From 91065cc31b9025c44c3b4a9cfcddac4711898e82 Mon Sep 17 00:00:00 2001
From: Martin Eggen <meggen@redhat.com>
Date: Wed, 8 Mar 2017 16:37:43 +0100
Subject: Allow overriding minTLSVersion and cipherSuites

Add parameters to allow overriding minTLSVersion and
cipherSuites in master and node servingInfo config stanzas.
---
 roles/openshift_node/templates/node.yaml.v1.j2 | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'roles/openshift_node/templates/node.yaml.v1.j2')

diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index d3c3feb68..f2f929232 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -40,6 +40,15 @@ servingInfo:
   certFile: server.crt
   clientCA: ca.crt
   keyFile: server.key
+{% if openshift_node_min_tls_version is defined %}
+  minTLSVersion: {{ openshift_node_min_tls_version }}
+{% endif %}
+{% if openshift_node_cipher_suites is defined %}
+  cipherSuites:
+{% for cipher_suite in openshift_node_cipher_suites %}
+  - {{ cipher_suite }}
+{% endfor %}
+{% endif %}
 volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes
 proxyArguments:
   proxy-mode:
-- 
cgit v1.2.1