force tlsCipherSuites to avoid SWEET32 issue (#148)

Author: tuxtof

charts/nutanix-cloud-provider/Chart.yaml

@@ -12,14 +12,13 @@ keywords:
   - Cloud Controller Manager
   - Cloud
   - CCM
-version: 0.3.3
+version: 0.3.4
 appVersion: "v0.3.2"
 annotations:
   artifacthub.io/displayName: "Nutanix Cloud Provider"
   artifacthub.io/containsSecurityUpdates: "true"
   artifacthub.io/changes: |
-    - Nutanix Cloud provider upgrade to v0.3.2
-    - Add Additional Trust Bundle Support
+    - Fix SWEET32 issue
   artifacthub.io/maintainers: |
     - name: Nutanix Cloud Native Team
       email: cloudnative@nutanix.com

charts/nutanix-cloud-provider/templates/cloud-provider-nutanix-deployment.yaml

@@ -54,6 +54,7 @@ spec:
           args:
             - "--leader-elect=true"
             - "--cloud-config=/etc/cloud/nutanix_config.json"
+            - "--tls-cipher-suites={{ .Values.tlsCipherSuites }}"
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:

charts/nutanix-cloud-provider/values.yaml

@@ -66,6 +66,8 @@ resources:
     cpu: 100m
     memory: 50Mi
 
+tlsCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+
 nodeSelector:
   node-role.kubernetes.io/control-plane: ""