Skip to content

Commit 37be723

Browse files
sanchezlsanchezl
committed
regenerate CRDs
1 parent 979a602 commit 37be723

File tree

17 files changed

+409
-1223
lines changed

17 files changed

+409
-1223
lines changed

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml

Lines changed: 26 additions & 80 deletions
Original file line numberDiff line numberDiff line change
@@ -305,17 +305,12 @@ spec:
305305
profile as invalid configurations can be catastrophic. An example custom profile
306306
looks like this:
307307
308+
minTLSVersion: VersionTLS11
308309
ciphers:
309-
310310
- ECDHE-ECDSA-CHACHA20-POLY1305
311-
312311
- ECDHE-RSA-CHACHA20-POLY1305
313-
314312
- ECDHE-RSA-AES128-GCM-SHA256
315-
316313
- ECDHE-ECDSA-AES128-GCM-SHA256
317-
318-
minTLSVersion: VersionTLS11
319314
nullable: true
320315
properties:
321316
ciphers:
@@ -337,8 +332,6 @@ spec:
337332
versions 1.1, 1.2 and 1.3 (yaml):
338333
339334
minTLSVersion: VersionTLS11
340-
341-
NOTE: currently the highest minTLSVersion allowed is VersionTLS12
342335
enum:
343336
- VersionTLS10
344337
- VersionTLS11
@@ -348,143 +341,96 @@ spec:
348341
type: object
349342
intermediate:
350343
description: |-
351-
intermediate is a TLS security profile based on:
352-
353-
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
344+
intermediate is a TLS profile for use when you do not need compatibility with
345+
legacy clients and want to remain highly secure while being compatible with
346+
most clients currently in use.
354347
355-
and looks like this (yaml):
348+
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
349+
by the "intermediate" profile ciphers.
356350
351+
This profile is equivalent to a Custom profile specified as:
352+
minTLSVersion: VersionTLS12
357353
ciphers:
358-
359354
- TLS_AES_128_GCM_SHA256
360-
361355
- TLS_AES_256_GCM_SHA384
362-
363356
- TLS_CHACHA20_POLY1305_SHA256
364-
365357
- ECDHE-ECDSA-AES128-GCM-SHA256
366-
367358
- ECDHE-RSA-AES128-GCM-SHA256
368-
369359
- ECDHE-ECDSA-AES256-GCM-SHA384
370-
371360
- ECDHE-RSA-AES256-GCM-SHA384
372-
373361
- ECDHE-ECDSA-CHACHA20-POLY1305
374-
375362
- ECDHE-RSA-CHACHA20-POLY1305
376-
377363
- DHE-RSA-AES128-GCM-SHA256
378-
379364
- DHE-RSA-AES256-GCM-SHA384
380-
381-
minTLSVersion: VersionTLS12
382365
nullable: true
383366
type: object
384367
modern:
385368
description: |-
386-
modern is a TLS security profile based on:
387-
388-
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
389-
390-
and looks like this (yaml):
369+
modern is a TLS security profile for use with clients that support TLS 1.3 and
370+
do not need backward compatibility for older clients.
391371
372+
This profile is equivalent to a Custom profile specified as:
373+
minTLSVersion: VersionTLS13
392374
ciphers:
393-
394375
- TLS_AES_128_GCM_SHA256
395-
396376
- TLS_AES_256_GCM_SHA384
397-
398377
- TLS_CHACHA20_POLY1305_SHA256
399-
400-
minTLSVersion: VersionTLS13
401378
nullable: true
402379
type: object
403380
old:
404381
description: |-
405-
old is a TLS security profile based on:
382+
old is a TLS profile for use when services need to be accessed by very old
383+
clients or libraries and should be used only as a last resort.
406384
407-
https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
408-
409-
and looks like this (yaml):
385+
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
386+
by the "old" profile ciphers.
410387
388+
This profile is equivalent to a Custom profile specified as:
389+
minTLSVersion: VersionTLS10
411390
ciphers:
412-
413391
- TLS_AES_128_GCM_SHA256
414-
415392
- TLS_AES_256_GCM_SHA384
416-
417393
- TLS_CHACHA20_POLY1305_SHA256
418-
419394
- ECDHE-ECDSA-AES128-GCM-SHA256
420-
421395
- ECDHE-RSA-AES128-GCM-SHA256
422-
423396
- ECDHE-ECDSA-AES256-GCM-SHA384
424-
425397
- ECDHE-RSA-AES256-GCM-SHA384
426-
427398
- ECDHE-ECDSA-CHACHA20-POLY1305
428-
429399
- ECDHE-RSA-CHACHA20-POLY1305
430-
431400
- DHE-RSA-AES128-GCM-SHA256
432-
433401
- DHE-RSA-AES256-GCM-SHA384
434-
435402
- DHE-RSA-CHACHA20-POLY1305
436-
437403
- ECDHE-ECDSA-AES128-SHA256
438-
439404
- ECDHE-RSA-AES128-SHA256
440-
441405
- ECDHE-ECDSA-AES128-SHA
442-
443406
- ECDHE-RSA-AES128-SHA
444-
445407
- ECDHE-ECDSA-AES256-SHA384
446-
447408
- ECDHE-RSA-AES256-SHA384
448-
449409
- ECDHE-ECDSA-AES256-SHA
450-
451410
- ECDHE-RSA-AES256-SHA
452-
453411
- DHE-RSA-AES128-SHA256
454-
455412
- DHE-RSA-AES256-SHA256
456-
457413
- AES128-GCM-SHA256
458-
459414
- AES256-GCM-SHA384
460-
461415
- AES128-SHA256
462-
463416
- AES256-SHA256
464-
465417
- AES128-SHA
466-
467418
- AES256-SHA
468-
469419
- DES-CBC3-SHA
470-
471-
minTLSVersion: VersionTLS10
472420
nullable: true
473421
type: object
474422
type:
475423
description: |-
476-
type is one of Old, Intermediate, Modern or Custom. Custom provides
477-
the ability to specify individual TLS security profile parameters.
478-
Old, Intermediate and Modern are TLS security profiles based on:
479-
480-
https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
424+
type is one of Old, Intermediate, Modern or Custom. Custom provides the
425+
ability to specify individual TLS security profile parameters.
481426
482-
The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
483-
are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be
484-
reduced.
427+
The profiles are currently based on version 5.0 of the Mozilla Server Side TLS
428+
configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for
429+
forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json
485430
486-
Note that the Modern profile is currently not supported because it is not
487-
yet well adopted by common software libraries.
431+
The profiles are intent based, so they may change over time as new ciphers are
432+
developed and existing ciphers are found to be insecure. Depending on
433+
precisely which ciphers are available to a process, the list may be reduced.
488434
enum:
489435
- Old
490436
- Intermediate

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml

Lines changed: 26 additions & 80 deletions
Original file line numberDiff line numberDiff line change
@@ -236,17 +236,12 @@ spec:
236236
profile as invalid configurations can be catastrophic. An example custom profile
237237
looks like this:
238238
239+
minTLSVersion: VersionTLS11
239240
ciphers:
240-
241241
- ECDHE-ECDSA-CHACHA20-POLY1305
242-
243242
- ECDHE-RSA-CHACHA20-POLY1305
244-
245243
- ECDHE-RSA-AES128-GCM-SHA256
246-
247244
- ECDHE-ECDSA-AES128-GCM-SHA256
248-
249-
minTLSVersion: VersionTLS11
250245
nullable: true
251246
properties:
252247
ciphers:
@@ -268,8 +263,6 @@ spec:
268263
versions 1.1, 1.2 and 1.3 (yaml):
269264
270265
minTLSVersion: VersionTLS11
271-
272-
NOTE: currently the highest minTLSVersion allowed is VersionTLS12
273266
enum:
274267
- VersionTLS10
275268
- VersionTLS11
@@ -279,143 +272,96 @@ spec:
279272
type: object
280273
intermediate:
281274
description: |-
282-
intermediate is a TLS security profile based on:
283-
284-
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
275+
intermediate is a TLS profile for use when you do not need compatibility with
276+
legacy clients and want to remain highly secure while being compatible with
277+
most clients currently in use.
285278
286-
and looks like this (yaml):
279+
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
280+
by the "intermediate" profile ciphers.
287281
282+
This profile is equivalent to a Custom profile specified as:
283+
minTLSVersion: VersionTLS12
288284
ciphers:
289-
290285
- TLS_AES_128_GCM_SHA256
291-
292286
- TLS_AES_256_GCM_SHA384
293-
294287
- TLS_CHACHA20_POLY1305_SHA256
295-
296288
- ECDHE-ECDSA-AES128-GCM-SHA256
297-
298289
- ECDHE-RSA-AES128-GCM-SHA256
299-
300290
- ECDHE-ECDSA-AES256-GCM-SHA384
301-
302291
- ECDHE-RSA-AES256-GCM-SHA384
303-
304292
- ECDHE-ECDSA-CHACHA20-POLY1305
305-
306293
- ECDHE-RSA-CHACHA20-POLY1305
307-
308294
- DHE-RSA-AES128-GCM-SHA256
309-
310295
- DHE-RSA-AES256-GCM-SHA384
311-
312-
minTLSVersion: VersionTLS12
313296
nullable: true
314297
type: object
315298
modern:
316299
description: |-
317-
modern is a TLS security profile based on:
318-
319-
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
320-
321-
and looks like this (yaml):
300+
modern is a TLS security profile for use with clients that support TLS 1.3 and
301+
do not need backward compatibility for older clients.
322302
303+
This profile is equivalent to a Custom profile specified as:
304+
minTLSVersion: VersionTLS13
323305
ciphers:
324-
325306
- TLS_AES_128_GCM_SHA256
326-
327307
- TLS_AES_256_GCM_SHA384
328-
329308
- TLS_CHACHA20_POLY1305_SHA256
330-
331-
minTLSVersion: VersionTLS13
332309
nullable: true
333310
type: object
334311
old:
335312
description: |-
336-
old is a TLS security profile based on:
313+
old is a TLS profile for use when services need to be accessed by very old
314+
clients or libraries and should be used only as a last resort.
337315
338-
https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
339-
340-
and looks like this (yaml):
316+
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
317+
by the "old" profile ciphers.
341318
319+
This profile is equivalent to a Custom profile specified as:
320+
minTLSVersion: VersionTLS10
342321
ciphers:
343-
344322
- TLS_AES_128_GCM_SHA256
345-
346323
- TLS_AES_256_GCM_SHA384
347-
348324
- TLS_CHACHA20_POLY1305_SHA256
349-
350325
- ECDHE-ECDSA-AES128-GCM-SHA256
351-
352326
- ECDHE-RSA-AES128-GCM-SHA256
353-
354327
- ECDHE-ECDSA-AES256-GCM-SHA384
355-
356328
- ECDHE-RSA-AES256-GCM-SHA384
357-
358329
- ECDHE-ECDSA-CHACHA20-POLY1305
359-
360330
- ECDHE-RSA-CHACHA20-POLY1305
361-
362331
- DHE-RSA-AES128-GCM-SHA256
363-
364332
- DHE-RSA-AES256-GCM-SHA384
365-
366333
- DHE-RSA-CHACHA20-POLY1305
367-
368334
- ECDHE-ECDSA-AES128-SHA256
369-
370335
- ECDHE-RSA-AES128-SHA256
371-
372336
- ECDHE-ECDSA-AES128-SHA
373-
374337
- ECDHE-RSA-AES128-SHA
375-
376338
- ECDHE-ECDSA-AES256-SHA384
377-
378339
- ECDHE-RSA-AES256-SHA384
379-
380340
- ECDHE-ECDSA-AES256-SHA
381-
382341
- ECDHE-RSA-AES256-SHA
383-
384342
- DHE-RSA-AES128-SHA256
385-
386343
- DHE-RSA-AES256-SHA256
387-
388344
- AES128-GCM-SHA256
389-
390345
- AES256-GCM-SHA384
391-
392346
- AES128-SHA256
393-
394347
- AES256-SHA256
395-
396348
- AES128-SHA
397-
398349
- AES256-SHA
399-
400350
- DES-CBC3-SHA
401-
402-
minTLSVersion: VersionTLS10
403351
nullable: true
404352
type: object
405353
type:
406354
description: |-
407-
type is one of Old, Intermediate, Modern or Custom. Custom provides
408-
the ability to specify individual TLS security profile parameters.
409-
Old, Intermediate and Modern are TLS security profiles based on:
410-
411-
https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
355+
type is one of Old, Intermediate, Modern or Custom. Custom provides the
356+
ability to specify individual TLS security profile parameters.
412357
413-
The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
414-
are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be
415-
reduced.
358+
The profiles are currently based on version 5.0 of the Mozilla Server Side TLS
359+
configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for
360+
forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json
416361
417-
Note that the Modern profile is currently not supported because it is not
418-
yet well adopted by common software libraries.
362+
The profiles are intent based, so they may change over time as new ciphers are
363+
developed and existing ciphers are found to be insecure. Depending on
364+
precisely which ciphers are available to a process, the list may be reduced.
419365
enum:
420366
- Old
421367
- Intermediate

0 commit comments

Comments
 (0)