diff options
author | Martin Eggen <meggen@redhat.com> | 2017-03-08 16:37:43 +0100 |
---|---|---|
committer | Martin Eggen <meggen@redhat.com> | 2017-03-09 14:41:27 +0100 |
commit | 91065cc31b9025c44c3b4a9cfcddac4711898e82 (patch) | |
tree | 7e6a1d085d5ceb70deaf665d032ea1c609def332 /roles | |
parent | b551ba3afbe6bf2b4888bd62dc0f5a837edadb67 (diff) | |
download | openshift-91065cc31b9025c44c3b4a9cfcddac4711898e82.tar.gz openshift-91065cc31b9025c44c3b4a9cfcddac4711898e82.tar.bz2 openshift-91065cc31b9025c44c3b4a9cfcddac4711898e82.tar.xz openshift-91065cc31b9025c44c3b4a9cfcddac4711898e82.zip |
Allow overriding minTLSVersion and cipherSuites
Add parameters to allow overriding minTLSVersion and
cipherSuites in master and node servingInfo config stanzas.
Diffstat (limited to 'roles')
-rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 18 | ||||
-rw-r--r-- | roles/openshift_node/templates/node.yaml.v1.j2 | 9 |
2 files changed, 27 insertions, 0 deletions
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index aec48386e..938ac2a12 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -35,6 +35,15 @@ assetConfig: keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 +{% if openshift_master_min_tls_version is defined %} + minTLSVersion: {{ openshift_master_min_tls_version }} +{% endif %} +{% if openshift_master_cipher_suites is defined %} + cipherSuites: +{% for cipher_suite in openshift_master_cipher_suites %} + - {{ cipher_suite }} +{% endfor %} +{% endif %} {% if openshift_master_ha | bool %} {% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %} auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} @@ -256,5 +265,14 @@ servingInfo: {% endfor %} {% endfor %} {% endif %} +{% if openshift_master_min_tls_version is defined %} + minTLSVersion: {{ openshift_master_min_tls_version }} +{% endif %} +{% if openshift_master_cipher_suites is defined %} + cipherSuites: +{% for cipher_suite in openshift_master_cipher_suites %} + - {{ cipher_suite }} +{% endfor %} +{% endif %} volumeConfig: dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }} diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index d3c3feb68..f2f929232 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -40,6 +40,15 @@ servingInfo: certFile: server.crt clientCA: ca.crt keyFile: server.key +{% if openshift_node_min_tls_version is defined %} + minTLSVersion: {{ openshift_node_min_tls_version }} +{% endif %} +{% if openshift_node_cipher_suites is defined %} + cipherSuites: +{% for cipher_suite in openshift_node_cipher_suites %} + - {{ cipher_suite }} +{% endfor %} +{% endif %} volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes proxyArguments: proxy-mode: |