New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1847318: set TLS min version to 1.2 #826
Conversation
/hold |
/retest |
/test e2e-aws |
@pgier can you give some references why we need to remove configuring tls cipher suites for the webhooks? |
@s-urbaniak I noticed that the other validation webhooks currently in openshift do not set any TLS cipher suites, so just wanted to test this. |
98a59fa
to
2894fa2
Compare
@pgier: This pull request references Bugzilla bug 1847318, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/hold cancel |
@pgier: This pull request references Bugzilla bug 1847318, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@pgier we had some issues in CI yesterday. do you mind to rebase and retest? |
/retest |
1 similar comment
/retest |
The default TLS min version in prometheus operator is 1.3. TLS version 1.3 causes a communication failure between the API server and prometheus-operator "tls: protocol version not supported".
/retest |
@s-urbaniak please take a look again |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pgier, s-urbaniak The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@bparees i am very sorry, can you remind me again whom we can ping about the FIPS compliance and verify "we are doing the right thing" here? |
Kirsten Newcomer was the PM who might be able to point you to some experts. David Eads also suggested Simo Sorce as a security engineer who was involved. |
/retest |
/retest Please review the full test history for this PR and help us cut down flakes. |
22 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
@pgier: All pull requests linked via external trackers have merged: openshift/cluster-monitoring-operator#826. Bugzilla bug 1847318 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Change the TLS min version in prometheus-operator to 1.2 from the default of 1.3.