nutanix-cloud-native / cluster-api-provider-nutanix

Kubernetes-native declarative infrastructure provider for Nutanix AHV
https://opendocs.nutanix.com/capx/latest/getting_started/
Apache License 2.0
40 stars 23 forks source link

Set Nutanix CCM cipher-suites to fix sweet32 CVE #439

Closed tuxtof closed 5 months ago

tuxtof commented 5 months ago

What this PR does / why we need it:

Enforce specific tls-cipher-suite to fix Nutanix CCM SWEET32 CVE

Release note:

- Fix Nutanix CCM Sweet32 issue
codecov[bot] commented 5 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 30.62%. Comparing base (dc98d5e) to head (5908af1).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #439 +/- ## ======================================= Coverage 30.62% 30.62% ======================================= Files 14 14 Lines 1342 1342 ======================================= Hits 411 411 Misses 931 931 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

thunderboltsid commented 5 months ago

/lgtm /approve

nutanix-cn-prow-bot[bot] commented 5 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deepakm-ntnx, thunderboltsid, tuxtof

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/nutanix-cloud-native/cluster-api-provider-nutanix/blob/main/OWNERS)~~ [deepakm-ntnx,thunderboltsid,tuxtof] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
tuxtof commented 5 months ago

just for completeness, could you please document where did this list come from? and in future how should one keep it up to date. also how is this tested?

I just align with the settings coming from the other components who are coming from field best practice . compared with other k8s distro

thunderboltsid commented 5 months ago

/retest