From aa5212c4a5b024152f5015fc5759ad69d984afbd Mon Sep 17 00:00:00 2001 From: Xiangxuan Liu Date: Fri, 25 Oct 2019 12:20:59 +0000 Subject: [PATCH] Upgrade nginx ingress controller to 0.21 to support TLSv1.3 --- changelogs/unreleased/patch-1.yml | 5 +++++ charts/nginx/values.yaml | 2 +- values.yaml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 changelogs/unreleased/patch-1.yml diff --git a/changelogs/unreleased/patch-1.yml b/changelogs/unreleased/patch-1.yml new file mode 100644 index 0000000000..8ee2243e7b --- /dev/null +++ b/changelogs/unreleased/patch-1.yml @@ -0,0 +1,5 @@ +--- +title: Upgrade nginx ingress controller to 0.21 to Enable TLSv1.3, and TLSv1.1 is disabled by default. +merge_request: 1014 +author: Xiangxuan Liu +type: changed diff --git a/charts/nginx/values.yaml b/charts/nginx/values.yaml index 9a0c395ab1..eb1df47458 100755 --- a/charts/nginx/values.yaml +++ b/charts/nginx/values.yaml @@ -9,7 +9,7 @@ controller: name: controller image: repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller - tag: "0.20.0" + tag: "0.21.0" pullPolicy: IfNotPresent # www-data -> uid 33 runAsUser: 33 diff --git a/values.yaml b/values.yaml index 9048b7d662..e0fcd08303 100644 --- a/values.yaml +++ b/values.yaml @@ -453,7 +453,7 @@ nginx-ingress: enable-vts-status: "true" use-http2: "false" ssl-ciphers: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" - ssl-protocols: "TLSv1.1 TLSv1.2" + ssl-protocols: "TLSv1.3 TLSv1.2" server-tokens: "false" extraArgs: force-namespace-isolation: "" -- GitLab