Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.25] Use secure ciphers for metrics-server #7643

Closed
brandond opened this issue May 31, 2023 · 1 comment
Closed

[release-1.25] Use secure ciphers for metrics-server #7643

brandond opened this issue May 31, 2023 · 1 comment
Assignees
@brandond @est-suse
Milestone
v1.25.11+k3s1

Comments

@brandond
Copy link
Member

@brandond brandond moved this from New to Working in K3s Development May 31, 2023
@brandond brandond added this to the v1.25.11+k3s1 milestone May 31, 2023
@brandond brandond self-assigned this May 31, 2023
@brandond brandond mentioned this issue Jun 9, 2023
Merged
@brandond brandond moved this from Working to To Test in K3s Development Jun 12, 2023
@est-suse
Copy link
Contributor 

Validated new release commmit-id showing4e1ba3a087184e4c702f14aea0a5e40000fa5e01


PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

NAME               STATUS   ROLES                       AGE   VERSION
ip-172-1-1-1   Ready    control-plane,etcd,master   14m   v1.25.10+k3s-4e1ba3a0

NAMESPACE     NAME                                      READY   STATUS      RESTARTS   AGE
kube-system   coredns-8b9777675-svsfn                   1/1     Running     0          14m
kube-system   helm-install-traefik-bpzrj                0/1     Completed   2          14m
kube-system   helm-install-traefik-crd-bkktt            0/1     Completed   0          14m
kube-system   local-path-provisioner-69dff9496c-784rv   1/1     Running     0          14m
kube-system   metrics-server-854c559bd-vhpjz            1/1     Running     0          14m
kube-system   svclb-traefik-21a0221f-d8knj              2/2     Running     0          14m
kube-system   traefik-66fd46ccd-6tvcd                   1/1     Running     0          14m

k3s version v1.25.10+k3s-4e1ba3a0 (4e1ba3a0)
go version go1.19.9

sudo /usr/local/bin/crictl -r /var/run/k3s/containerd/containerd.sock images |grep metrics

I0615 16:07:47.318793    8818 util_unix.go:104] "Using this endpoint is deprecated, please consider using full URL format" endpoint="/var/run/k3s/containerd/containerd.sock" URL="unix:///var/run/k3s/containerd/containerd.sock"
docker.io/rancher/mirrored-metrics-server    v0.6.3                 817bbe3f2e517       29.9MB

kubectl get svc metrics-server -n kube-system

NAME             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
metrics-server   ClusterIP   10.43.42.251   <none>        443/TCP   18m

nmap --script ssl-enum-ciphers -p 443 10.43.42.251

Starting Nmap 7.93 ( https://nmap.org ) at 2023-06-15 15:55 UTC
Nmap scan report for ip-10-43-42-251.us-east-2.compute.internal (10.43.42.251)
Host is up (0.00011s latency).

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|     compressors: 
|       NULL
|     cipher preference: client
|   TLSv1.3: 
|     ciphers: 
|       TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|       TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|       TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds

@github-project-automation github-project-automation bot moved this from To Test to Done Issue in K3s Development Jun 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brandond brandond

@est-suse est-suse

Labels
None yet
Projects
K3s Development
Archived in project
Milestone
v1.25.11+k3s1
Development

No branches or pull requests
2 participants
@brandond @est-suse