Skip to content

apiservers.config.openshift.io: remove spec.tlsSecurityProfile GoDoc caveats #2467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

apiservers.config.openshift.io: remove spec.tlsSecurityProfile GoDoc caveats #2467

wants to merge 1 commit into from
+25 −36

Conversation

joelanford
Copy link
Member

The apiserver component was updated in OCP 4.19 to support the Modern TLS profile and TLS 1.3.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 3, 2025

Hello @joelanford! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

@openshift-ci openshift-ci bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Sep 3, 2025
JoelSpeed
JoelSpeed reviewed Sep 4, 2025
View reviewed changes
config/v1/types_apiserver.go Outdated
// If unset, a default (which may change between releases) is chosen. Note that only Old,
// Intermediate and Custom profiles are currently supported, and the maximum available
// minTLSVersion is VersionTLS12.
// If unset, a default (which may change between releases) is chosen.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have standard verbiage for this behaviour, would normally read

When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
The current default is ...

@joelanford
apiservers.config.openshift.io: remove spec.tlsSecurityProfile GoDoc …
2371796 
…caveats

The apiserver component was updated in OCP 4.19 to support the Modern
TLS profile and TLS 1.3

Signed-off-by: Joe Lanford <[email protected]>
@joelanford joelanford force-pushed the tls-security-profile-doc-fix branch from f641f96 to 2371796 Compare September 4, 2025 16:34
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 4, 2025

@joelanford: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-azure 2371796 link false /test e2e-azure
ci/prow/e2e-aws-ovn-hypershift 2371796 link true /test e2e-aws-ovn-hypershift
ci/prow/e2e-aws-serial-2of2 2371796 link true /test e2e-aws-serial-2of2
ci/prow/okd-scos-e2e-aws-ovn 2371796 link false /test okd-scos-e2e-aws-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@JoelSpeed
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 5, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 5, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: joelanford, JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@everettraven everettraven Awaiting requested review from everettraven

1 more reviewer

@JoelSpeed JoelSpeed JoelSpeed left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@JoelSpeed JoelSpeed

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joelanford @JoelSpeed