Revert "Removing weak ciphers from kube-apiserver"

This reverts commit 72dd981826. Reason for revert: Contains one cipher that is not supported in the API Change-Id: I0b9d499c35e7e014dcd31e500f12f2e413e2b749
2024-03-01 14:33:39 +00:00
parent 72dd981826
commit 5deeebebeb
1 changed files with 1 additions and 1 deletions
--- a/playbookconfig/src/playbooks/roles/bootstrap/prepare-env/vars/main.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/prepare-env/vars/main.yml
@@ -50,7 +50,7 @@ apiserver_extra_args_defaults:
  tls-min-version: "VersionTLS12"
 # The source of cipher suites is from this list:
 # https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
-  tls-cipher-suites: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384,TLS_DH_RSA_WITH_AES_256_GCM_SHA384,TLS_DH_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384"# yamllint disable-line rule:line-length
+  tls-cipher-suites: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"# yamllint disable-line rule:line-length

 controllermanager_extra_args_defaults:
  node-monitor-period: "2s"