Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Labels:
- tls
- upstream

Activity Type:
Future Sustainability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
[Kueue Operator] Central TLS Profile consistency
Story Points:
None

Target Version:
None
Release Blocker:
None
Sprint:
None

Apply TLS profile settings to the webhook server via controller-runtime's webhook.Options.TLSOpts.

File to modify:

cmd/kueue/main.go
pkg/config/config.go (addTo function)

Implementation:

webhookServer := webhook.NewServer(webhook.Options{
    Port:    *cfg.Webhook.Port,
    Host:    cfg.Webhook.Host,
    CertDir: cfg.Webhook.CertDir,
    TLSOpts: []func(*tls.Config){
        func(config *tls.Config) {
            config.MinVersion = tlsVersionFromConfig(cfg.Webhook.MinTLSVersion)
            config.CipherSuites = cipherSuitesFromConfig(cfg.Webhook.CipherSuites)
        },
    },
})

Acceptance Criteria:

Webhook server respects minTLSVersion from configuration
Webhook server respects cipherSuites from configuration
Defaults to Intermediate profile when not specified
TLS scanner confirms correct settings on webhook endpoints

Depends on: OCPKUEUE-451 (API fields)

Assignee:: Harshal Patil

Reporter:: Harshal Patil

Contributors:: None

QA Contact:: None

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/12/11 3:18 PM

Updated:: 2025/12/15 8:24 PM

Resolved:: 2025/12/15 8:24 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty