-
Story
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
False
-
-
False
-
None
-
None
-
None
-
None
Write resolved TLS profile settings (minTLSVersion, cipherSuites) to the Kueue controller_manager_config.yaml ConfigMap.
Files to modify:
- pkg/operator/target_config_reconciler.go - Add TLS config to ConfigMap generation
- bindata/assets/kueue-operator/controller_manager_config.yaml (if template-based)
Implementation approach:
1. Resolve TLS profile using pkg/tls helpers (CRD > APIServer > default)
2. Convert to Kueue Configuration format (minTLSVersion, cipherSuites)
3. Add TLS settings to the controller_manager_config.yaml ConfigMap
4. Ensure ConfigMap changes trigger deployment rollout
Example ConfigMap content:
controller_manager_config.yaml: | webhook: port: 9443 minTLSVersion: "1.2" cipherSuites: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 metrics: bindAddress: :8443 minTLSVersion: "1.2" cipherSuites: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Acceptance Criteria:
- ConfigMap includes TLS settings from resolved profile
- ConfigMap is updated when TLS profile changes
- Format matches upstream Kueue Configuration API
Depends on:
- OCPKUEUE-459 (TLS helper package)
OCPKUEUE-456(Upstream e2e tests merged - confirms API shape)