Set MinVersion: tls.VersionTLS12 in prometheus client's TLSClientConfig

kubernetes-sigs / prometheus-adapter

An implementation of the custom.metrics.k8s.io API using Prometheus

Apache License 2.0

1.9k stars 551 forks source link

Set MinVersion: tls.VersionTLS12 in prometheus client's TLSClientConfig #544

Closed olivierlemasle closed 1 year ago

olivierlemasle commented 1 year ago

Having no explicit MinVersion is reported by gosec as G402 (CWE-295): TLS MinVersion too low

Using MinVersion: tls.VersionTLS12 because it's what client-go uses:

https://github.com/kubernetes/client-go/blob/1ac8d459351e21458fd1041f41e43403eadcbdba/transport/transport.go#L92

That way, the Kubernetes API client and the Prometheus client in prometheus-adapter use the same TLS config MinVersion.

olivierlemasle commented 1 year ago

/assign @dgrisonnet

dgrisonnet commented 1 year ago

/lgtm /approve

k8s-ci-robot commented 1 year ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dgrisonnet, olivierlemasle

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/prometheus-adapter/blob/master/OWNERS)~~ [dgrisonnet] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment