Skip to content

feat: use knative.dev/pkg/tls for activator TLS configuration#16424

Open
Fedosin wants to merge 1 commit intoknative:mainfrom
Fedosin:activator-tls
Open

feat: use knative.dev/pkg/tls for activator TLS configuration#16424
Fedosin wants to merge 1 commit intoknative:mainfrom
Fedosin:activator-tls

Conversation

@Fedosin
Copy link
Contributor

@Fedosin Fedosin commented Mar 3, 2026

Proposed Changes

Replace the hardcoded tls.VersionTLS13 in the activator's HTTPS server with the shared knative.dev/pkg/tls package, allowing TLS settings to be configured via ACTIVATOR_TLS_MIN_VERSION, ACTIVATOR_TLS_MAX_VERSION, ACTIVATOR_TLS_CIPHER_SUITES, and ACTIVATOR_TLS_CURVE_PREFERENCES environment variables. The default remains TLS 1.3 when no env var is set.

knative/pkg patch: knative/pkg#3324

Release Note

The activator now reads TLS settings from environment variables (ACTIVATOR_TLS_MIN_VERSION, ACTIVATOR_TLS_MAX_VERSION, ACTIVATOR_TLS_CIPHER_SUITES, ACTIVATOR_TLS_CURVE_PREFERENCES) via the shared knative.dev/pkg/tls package instead of hardcoding TLS 1.3.

@knative-prow knative-prow bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Mar 3, 2026
@knative-prow knative-prow bot requested review from dsimansk and skonto March 3, 2026 10:07
@knative-prow knative-prow bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 3, 2026
@linkvt
Copy link
Contributor

linkvt commented Mar 3, 2026

Looks good!

/lgtm

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 3, 2026
@codecov
Copy link

codecov bot commented Mar 3, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.27%. Comparing base (42495d4) to head (658eb45).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #16424      +/-   ##
==========================================
+ Coverage   80.21%   80.27%   +0.05%     
==========================================
  Files         217      217              
  Lines       13511    13511              
==========================================
+ Hits        10838    10846       +8     
+ Misses       2307     2301       -6     
+ Partials      366      364       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@knative-prow knative-prow bot removed the lgtm Indicates that a PR is ready to be merged. label Mar 3, 2026
linkvt
linkvt reviewed Mar 3, 2026
View reviewed changes
twoGiants
twoGiants reviewed Mar 3, 2026
View reviewed changes
twoGiants
twoGiants reviewed Mar 3, 2026
View reviewed changes
twoGiants
twoGiants approved these changes Mar 3, 2026
View reviewed changes
Copy link

@twoGiants twoGiants left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

Left a few comments, but nothing major and probably can be merged anyway. Wdys?

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 3, 2026
@twoGiants
Copy link

twoGiants commented Mar 3, 2026

/hold for the comment review

Unhold when you want to merge @Fedosin

@knative-prow knative-prow bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 3, 2026
@knative-prow knative-prow bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 3, 2026
twoGiants
twoGiants approved these changes Mar 3, 2026
View reviewed changes
Copy link

@twoGiants twoGiants left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 3, 2026
@twoGiants
Copy link

twoGiants commented Mar 3, 2026

/unhold

@knative-prow knative-prow bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 3, 2026
@twoGiants twoGiants mentioned this pull request Mar 4, 2026
Open
@Fedosin
Copy link
Contributor Author

Fedosin commented Mar 4, 2026

/hold

@knative-prow knative-prow bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 4, 2026
@knative-prow knative-prow bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 4, 2026
@knative-prow knative-prow bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 5, 2026
@Fedosin
Copy link
Contributor Author

Fedosin commented Mar 5, 2026

/hold cancel

@knative-prow knative-prow bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 5, 2026
linkvt
linkvt reviewed Mar 5, 2026
View reviewed changes
@Fedosin
feat: use knative.dev/pkg/tls for activator TLS configuration
658eb45 
Replace the hardcoded tls.VersionTLS13 in the activator's HTTPS server
with the shared knative.dev/pkg/tls package, allowing TLS settings to be
configured via ACTIVATOR_TLS_MIN_VERSION, ACTIVATOR_TLS_MAX_VERSION,
ACTIVATOR_TLS_CIPHER_SUITES, and ACTIVATOR_TLS_CURVE_PREFERENCES
environment variables. The default remains TLS 1.3 when no env var is set.

Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com>
@knative-prow knative-prow bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 5, 2026
@linkvt
Copy link
Contributor

linkvt commented Mar 5, 2026

/lgtm

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 5, 2026
twoGiants
twoGiants approved these changes Mar 5, 2026
View reviewed changes
Copy link

@twoGiants twoGiants left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@knative-prow
Copy link

knative-prow bot commented Mar 5, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Fedosin, twoGiants
Once this PR has been reviewed and has the lgtm label, please assign dprotaso for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@linkvt
Copy link
Contributor

linkvt commented Mar 5, 2026

/retest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dsimansk dsimansk Awaiting requested review from dsimansk

@skonto skonto Awaiting requested review from skonto

2 more reviewers

@linkvt linkvt linkvt left review comments

@twoGiants twoGiants twoGiants approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@twoGiants twoGiants

@linkvt linkvt

Labels

lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Fedosin @linkvt @twoGiants