knative
Add TLSMaxVersion, TLSCipherSuites, and TLSCurvePreferences to webhook.Options for minimal tls customization
This change adds minimal TLS configuration API for webhooks Add TLSMaxVersion, TLSCipherSuites, and TLSCurvePreferences fields to webhook.Options for granular TLS control without exposing full tls.Config.
- TLSMaxVersion: enforce Modern profile (TLS 1.3 only)
- TLSCipherSuites: custom cipher suites
- TLSCurvePreferences: elliptic curve configuration
Changes:
- Add TLSMaxVersion, TLSCipherSuites, and TLSCurvePreferences fields to webhook.Options
- Added unit tests for all new fields
- Added documentation for webhook tls (README)
- Maintains backward compatibility with existing TLSMinVersion usage
- :gift: Add new feature
- :bug: Fix bug
/kind enhancement
Fixes #3299
Release Note
Enhanced webhook TLS configuration with support for max version, custom cipher suites, and curve preferences.
Docs
The committers listed above are authorized under a signed CLA.
- :white_check_mark: login: jkhelil / name: khelil (c6bbfb212318e380134b3a83a2b3e924c93e5457)
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}
Welcome @jkhelil! It looks like this is your first PR to knative/pkg 🎉
![knative-prow[bot] avatar](https://avatars.githubusercontent.com/in/183726?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @jkhelil. Thanks for your PR.
I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
Codecov Report
:white_check_mark: All modified and coverable lines are covered by tests.
:white_check_mark: Project coverage is 74.59%. Comparing base (9cc8410) to head (c6bbfb2).
:warning: Report is 2 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #3300 +/- ##
=======================================
Coverage 74.58% 74.59%
=======================================
Files 188 188
Lines 8187 8190 +3
=======================================
+ Hits 6106 6109 +3
Misses 1841 1841
Partials 240 240
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: dprotaso, jkhelil
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~webhook/OWNERS~~ [dprotaso]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment