From a2e734fb5935e5f0d1763b806a89510544989740 Mon Sep 17 00:00:00 2001
From: huangyanfeng <huangyanfeng1992@gmail.com>
Date: Thu, 26 Oct 2023 14:31:28 +0800
Subject: [PATCH] set MinVersion to VersionTLS13 for tlsconfig in
 karmada-apiserver and karmada-aggregated-apiserver

Signed-off-by: huangyanfeng <huangyanfeng1992@gmail.com>
---
 pkg/karmadactl/cmdinit/kubernetes/deployments.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/karmadactl/cmdinit/kubernetes/deployments.go b/pkg/karmadactl/cmdinit/kubernetes/deployments.go
index 7e54a51ff..06b59af43 100644
--- a/pkg/karmadactl/cmdinit/kubernetes/deployments.go
+++ b/pkg/karmadactl/cmdinit/kubernetes/deployments.go
@@ -94,6 +94,7 @@ func (i *CommandInitOption) karmadaAPIServerContainerCommand() []string {
 		"--requestheader-username-headers=X-Remote-User",
 		fmt.Sprintf("--tls-cert-file=%s/%s.crt", karmadaCertsVolumeMountPath, options.ApiserverCertAndKeyName),
 		fmt.Sprintf("--tls-private-key-file=%s/%s.key", karmadaCertsVolumeMountPath, options.ApiserverCertAndKeyName),
+		"--tls-min-version=VersionTLS13",
 	}
 	if i.ExternalEtcdKeyPrefix != "" {
 		command = append(command, fmt.Sprintf("--etcd-prefix=%s", i.ExternalEtcdKeyPrefix))
@@ -798,6 +799,7 @@ func (i *CommandInitOption) makeKarmadaAggregatedAPIServerDeployment() *appsv1.D
 		fmt.Sprintf("--etcd-keyfile=%s/%s.key", karmadaCertsVolumeMountPath, options.EtcdClientCertAndKeyName),
 		fmt.Sprintf("--tls-cert-file=%s/%s.crt", karmadaCertsVolumeMountPath, options.KarmadaCertAndKeyName),
 		fmt.Sprintf("--tls-private-key-file=%s/%s.key", karmadaCertsVolumeMountPath, options.KarmadaCertAndKeyName),
+		"--tls-min-version=VersionTLS13",
 		"--audit-log-path=-",
 		"--feature-gates=APIPriorityAndFairness=false",
 		"--audit-log-maxage=0",