webhook server use TLS 1.2 as minimum version (#2394)

kishorj · web-flow · commit 0b5c5bd4a613 · 2021-12-02T16:14:26.000-08:00
diff --git a/main.go b/main.go
@@ -91,7 +91,7 @@ func main() {
 		setupLog.Error(err, "unable to start manager")
 		os.Exit(1)
 	}
-	config.ConfigureWebhookServerCert(controllerCFG.RuntimeConfig, mgr)
+	config.ConfigureWebhookServer(controllerCFG.RuntimeConfig, mgr)
 	clientSet, err := kubernetes.NewForConfig(mgr.GetConfig())
 	if err != nil {
 		setupLog.Error(err, "unable to obtain clientSet")
diff --git a/pkg/config/runtime_config.go b/pkg/config/runtime_config.go
@@ -124,8 +124,9 @@ func BuildRuntimeOptions(rtCfg RuntimeConfig, scheme *runtime.Scheme) ctrl.Optio
 	}
 }
 
-// ConfigureWebhookServerCert set up the server cert for the webhook server.
-func ConfigureWebhookServerCert(rtCfg RuntimeConfig, mgr ctrl.Manager) {
+// ConfigureWebhookServer set up the server cert for the webhook server.
+func ConfigureWebhookServer(rtCfg RuntimeConfig, mgr ctrl.Manager) {
 	mgr.GetWebhookServer().CertName = rtCfg.WebhookCertName
 	mgr.GetWebhookServer().KeyName = rtCfg.WebhookKeyName
+	mgr.GetWebhookServer().TLSMinVersion = "1.2"
 }

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ func main() {`
`91`	`91`	`setupLog.Error(err, "unable to start manager")`
`92`	`92`	`os.Exit(1)`
`93`	`93`	`}`
`94`		`- config.ConfigureWebhookServerCert(controllerCFG.RuntimeConfig, mgr)`
	`94`	`+ config.ConfigureWebhookServer(controllerCFG.RuntimeConfig, mgr)`
`95`	`95`	`clientSet, err := kubernetes.NewForConfig(mgr.GetConfig())`
`96`	`96`	`if err != nil {`
`97`	`97`	`setupLog.Error(err, "unable to obtain clientSet")`
Original file line number	Diff line number	Diff line change
`@@ -124,8 +124,9 @@ func BuildRuntimeOptions(rtCfg RuntimeConfig, scheme *runtime.Scheme) ctrl.Optio`
`124`	`124`	`}`
`125`	`125`	`}`
`126`	`126`
`127`		`-// ConfigureWebhookServerCert set up the server cert for the webhook server.`
`128`		`-func ConfigureWebhookServerCert(rtCfg RuntimeConfig, mgr ctrl.Manager) {`
	`127`	`+// ConfigureWebhookServer set up the server cert for the webhook server.`
	`128`	`+func ConfigureWebhookServer(rtCfg RuntimeConfig, mgr ctrl.Manager) {`
`129`	`129`	`mgr.GetWebhookServer().CertName = rtCfg.WebhookCertName`
`130`	`130`	`mgr.GetWebhookServer().KeyName = rtCfg.WebhookKeyName`
	`131`	`+ mgr.GetWebhookServer().TLSMinVersion = "1.2"`
`131`	`132`	`}`