rancher v2.6.3
rek-tools
The k8s I deployed with rancher now wants to pass a security check, and now I encounter a problem. The security detection tool scans the 10257 port of kube-controller-manager and uses a deprecated cipher suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA, kube- The startup command of the controller-manager container is as follows: kube-controller-manager --kubeconfig=/etc/kubernetes/ssl/kubecfg-kube-controller-manager.yaml --pod-eviction-timeout=5m0s --cloud-provider = --root-ca-file=/etc/kubernetes/ssl/kube-ca.pem --terminated-pod-gc-threshold=1000 --service-cluster-ip-range=10.43.0.0/16 --configure -cloud-routes=false --node-monitor-grace-period=40s --allocate-node-cidrs=true --allow-untagged-cloud=true --cluster-cidr=10.42.0.0/16 --service- account-private-key-file=/etc/kubernetes/ssl/kube-service-account-token-key.pem --enable-hostpath-provisioner=false --leader-elect=true --profiling=false --v =2 --address=0.0.0.0 --use-service-account-credentials=true.
How can I add the --tls-cipher-suites option? Or how should I get rid of the deprecated cipher suites in it?
