calico icon indicating copy to clipboard operation
calico copied to clipboard

Published 20 hours ago verified publisher icon projectcalico

Tweak TLS config wherever used and make it FIPS compliant.

Open rene-dekker opened this issue 2 years ago • 3 comments

  • Apiserver will always use the recommended ciphers, to make it fips compliant, the operator will add the tls-max-version flag.
  • Replace tls.Config creation with our own convenient function that sets recommended settings.
  • Go mod uses our fork of k8s.io/apiserver, which is identical to v0.24.0, with an added flag. We will submit a PR upstream to get this into Kubernetes.

rene-dekker avatar Sep 19 '22 23:09 rene-dekker

/sem-approve

mgleung avatar Sep 21 '22 23:09 mgleung

/sem-approve

mgleung avatar Sep 22 '22 18:09 mgleung

/sem-approve

mgleung avatar Sep 22 '22 21:09 mgleung

/sem-approve

mgleung avatar Nov 29 '22 20:11 mgleung

Removing "merge-when-ready" label due to new commits

marvin-tigera avatar Nov 29 '22 23:11 marvin-tigera

/sem-approve

mgleung avatar Nov 30 '22 05:11 mgleung

Removing "merge-when-ready" label due to new commits

marvin-tigera avatar Dec 02 '22 23:12 marvin-tigera

/sem-approve

caseydavenport avatar Dec 05 '22 17:12 caseydavenport

Removing "merge-when-ready" label due to new commits

marvin-tigera avatar Dec 05 '22 19:12 marvin-tigera

/sem-approve

mgleung avatar Dec 05 '22 20:12 mgleung