Hello team,
can you please help me how to set and test minimum version of TLS cipher on etcd level? This topic need video explanation i think.
I assume you are doing the CKS course – this is the only course I know of where this question would come up – in which case we have this in an article attached to the course, Securing Control Plane Communications with Ciphers. In the article, it shows that you need to add this as a flag to the kube-apiserver, as so:
- Edit the
API servermanifest and add the following two arguments
--tls-min-version=VersionTLS12 --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Hello Rob,
Once we edit the API server with given parameters, do we need to add “–cipher-suites” parameter in etcd yaml file? If so, why? If not, why?