fix: update prometheus-operator to allow TLS 1.2 healthprobes#1471
Merged
fix: update prometheus-operator to allow TLS 1.2 healthprobes#1471
Conversation
noahpb
approved these changes
Apr 16, 2025
Contributor
|
Nice find! |
mjnagel
pushed a commit
that referenced
this pull request
Apr 17, 2025
🤖 I have created a release *beep* *boop* --- ## [0.40.1](v0.40.0...v0.40.1) (2025-04-17) ### Bug Fixes * update prometheus-operator to allow TLS 1.2 healthprobes ([#1471](#1471)) ([7bed436](7bed436)) ### Miscellaneous * add docs for wiring in pre-reqs for S3/MetalLB ([#1235](#1235)) ([16ad626](16ad626)) * **deps:** update grafana ([#1464](#1464)) ([e0c8701](e0c8701)) * **deps:** update grafana to v8.11.1 ([#1405](#1405)) ([9a4b8fe](9a4b8fe)) * **deps:** update loki to v1.27.5 ([#1468](#1468)) ([b9c37a4](b9c37a4)) * **deps:** update support-deps ([#1463](#1463)) ([7d81e18](7d81e18)) * **deps:** update vector to 0.46.1 ([#1460](#1460)) ([ce0646b](ce0646b)) * **docs:** zarf package annotations ([#1429](#1429)) ([d45dc83](d45dc83)) * enable netpols for eks ([#1467](#1467)) ([2a78317](2a78317)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
mjnagel
added a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
…eunicorns#1471) ## Description Changes the TLS min protocol version for the operator to 1.2. This is required on some clusters, specifically when the node is in FIPS mode. While this is environment specific, 1.2 is still an active/valid version and FIPS/most system requirements are 1.2+. If an environment requires 1.3 this could be overridden, however the kubelet would need to support 1.3 healthprobes. ## Related Issue Issue reported by @joelmccoy when testing 0.40.0 (unicorn and upstream) on FIPS EKS cluster. ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate - If this PR introduces new functionality to UDS Core or addresses a bug, please document the steps to test the changes. ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
mjnagel
pushed a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
🤖 I have created a release *beep* *boop* --- ## [0.40.1](defenseunicorns/uds-core@v0.40.0...v0.40.1) (2025-04-17) ### Bug Fixes * update prometheus-operator to allow TLS 1.2 healthprobes ([defenseunicorns#1471](defenseunicorns#1471)) ([7bed436](defenseunicorns@7bed436)) ### Miscellaneous * add docs for wiring in pre-reqs for S3/MetalLB ([defenseunicorns#1235](defenseunicorns#1235)) ([16ad626](defenseunicorns@16ad626)) * **deps:** update grafana ([defenseunicorns#1464](defenseunicorns#1464)) ([e0c8701](defenseunicorns@e0c8701)) * **deps:** update grafana to v8.11.1 ([defenseunicorns#1405](defenseunicorns#1405)) ([9a4b8fe](defenseunicorns@9a4b8fe)) * **deps:** update loki to v1.27.5 ([defenseunicorns#1468](defenseunicorns#1468)) ([b9c37a4](defenseunicorns@b9c37a4)) * **deps:** update support-deps ([defenseunicorns#1463](defenseunicorns#1463)) ([7d81e18](defenseunicorns@7d81e18)) * **deps:** update vector to 0.46.1 ([defenseunicorns#1460](defenseunicorns#1460)) ([ce0646b](defenseunicorns@ce0646b)) * **docs:** zarf package annotations ([defenseunicorns#1429](defenseunicorns#1429)) ([d45dc83](defenseunicorns@d45dc83)) * enable netpols for eks ([defenseunicorns#1467](defenseunicorns#1467)) ([2a78317](defenseunicorns@2a78317)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Changes the TLS min protocol version for the operator to 1.2. This is required on some clusters, specifically when the node is in FIPS mode.
While this is environment specific, 1.2 is still an active/valid version and FIPS/most system requirements are 1.2+. If an environment requires 1.3 this could be overridden, however the kubelet would need to support 1.3 healthprobes.
Related Issue
Issue reported by @joelmccoy when testing 0.40.0 (unicorn and upstream) on FIPS EKS cluster.
Type of change
Steps to Validate
Checklist before merging