Skip to content

feat(tls): inject centrally managed TLS config into pruner webhook#3453

Open
infernus01 wants to merge 1 commit into
tektoncd:mainfrom
infernus01:pruner-tls
Open

feat(tls): inject centrally managed TLS config into pruner webhook#3453
infernus01 wants to merge 1 commit into
tektoncd:mainfrom
infernus01:pruner-tls

Conversation

@infernus01
Copy link
Copy Markdown
Member

@infernus01 infernus01 commented May 29, 2026

Changes

Wire the OpenShift APIServer TLS profile into the tekton-pruner-webhook deployment so that the pruner webhook applies the cluster-wide TLS version and cipher suite policy (PQC readiness).

The pruner webhook uses the Knative webhook framework, which WEBHOOK_TLS_MIN_VERSION, WEBHOOK_TLS_CIPHER_SUITES, and WEBHOOK_TLS_CURVE_PREFERENCES environment variables at startup via
knative.dev/pkg/network/tls.DefaultConfigFromEnv("WEBHOOK_").

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide for more details.

Release Notes

Central TLS configuration is now injected into the tekton-pruner-webhook on OpenShift, aligning it with the cluster-wide TLS security profile for PQC readiness

@tekton-robot tekton-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label May 29, 2026
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 29, 2026
@infernus01
Copy link
Copy Markdown
Member Author

infernus01 commented May 29, 2026

/hold

@tekton-robot tekton-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 29, 2026
@infernus01
feat(tls): inject centrally managed TLS config into pruner webhook
84f9032 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
infernus01
infernus01 commented Jun 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member Author

@infernus01 infernus01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/unhold

@tekton-robot tekton-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 1, 2026
@infernus01 infernus01 closed this Jun 1, 2026
@infernus01 infernus01 reopened this Jun 1, 2026
@jkhelil
Copy link
Copy Markdown
Member

jkhelil commented Jun 2, 2026

/retest

@jkhelil
Copy link
Copy Markdown
Member

jkhelil commented Jun 2, 2026

/approve

@tekton-robot
Copy link
Copy Markdown
Contributor

tekton-robot commented Jun 2, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jkhelil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anithapriyanatarajan anithapriyanatarajan Awaiting requested review from anithapriyanatarajan

@pramodbindal pramodbindal Awaiting requested review from pramodbindal

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@infernus01 @jkhelil @tekton-robot