k8s修复openssl漏洞

CVE-2016-2183,CVE-2016-6329
/etc/kubernetes/manifests/kube-aipserver.yaml,添加以下参数

- --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

保存文件会自动启动kube-aipserver,再用检测工具复测
参考官网:https://kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-apiserver/

posted @ 2022-05-09 11:34  Sureing  阅读(877)  评论(0编辑  收藏  举报