[release-1.21] Add network/tls package for TLS configuration#3337
Open
Fedosin wants to merge 4 commits intoknative:release-1.21from
Open
[release-1.21] Add network/tls package for TLS configuration#3337Fedosin wants to merge 4 commits intoknative:release-1.21from
Fedosin wants to merge 4 commits intoknative:release-1.21from
Conversation
…native#3324) * feat: add shared tls package for reading TLS config from environment Extract TLS configuration parsing into a reusable knative.dev/pkg/tls package so that any Knative component (not just webhooks) can read TLS_MIN_VERSION, TLS_MAX_VERSION, TLS_CIPHER_SUITES, and TLS_CURVE_PREFERENCES from environment variables with an optional prefix. The webhook package is updated to use the new tls package, extending env var support from just WEBHOOK_TLS_MIN_VERSION to all four WEBHOOK_TLS_* variables. Programmatic Options values continue to take precedence over environment variables. Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com> * fix: address review feedback on tls package Reduce the public API surface of the tls package by unexporting ParseVersion, ParseCipherSuites, and ParseCurvePreferences since they are implementation details of NewConfigFromEnv. Also validate that TLS max version is not smaller than min version in webhook.New(), document the Options TLS field precedence (programmatic > env vars > defaults), and broaden TestConfig_TLSConfig to exercise the full NewConfigFromEnv → TLSConfig path. Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com> --------- Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com>
DefaultConfigFromEnv replaces NewConfigFromEnv by returning a full default tls.Config with overrides from env vars. This avoids specifying e.g. the TLS MinVersion explicitely.
…ity (knative#3331) The TLS configuration package is moved from tls/ to network/tls/ to co-locate it with the rest of the networking code. The old tls/ package now re-exports all public symbols as deprecated aliases so that existing consumers continue to compile without changes. The webhook package is updated to import from the new location directly. Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Fedosin The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
knative-prow
bot
added
the
size/XL
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## release-1.21 #3337 +/- ##
================================================
+ Coverage 74.64% 74.85% +0.20%
================================================
Files 188 189 +1
Lines 8207 8275 +68
================================================
+ Hits 6126 6194 +68
Misses 1841 1841
Partials 240 240 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
linkvt
reviewed
Mar 18, 2026
Contributor
linkvt
left a comment
linkvt
left a comment
There was a problem hiding this comment.
Same as in the already reviewed PRs 👍
/lgtm
Contributor
Author
|
/hold |
knative-prow
bot
added
the
do-not-merge/hold
Contributor
Author
|
/hold cancel |
knative-prow
bot
removed
the
do-not-merge/hold
Member
|
What's the intent here are we hoping to pull this into specific repos which we release? If so what bug are we fixing? Or do you just want these changes in a release branch for other reasons? |
Member
|
To clarify not looking to block this - just looking for clarity on what's the subsequent plan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Backport of the following PRs from main to release-1.21:
/kind enhancement
Fixes #
Release Note
Docs