环境信息:
RKE2 版本: v1.23.17+rke2r1
节点 CPU 架构,操作系统和版本:ubuntu20.04
集群配置: 1 servers, 3 agents
问题描述:
查看到官方文档 TLS设置默认的版本是1.2,想设置为支持1.3,但不知道如何修改.
重现步骤:
预期结果:
rke2-ingress-nginx-controller启用TLS 1.3
实际结果:
已解决,需要修改kube-system命名空间的configmap: rke2-ingress-nginx-controller,添加配置
kind: ConfigMap
apiVersion: v1
metadata:
name: rke2-ingress-nginx-controller
namespace: kube-system
data:
ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl-protocols: "TLSv1.2 TLSv1.3"
1 个赞