There's a push to centralize TLS configuration in preparation for post-quantum cryptography (see OCPSTRAT-2611).

Today, hiveadmission gets these settings from the pod spec in bindata (source) where they're currently absent. HIVE-3007 added a code path to parlay settings from the APIServer resource to the appropriate CLI settings when running on OpenShift (since APIServer is OpenShift-specific).

To complete the picture, we need some way of configuring these CLI settings on the hiveadmission pod when we're running on non-OpenShift k8s. Likely one of the following:

• We can't inherit from APIServer. Is there some other k8s-generic object we can reliably inherit from?
• Add a knob to e.g. hiveconfig allowing the customer to configure the settings directly.
• Decide it's not important and close this card.

I'm linking, but not blocking, HIVE-3007/OCPSTRAT-2611, as those care about OpenShift specifically.