From 02fff67b75914d07e2064ee272be38574cf76f36 Mon Sep 17 00:00:00 2001
From: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
Date: Wed, 8 May 2024 13:52:19 +0300
Subject: [PATCH] set webhook min TLS version to 1.3

Webhook is connected to by kube-apiserver, and it has supported TLS 1.3
connections since Go 1.14, over 4 years ago. By default, the connection
has been negoatiated to TLS 1.3 anyways between the client and webhook.
Turning it to TLS 1.3 should not affect anything, but it shouldn't
also break anything.

In case this is an issue for some consumer, they can always use the
--tls-min-version TLS12 to turn it back to TLS 1.2.

Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
---
 main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 2428d20f93..a831747e22 100644
--- a/main.go
+++ b/main.go
@@ -324,7 +324,7 @@ func initFlags(fs *pflag.FlagSet) {
 
 	fs.IntVar(&restConfigBurst, "kube-api-burst", 30,
 		"Maximum number of queries that should be allowed in one burst from the controller client to the Kubernetes API server. Default 30")
-	fs.StringVar(&tlsOptions.TLSMinVersion, "tls-min-version", TLSVersion12,
+	fs.StringVar(&tlsOptions.TLSMinVersion, "tls-min-version", TLSVersion13,
 		"The minimum TLS version in use by the webhook server.\n"+
 			fmt.Sprintf("Possible values are %s.", strings.Join(tlsSupportedVersions, ", ")),
 	)