsonnet/prometheus-operator.jsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ local certsCAVolumeName = 'operator-certs-ca-bundle';
'--config-reloader-memory=0',
'--web.enable-tls=true',
'--web.tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
'--web.tls-min-version=VersionTLS12',
'--manage-crds=false',
],
securityContext: {},
Expand Down
4 changes: 2 additions & 2 deletions pkg/manifests/bindata.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 4f56414

Please sign in to comment.