tls, flags, config: Set default version to TLS 1.3

ormergi · ormergi · commit fc281223fd88 · 2026-03-23T13:56:55.000+02:00
Set the TLS minimal version default value to 1.3.

Remove redundent the flag occurances in manifests.

Signed-off-by: Or Mergi &lt;ormergi@redhat.com&gt;
diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -158,12 +158,12 @@ func runKubemacpoolManager() {
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8443", "The address the metric endpoint binds to.")
 	flag.StringVar(&logType, "v", "production", "Log type (debug/production).")
 	flag.IntVar(&waitingTime, names.WAIT_TIME_ARG, 600, "waiting time to release the mac if object was not created")
-	flag.StringVar(&tlsMinVersion, "tls-min-version", "", "Minimum TLS version. "+
+	flag.StringVar(&tlsMinVersion, "tls-min-version", "VersionTLS13", "Minimum TLS version. "+
 		"Supported values are tls package constants names (e.g. VersionTLS13), please see "+
-		"https://pkg.go.dev/crypto/tls#pkg-constants")
-	flag.StringVar(&tlsCiphers, "tls-cipher-suites", "", "Comma-separated list of TLS cipher suite names."+
+		"https://pkg.go.dev/crypto/tls#pkg-constants.")
+	flag.StringVar(&tlsCiphers, "tls-cipher-suites", "", "Comma-separated list of TLS cipher suite names. "+
 		"Supported values are tls package constants names (e.g. TLS_AES_128_GCM_SHA256), please see "+
-		"https://pkg.go.dev/crypto/tls#pkg-constants"+
+		"https://pkg.go.dev/crypto/tls#pkg-constants. "+
 		"When 'min-tls-version' is 'VersionTLS13', cipher suites are selected by the runtime.")
 	flag.Parse()
 
diff --git a/config/default/manager/manager.yaml b/config/default/manager/manager.yaml
@@ -85,7 +85,6 @@ spec:
         args:
           - "--v=production"
           - "--wait-time=300"
-          - "--tls-min-version=VersionTLS13"
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
diff --git a/config/release/kubemacpool.yaml b/config/release/kubemacpool.yaml
@@ -275,7 +275,6 @@ spec:
       - args:
         - --v=production
         - --wait-time=300
-        - --tls-min-version=VersionTLS13
         command:
         - /manager
         env:
diff --git a/config/test/kubemacpool.yaml b/config/test/kubemacpool.yaml
@@ -276,7 +276,6 @@ spec:
       - args:
         - --v=debug
         - --wait-time=300
-        - --tls-min-version=VersionTLS13
         command:
         - /manager
         env:
