Hi! I’m using Rancher v2.5.5 and RKE kubernetes (launching with Rancher, 1.19.4 k8s).
We check CVE vulnerability and find that etcd uses.
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
How can i disabled that cipher??
Thank you for reply!!
I try to find a way to configure ‘extra_args’ to ‘etcd’ service.
But I can’t…
I already have three etcd node.
Can i just put “ciphers” to etcd’s extra_args?
Is there any guide or docs about that…?
I think these links are related.
But i don’t know where can i find cluster.yaml file…
I launched rke k8s following this guide (https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/), I didn’t use cluster.yaml.
How to configure/apply extra_args to etcd nodes that are already running…?
I solved it.
Rancher UI → Cluster → Edit → Edit as YAML
services > etcd > extra_args >
And add
cipher-suites: ‘CIPHER_1,CIPHER_2’
Thank you!!