Skip to content

Commit

Permalink
operator: Configure kube-rbac-proxy sidecar to use Intermediate TLS s…
Browse files Browse the repository at this point in the history
…ecurity profile in OCP (#7092)
  • Loading branch information
Mohamed-Amine Bouqsimi authored Sep 7, 2022
1 parent c271f79 commit defba23
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions operator/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
## Main

- [7092](https://github.com/grafana/loki/pull/7092) **aminesnow**: Configure kube-rbac-proxy sidecar to use Intermediate TLS security profile in OCP
- [6870](https://github.com/grafana/loki/pull/6870) **aminesnow**: Configure gateway to honor the global tlsSecurityProfile on Openshift
- [6999](https://github.com/grafana/loki/pull/6999) **Red-GV**: Adding LokiStack Gateway alerts
- [7000](https://github.com/grafana/loki/pull/7000) **xperimental**: Configure default node affinity for all pods
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1231,6 +1231,8 @@ spec:
- --logtostderr=true
- --tls-cert-file=/var/run/secrets/serving-cert/tls.crt
- --tls-private-key-file=/var/run/secrets/serving-cert/tls.key
- --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256
- --tls-min-version=VersionTLS12
- --v=0
image: quay.io/openshift/origin-kube-rbac-proxy:latest
name: kube-rbac-proxy
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ spec:
- "--logtostderr=true"
- "--tls-cert-file=/var/run/secrets/serving-cert/tls.crt"
- "--tls-private-key-file=/var/run/secrets/serving-cert/tls.key"
- "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256"
- "--tls-min-version=VersionTLS12"
- "--v=0"
ports:
- containerPort: 8443
Expand Down

0 comments on commit defba23

Please sign in to comment.