From f75377ce3bef8796ca5891854cc73895db2bc5eb Mon Sep 17 00:00:00 2001
From: Lan Liang <gcslyp@gmail.com>
Date: Fri, 29 Dec 2023 07:05:33 +0000
Subject: [PATCH] Migrate Deprecated TLSMinVersion to TLSOption for webhook.

Co-authored-by: RainbowMango <qdurenhongcai@gmail.com>
Signed-off-by: Lan Liang <gcslyp@gmail.com>
---
 cmd/webhook/app/webhook.go | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/cmd/webhook/app/webhook.go b/cmd/webhook/app/webhook.go
index e50ceeb3c..7ec1cdff9 100644
--- a/cmd/webhook/app/webhook.go
+++ b/cmd/webhook/app/webhook.go
@@ -18,6 +18,7 @@ package app
 
 import (
 	"context"
+	"crypto/tls"
 	"flag"
 	"fmt"
 	"net/http"
@@ -117,12 +118,28 @@ func Run(ctx context.Context, opts *options.Options) error {
 		Logger: klog.Background(),
 		Scheme: gclient.NewSchema(),
 		WebhookServer: webhook.NewServer(webhook.Options{
-			Host:          opts.BindAddress,
-			Port:          opts.SecurePort,
-			CertDir:       opts.CertDir,
-			CertName:      opts.CertName,
-			KeyName:       opts.KeyName,
-			TLSMinVersion: opts.TLSMinVersion,
+			Host:     opts.BindAddress,
+			Port:     opts.SecurePort,
+			CertDir:  opts.CertDir,
+			CertName: opts.CertName,
+			KeyName:  opts.KeyName,
+			TLSOpts: []func(*tls.Config){
+				func(config *tls.Config) {
+					// Just transform the valid options as opts.TLSMinVersion
+					// can only accept "1.0", "1.1", "1.2", "1.3" and has default
+					// value,
+					switch opts.TLSMinVersion {
+					case "1.0":
+						config.MinVersion = tls.VersionTLS10
+					case "1.1":
+						config.MinVersion = tls.VersionTLS11
+					case "1.2":
+						config.MinVersion = tls.VersionTLS12
+					case "1.3":
+						config.MinVersion = tls.VersionTLS13
+					}
+				},
+			},
 		}),
 		LeaderElection:         false,
 		MetricsBindAddress:     opts.MetricsBindAddress,