StarlingX

  1. Bug #2043217
  2. Comment #1

Comment 1 for bug 2043217

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-playbooks (master)

Reviewed: https://review.opendev.org/c/starlingx/ansible-playbooks/+/899984
Committed: https://opendev.org/starlingx/ansible-playbooks/commit/ae20ef5fd27d2dc4371443c00e795b2bf9417650
Submitter: "Zuul (22348)"
Branch: master

commit ae20ef5fd27d2dc4371443c00e795b2bf9417650
Author: Karla Felix <email address hidden>
Date: Thu Nov 2 16:51:23 2023 -0300

    Add var for minimum tls version and cipher suites

    This commit will add variables to minimum tls version and the
    allowed specific cipher suites in the bootstrap playbook. This
    variables will be added to
    /etc/kubernetes/manifests/kube-apiserver.yaml.

    The yamline disable-line is used because during the parse to
    kube-apiserver.yaml the string could not have any blank spaces
    or kubelet service will not start.

    Test Plan:

    PASS: Run build-image.
    PASS: Run build-pkgs -c -p playbookconfig.
    PASS: Verify if the flags "--tls-min-version" and
          "tls-cipher-suites" are present in
          /etc/kubernetes/manifests/kube-apiserver.yaml.
    PASS: Verify if port 6443 is blocking tls version 1.0,
          1.1 and weak cipher suites.

    Closes-Bug: 2043217

    Change-Id: I2af86387dc14ec89f9c3d652dfc4983c8fc06e5c
    Signed-off-by: Karla Felix <email address hidden>