Skip to content
Snippets Groups Projects
Unverified Commit 2c5c20cf authored by Damien Grisonnet's avatar Damien Grisonnet Committed by GitHub
Browse files

Merge pull request #1216 from fpetkovski/prometheus-adapter-cipher-suites 

jsonnet: disable insecure cypher suites for prometheus-adapter
parents 79324567 0ff173ef
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet
+ 18
0
View file @ 2c5c20cf
...@@ -53,6 +53,23 @@ local defaults = { ...@@ -53,6 +53,23 @@ local defaults = {
window: '5m', window: '5m',
}, },
}, },
tlsCipherSuites: [
'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305',
'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305',
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
'TLS_RSA_WITH_AES_128_GCM_SHA256',
'TLS_RSA_WITH_AES_256_GCM_SHA384',
'TLS_RSA_WITH_AES_128_CBC_SHA',
'TLS_RSA_WITH_AES_256_CBC_SHA',
],
}; };
function(params) { function(params) {
...@@ -145,6 +162,7 @@ function(params) { ...@@ -145,6 +162,7 @@ function(params) {
'--metrics-relist-interval=1m', '--metrics-relist-interval=1m',
'--prometheus-url=' + pa._config.prometheusURL, '--prometheus-url=' + pa._config.prometheusURL,
'--secure-port=6443', '--secure-port=6443',
'--tls-cipher-suites=' + std.join(',', pa._config.tlsCipherSuites),
], ],
ports: [{ containerPort: 6443 }], ports: [{ containerPort: 6443 }],
volumeMounts: [ volumeMounts: [
......
manifests/prometheus-adapter-deployment.yaml
+ 1
0
View file @ 2c5c20cf
...@@ -35,6 +35,7 @@ spec: ...@@ -35,6 +35,7 @@ spec:
- --metrics-relist-interval=1m - --metrics-relist-interval=1m
- --prometheus-url=http://prometheus-k8s.monitoring.svc.cluster.local:9090/ - --prometheus-url=http://prometheus-k8s.monitoring.svc.cluster.local:9090/
- --secure-port=6443 - --secure-port=6443
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
image: directxman12/k8s-prometheus-adapter:v0.8.4 image: directxman12/k8s-prometheus-adapter:v0.8.4
name: prometheus-adapter name: prometheus-adapter
ports: ports:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment