From d5a0ee2a6c1b6e98c61bfbc1f8e30a2594c225fa Mon Sep 17 00:00:00 2001
From: jamestexas <jamestexasgardner@gmail.com>
Date: Wed, 31 Jul 2024 16:43:31 -0500
Subject: [PATCH] feat(istio): add configurable TLS version

- Introduced support for configuring the minimum TLS version for UDS Core.
- Added 'supportTLSV1_2' boolean flag in values file to allow selection between TLS 1.2 and TLS 1.3.
- Updated Helm templates to conditionally set 'minProtocolVersion' based on 'supportTLSV1_2' value.
- Ensured backward compatibility by defaulting to TLS 1.3.
- Commented and documented the new configuration option for clarity.

Closes #599

Signed-off-by: jamestexas <jamestexasgardner@gmail.com>
---
 src/istio/chart/templates/gateway.yaml | 2 +-
 src/istio/chart/values.yaml            | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/istio/chart/templates/gateway.yaml b/src/istio/chart/templates/gateway.yaml
index ea2d7c28a..921fb6cec 100644
--- a/src/istio/chart/templates/gateway.yaml
+++ b/src/istio/chart/templates/gateway.yaml
@@ -32,7 +32,7 @@ spec:
         mode: {{ $server.mode }}
         {{- if ne $server.mode "PASSTHROUGH" }}
         credentialName: gateway-tls
-        minProtocolVersion: TLSV1_3
+        minProtocolVersion: {{ if .Values.tls.supportTLSV1_2 }}TLSV1_2{{ else }}TLSV1_3{{ end }}
         {{- end }}
     {{ end }}
 {{ end }}
diff --git a/src/istio/chart/values.yaml b/src/istio/chart/values.yaml
index cf564b049..803433b8c 100644
--- a/src/istio/chart/values.yaml
+++ b/src/istio/chart/values.yaml
@@ -24,3 +24,5 @@ domain: "###ZARF_VAR_DOMAIN###"
 #       # Hosts to add to this gateway
 #       hosts:
 #         - "*"
+#   # Whether to support TLS 1.2 (if false, only TLS 1.3 will be supported)
+#   supportTLSV1_2: false