feat(istio): add configurable TLS version

- Introduced support for configuring the minimum TLS version for UDS Core. - Added 'supportTLSV1_2' boolean flag in values file to allow selection between TLS 1.2 and TLS 1.3. - Updated Helm templates to conditionally set 'minProtocolVersion' based on 'supportTLSV1_2' value. - Ensured backward compatibility by defaulting to TLS 1.3. - Commented and documented the new configuration option for clarity. Closes defenseunicorns#599 Signed-off-by: jamestexas <[email protected]>
jamestexas · Jul 31, 2024 · af20fb9 · af20fb9
1 parent f2164e1
commit af20fb9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/src/istio/chart/templates/gateway.yaml b/src/istio/chart/templates/gateway.yaml
@@ -32,7 +32,7 @@ spec:
         mode: {{ $server.mode }}
         {{- if ne $server.mode "PASSTHROUGH" }}
         credentialName: gateway-tls
-        minProtocolVersion: TLSV1_3
+        minProtocolVersion: {{ if .Values.tls.supportTLSV1_2 }}TLSV1_2{{ else }}TLSV1_3{{ end }}
         {{- end }}
     {{ end }}
 {{ end }}
diff --git a/src/istio/chart/values.yaml b/src/istio/chart/values.yaml
@@ -5,6 +5,9 @@ name: change-me
 domain: "###ZARF_VAR_DOMAIN###"
 
 # tls:
+#   # Set to true to support TLS 1.2, false for TLS 1.3 only
+#   supportTLSV1_2: false
+
 #   # The TLS certificate for the gateway, if not in 'PASSTHROUGH' mode (base64 encoded)
 #   cert: ""