Merge pull request #4198 from zhzhuang-zju/tls1.3

set MinVersion to VersionTLS13 for tlsconfig

Author: karmada-bot

artifacts/deploy/karmada-aggregated-apiserver.yaml

@@ -46,6 +46,7 @@ spec:
             - --feature-gates=APIPriorityAndFairness=false
             - --audit-log-maxage=0
             - --audit-log-maxbackup=0
+            - --tls-min-version=VersionTLS13
           resources:
             requests:
               cpu: 100m

artifacts/deploy/karmada-apiserver.yaml

@@ -62,6 +62,7 @@ spec:
             - --requestheader-username-headers=X-Remote-User
             - --tls-cert-file=/etc/karmada/pki/apiserver.crt
             - --tls-private-key-file=/etc/karmada/pki/apiserver.key
+            - --tls-min-version=VersionTLS13
           name: karmada-apiserver
           image: registry.k8s.io/kube-apiserver:v1.25.4
           imagePullPolicy: IfNotPresent

artifacts/deploy/karmada-metrics-adapter.yaml

@@ -42,6 +42,7 @@ spec:
             - --audit-log-path=-
             - --audit-log-maxage=0
             - --audit-log-maxbackup=0
+            - --tls-min-version=VersionTLS13
           readinessProbe:
             httpGet:
               path: /readyz

artifacts/deploy/karmada-search.yaml

@@ -46,6 +46,7 @@ spec:
             - --feature-gates=APIPriorityAndFairness=false
             - --audit-log-maxage=0
             - --audit-log-maxbackup=0
+            - --tls-min-version=VersionTLS13
           livenessProbe:
             httpGet:
               path: /livez

charts/karmada/templates/karmada-aggregated-apiserver.yaml

@@ -65,6 +65,7 @@ spec:
             - --feature-gates=APIPriorityAndFairness=false
             - --audit-log-maxage=0
             - --audit-log-maxbackup=0
+            - --tls-min-version=VersionTLS13
           resources:
             {{- toYaml .Values.aggregatedApiServer.resources | nindent 12 }}
           readinessProbe:

charts/karmada/templates/karmada-apiserver.yaml

@@ -73,6 +73,7 @@ spec:
             - --tls-private-key-file=/etc/kubernetes/pki/karmada.key
             - --max-requests-inflight={{ .Values.apiServer.maxRequestsInflight }}
             - --max-mutating-requests-inflight={{ .Values.apiServer.maxMutatingRequestsInflight }}
+            - --tls-min-version=VersionTLS13
           ports:
             - name: http
               containerPort: 5443

charts/karmada/templates/karmada-search.yaml

@@ -78,6 +78,7 @@ spec:
             - --feature-gates=APIPriorityAndFairness=false
             - --audit-log-maxage=0
             - --audit-log-maxbackup=0
+            - --tls-min-version=VersionTLS13
           livenessProbe:
             httpGet:
               path: /livez

operator/pkg/controlplane/apiserver/mainfests.go

@@ -59,6 +59,7 @@ spec:
         - --max-requests-inflight=1500
         - --max-mutating-requests-inflight=500
         - --v=4
+	- --tls-min-version=VersionTLS13
         livenessProbe:
           failureThreshold: 8
           httpGet:
@@ -171,6 +172,7 @@ spec:
         - --feature-gates=APIPriorityAndFairness=false
         - --audit-log-maxage=0
         - --audit-log-maxbackup=0
+	- --tls-min-version=VersionTLS13
         volumeMounts:
         - mountPath: /etc/karmada/kubeconfig
           name: kubeconfig

operator/pkg/controlplane/metricsadapter/mainfests.go

@@ -40,6 +40,7 @@ spec:
         - --audit-log-path=-
         - --audit-log-maxage=0
         - --audit-log-maxbackup=0
+	- --tls-min-version=VersionTLS13
         volumeMounts:
         - name: kubeconfig
           subPath: kubeconfig