deployments: pass down webhook TLS config, re-enable secure-port

damdo · damdo · commit ecac27e320be · 2026-02-12T14:04:23.000+01:00
diff --git a/pkg/cloud/aws/assets/deployment.yaml b/pkg/cloud/aws/assets/deployment.yaml
@@ -49,7 +49,12 @@ spec:
           {{- if .tlsMinVersion }}
           --tls-min-version={{ .tlsMinVersion }} \
           {{- end }}
-          --secure-port=0 \
+          {{- if .tlsCipherSuites }}
+          --webhook-tls-cipher-suites={{ .tlsCipherSuites }} \
+          {{- end }}
+          {{- if .tlsMinVersion }}
+          --webhook-tls-min-version={{ .tlsMinVersion }} \
+          {{- end }}
           -v=2
         env:
         - name: CLOUD_CONFIG
diff --git a/pkg/cloud/azure/assets/cloud-controller-manager-deployment.yaml b/pkg/cloud/azure/assets/cloud-controller-manager-deployment.yaml
@@ -128,7 +128,12 @@ spec:
                 {{- if .tlsMinVersion }}
                 --tls-min-version={{ .tlsMinVersion }} \
                 {{- end }}
-                --secure-port=0
+                {{- if .tlsCipherSuites }}
+                --webhook-tls-cipher-suites={{ .tlsCipherSuites }} \
+                {{- end }}
+                {{- if .tlsMinVersion }}
+                --webhook-tls-min-version={{ .tlsMinVersion }}
+                {{- end }}
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
             - name: host-etc-kube
diff --git a/pkg/cloud/azurestack/assets/cloud-controller-manager-deployment.yaml b/pkg/cloud/azurestack/assets/cloud-controller-manager-deployment.yaml
@@ -120,7 +120,12 @@ spec:
                 {{- if .tlsMinVersion }}
                 --tls-min-version={{ .tlsMinVersion }} \
                 {{- end }}
-                --secure-port=0
+                {{- if .tlsCipherSuites }}
+                --webhook-tls-cipher-suites={{ .tlsCipherSuites }} \
+                {{- end }}
+                {{- if .tlsMinVersion }}
+                --webhook-tls-min-version={{ .tlsMinVersion }}
+                {{- end }}
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
             - name: host-etc-kube
diff --git a/pkg/cloud/gcp/assets/cloud-controller-manager.yaml b/pkg/cloud/gcp/assets/cloud-controller-manager.yaml
@@ -102,7 +102,12 @@ spec:
                 {{- if .tlsMinVersion }}
                 --tls-min-version={{ .tlsMinVersion }} \
                 {{- end }}
-                --secure-port=0
+                {{- if .tlsCipherSuites }}
+                --webhook-tls-cipher-suites={{ .tlsCipherSuites }} \
+                {{- end }}
+                {{- if .tlsMinVersion }}
+                --webhook-tls-min-version={{ .tlsMinVersion }}
+                {{- end }}
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
             - name: host-etc-kube
diff --git a/pkg/cloud/ibm/assets/deployment.yaml b/pkg/cloud/ibm/assets/deployment.yaml
@@ -90,6 +90,12 @@ spec:
             {{- if .tlsMinVersion }}
             --tls-min-version={{ .tlsMinVersion }} \
             {{- end }}
+            {{- if .tlsCipherSuites }}
+            --webhook-tls-cipher-suites={{ .tlsCipherSuites }} \
+            {{- end }}
+            {{- if .tlsMinVersion }}
+            --webhook-tls-min-version={{ .tlsMinVersion }} \
+            {{- end }}
             --v=2
         livenessProbe:
           failureThreshold: 3
diff --git a/pkg/cloud/nutanix/assets/cloud-controller-manager-deployment.yaml b/pkg/cloud/nutanix/assets/cloud-controller-manager-deployment.yaml
@@ -104,7 +104,12 @@ spec:
                 {{- if .tlsMinVersion }}
                 --tls-min-version={{ .tlsMinVersion }} \
                 {{- end }}
-                --secure-port=0
+                {{- if .tlsCipherSuites }}
+                --webhook-tls-cipher-suites={{ .tlsCipherSuites }} \
+                {{- end }}
+                {{- if .tlsMinVersion }}
+                --webhook-tls-min-version={{ .tlsMinVersion }}
+                {{- end }}
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
             - name: nutanix-config
diff --git a/pkg/cloud/openstack/assets/deployment.yaml b/pkg/cloud/openstack/assets/deployment.yaml
@@ -85,7 +85,12 @@ spec:
             {{- if .tlsMinVersion }}
             --tls-min-version={{ .tlsMinVersion }} \
             {{- end }}
-            --secure-port=0
+            {{- if .tlsCipherSuites }}
+            --webhook-tls-cipher-suites={{ .tlsCipherSuites }} \
+            {{- end }}
+            {{- if .tlsMinVersion }}
+            --webhook-tls-min-version={{ .tlsMinVersion }}
+            {{- end }}
           ports:
           - containerPort: 10258
             name: https
diff --git a/pkg/cloud/powervs/assets/deployment.yaml b/pkg/cloud/powervs/assets/deployment.yaml
@@ -89,6 +89,12 @@ spec:
             {{- if .tlsMinVersion }}
             --tls-min-version={{ .tlsMinVersion }} \
             {{- end }}
+            {{- if .tlsCipherSuites }}
+            --webhook-tls-cipher-suites={{ .tlsCipherSuites }} \
+            {{- end }}
+            {{- if .tlsMinVersion }}
+            --webhook-tls-min-version={{ .tlsMinVersion }} \
+            {{- end }}
             --v=2
         livenessProbe:
           httpGet:
diff --git a/pkg/cloud/vsphere/assets/cloud-controller-manager-deployment.yaml b/pkg/cloud/vsphere/assets/cloud-controller-manager-deployment.yaml
@@ -111,7 +111,12 @@ spec:
                 {{- if .tlsMinVersion }}
                 --tls-min-version={{ .tlsMinVersion }} \
                 {{- end }}
-                --secure-port=0
+                {{- if .tlsCipherSuites }}
+                --webhook-tls-cipher-suites={{ .tlsCipherSuites }} \
+                {{- end }}
+                {{- if .tlsMinVersion }}
+                --webhook-tls-min-version={{ .tlsMinVersion }}
+                {{- end }}
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
             - name: host-etc-kube
