Set minimum TLS version in webhooks #4165

ritazh · 2021-09-23T22:03:27Z

Please describe the Improvement and/or Feature Request

Current version of CR defaults to TLS v1.0. Some environments have automated security scans that trigger
on TLS versions or insecure cipher suites.

Upgrade to CR v0.9.1 or later ( ✨ Allow TLS minimum version to be configured kubernetes-sigs/controller-runtime#1548)
Define a flag to override minimum TLS version (default to 1.2 or 1.3) TLS 1.3 support is added in K8s 1.17 (Go 1.13 defaults to TLS 1.3): https://golang.org/doc/go1.13#tls_1_3

Scope (please mark with X where applicable)

New Functionality [ ]
Install [ ]
SMI Traffic Access Policy [ ]
SMI Traffic Specs Policy [ ]
SMI Traffic Split Policy [ ]
Permissive Traffic Policy [ ]
Ingress [ ]
Egress [ ]
Envoy Control Plane [ ]
CLI Tool [ ]
Metrics [ ]
Certificate Management [ ]
Sidecar Injection [ ]
Logging [ ]
Debugging [ ]
Tests [ ]
CI System [ ]
Demo [ ]
Project Release [ ]

Possible use cases

Update controller-runtime to v0.10.2 and add a tls minimum version fro webhooks fixes openservicemesh#4165 Signed-off-by: Sneha Chhabria <snchh@microsoft.com>

Update controller-runtime to v0.10.2 part of openservicemesh#4165 Signed-off-by: Sneha Chhabria <snchh@microsoft.com>

Add a minimum tls version for webhooks fixed openservicemesh#4165 Signed-off-by: Sneha Chhabria <snchh@microsoft.com>

snehachhabria added this to Planned & Scoped in OSM Roadmap via automation Oct 6, 2021

snehachhabria modified the milestones: v1.0.0, v1.0.0-candidates Oct 6, 2021

snehachhabria self-assigned this Oct 7, 2021

snehachhabria moved this from Planned & Scoped to In progress (Active Development) in OSM Roadmap Oct 7, 2021

snehachhabria mentioned this issue Oct 7, 2021

chore(controller-runtime) : Update controller-runtime version #4227

Closed

snehachhabria added a commit to snehachhabria/osm that referenced this issue Oct 7, 2021

chore(controller-runtime) : Update controller-runtime version

1d2e903

Update controller-runtime to v0.10.2 part of openservicemesh#4165 Signed-off-by: Sneha Chhabria <snchh@microsoft.com>

snehachhabria added a commit to snehachhabria/osm that referenced this issue Oct 7, 2021

chore(tlsversion): Add a tls minimum version for webhooks

2e1ebea

Add a minimum tls version for webhooks fixed openservicemesh#4165 Signed-off-by: Sneha Chhabria <snchh@microsoft.com>

snehachhabria mentioned this issue Oct 7, 2021

chore(tlsversion): Add a tls minimum version for webhooks #4229

Merged

snehachhabria closed this as completed in #4229 Oct 7, 2021

OSM Roadmap automation moved this from In progress (Active Development) to Done Oct 7, 2021

snehachhabria added a commit to snehachhabria/osm that referenced this issue Oct 14, 2021

chore(tlsversion): Add a tls minimum version for webhooks

2649463

Add a minimum tls version for webhooks fixed openservicemesh#4165 Signed-off-by: Sneha Chhabria <snchh@microsoft.com>

allenlsy pushed a commit to allenlsy/osm that referenced this issue Dec 28, 2021

chore(tlsversion): Add a tls minimum version for webhooks

fa07624

Add a minimum tls version for webhooks fixed openservicemesh#4165 Signed-off-by: Sneha Chhabria <snchh@microsoft.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set minimum TLS version in webhooks #4165

Set minimum TLS version in webhooks #4165

ritazh commented Sep 23, 2021

Set minimum TLS version in webhooks #4165

Set minimum TLS version in webhooks #4165

Comments

ritazh commented Sep 23, 2021