USHIFT-4932: Docs nits

openshift · Dec 11, 2024 · d78aef7 · d78aef7
1 parent 5f1256e
commit d78aef7
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 8 deletions.
diff --git a/cmd/generate-config/config/config-openapi-spec.json b/cmd/generate-config/config/config-openapi-spec.json
@@ -99,14 +99,14 @@
           ],
           "properties": {
             "cipherSuites": {
-              "description": "CipherSuites lists the allowed cipher suites that the API server will\naccept and serve.",
+              "description": "CipherSuites lists the allowed cipher suites that the API server will\naccept and serve. Defaults to cipher suites from the minVersion config\nparameter.",
               "type": "array",
               "items": {
                 "type": "string"
               }
             },
             "minVersion": {
-              "description": "MinVersion specifies which TLS version is the minimum version of TLS\nto serve from the API server.",
+              "description": "MinVersion specifies which TLS version is the minimum version of TLS\nto serve from the API server. Allowed values: VersionTLS12, VersionTLS13.\nDefaults to VersionTLS12.",
               "type": "string",
               "default": "VersionTLS12",
               "enum": [

diff --git a/packaging/microshift/config.yaml b/packaging/microshift/config.yaml
@@ -25,11 +25,13 @@ apiServer:
         - ""
     tls:
         # CipherSuites lists the allowed cipher suites that the API server will
-        # accept and serve.
+        # accept and serve. Defaults to cipher suites from the minVersion config
+        # parameter.
         cipherSuites:
             - ""
         # MinVersion specifies which TLS version is the minimum version of TLS
-        # to serve from the API server.
+        # to serve from the API server. Allowed values: VersionTLS12, VersionTLS13.
+        # Defaults to VersionTLS12.
         minVersion: VersionTLS12
 debugging:
     # Valid values are: "Normal", "Debug", "Trace", "TraceAll".

diff --git a/pkg/config/apiserver.go b/pkg/config/apiserver.go
@@ -25,6 +25,8 @@ type ApiServer struct {
 
 	AuditLog AuditLog `json:"auditLog"`
 
+	TLS TLSConfig `json:"tls"`
+
 	// The URL and Port of the API server cannot be changed by the user.
 	URL  string `json:"-"`
 	Port int    `json:"-"`
@@ -40,8 +42,6 @@ type ApiServer struct {
 	// advertising because of dual stack limitations there. This is only to
 	// make ovnk work properly.
 	AdvertiseAddresses []string `json:"-"`
-
-	TLS TLSConfig `json:"tls"`
 }
 
 // NamedCertificateEntry provides certificate details
@@ -68,11 +68,13 @@ type AuditLog struct {
 
 type TLSConfig struct {
 	// CipherSuites lists the allowed cipher suites that the API server will
-	// accept and serve.
+	// accept and serve. Defaults to cipher suites from the minVersion config
+	// parameter.
 	CipherSuites []string `json:"cipherSuites"`
 
 	// MinVersion specifies which TLS version is the minimum version of TLS
-	// to serve from the API server.
+	// to serve from the API server. Allowed values: VersionTLS12, VersionTLS13.
+	// Defaults to VersionTLS12.
 	// +kubebuilder:validation:Enum:=VersionTLS12;VersionTLS13
 	// +kubebuilder:default=VersionTLS12
 	MinVersion string `json:"minVersion"`