How does the skill handle changes to the cluster TLS profile?

It provides two implementation paths: Option A uses a controller-runtime watch to trigger operand restarts, and Option B enables dynamic configuration for servers supporting hot-reloads.

Can I configure specific ciphers for TLS 1.3?

No, in accordance with the Go runtime behavior and TLS 1.3 standards, cipher suites are automatically selected and not manually configurable for VersionTLS13.

Does this work with standard Kubernetes?

While the code specifically targets the OpenShift APIServer CR (config.openshift.io/v1), the logic for converting profile types to Go tls.Config is highly adaptable for any Kubernetes environment.

What TLS profile types does this skill support?

It supports all four OpenShift profiles: Old (TLS 1.0), Intermediate (TLS 1.2), Modern (TLS 1.3), and Custom user-defined configurations.

OpenShift TLS Security Configuration

Name: OpenShift TLS Security Configuration
Author: pavolloffay

bypavolloffay

0•

セキュリティとテスト

Implements and synchronizes cluster-wide TLS security profiles for OpenShift operators and secure workloads.

This skill provides comprehensive guidance and implementation patterns for enforcing OpenShift TLS security profiles within Kubernetes operators and microservices. It enables developers to automatically retrieve security configurations from the APIServer custom resource and apply them consistently across webhook servers, metrics endpoints, and gRPC clients. By supporting both controller-based watch patterns and dynamic configuration updates, it ensures that Go-based workloads remain compliant with cluster-wide security policies—ranging from Intermediate to Modern (TLS 1.3) standards—while simplifying the complexities of the Go crypto/tls library.

主な機能

01Standardized controller-runtime watch patterns for policy reconciliation

020 GitHub stars

03Dynamic TLS configuration updates via GetConfigForClient callbacks

04Automated retrieval of TLS profiles from OpenShift APIServer CR

05Consistent enforcement across metrics, webhooks, and gRPC endpoints

06Mapping of OpenShift security types to Go crypto/tls settings

ユースケース

01Transitioning legacy workloads to Modern TLS 1.3 security standards

02Hardening Kubernetes operators to meet enterprise OpenShift security requirements

03Synchronizing security policies across multi-component operator deployments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add pavolloffay/claude-plugins skills

For use in Claude.ai and ChatGPT