For VPA, make the admission-controller expose the minimum TLS version and/or the TLS ciphers #6624
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
allenmun197
added
the
kind/feature
|
Do we have any plan to migrate the change to existing releases 1.1 and/or 1.0? @allenmun197 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Which component are you using?:
Vertical Pod Autoscaler
Is your feature request designed to solve a problem? If so describe the problem this feature should solve.:
At my company we have stricter TLS rules than normal. Currently VPA's admission controller is accepting TLS ciphers for
ECDHE-RSA-DES-CBC3-SHAandDES-CBC3-SHAwhich are considered to be weak ciphers. We are being pinged for vulnerabilities when we use VPA.With this feature, it would solve our issue as we could just have an allow-list of ciphers we accept or just bump the minimum TLS version to 1.3.
Describe the solution you'd like.:
I would like to see two new flags exposed
--min-tls-versionand--tls-cipherson the VPA admission-controller as it would allow for customers to adjust the server to their needs.Describe any alternative solutions you've considered.:
N/A
Additional context.:
The text was updated successfully, but these errors were encountered: