Merge pull request #58528 from deads2k/kubelet-02-mincipher

Automatic merge from submit-queue (batch tested with PRs 58547, 57228, 58528, 58499, 58618). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add TLS min version flag

Adds a flag for controlling the minimum TLS level allowed.

/assign liggitt

@kubernetes/sig-node-pr-reviews @k8s-mirror-api-machinery-pr-reviews

```release-note
--tls-min-version on kubelet and kube-apiserver allow for configuring minimum TLS versions
```

Kubernetes-commit: 3550551b9f68641f55fc16b6d31eb27ac39b1914

Godeps/Godeps.json

@@ -852,351 +852,351 @@
 		},
 		{
 			"ImportPath": "k8s.io/api/admission/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1alpha1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta2",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v2alpha1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/certificates/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/core/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/events/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/extensions/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/networking/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/policy/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1alpha1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1alpha1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/settings/v1alpha1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1alpha1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "fbe336854453ac8e27bffe14e1964555245cbd05"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/equality",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/errors",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/meta",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/resource",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/testing",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/testing/fuzzer",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/testing/roundtrip",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/validation",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/validation/path",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apimachinery",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apimachinery/announced",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apimachinery/registered",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/validation",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1alpha1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/fields",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/labels",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/schema",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/selection",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/types",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/cache",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/clock",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/diff",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/errors",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/framer",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/intstr",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/json",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/net",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/proxy",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/rand",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/runtime",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/sets",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/uuid",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation/field",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/wait",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/waitgroup",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/yaml",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/version",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/watch",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+			"Rev": "2f1e02d3e57b8fb5206c5326bcb65217edc63a8e"
 		},
 		{
 			"ImportPath": "k8s.io/client-go/discovery",
@@ -1206,6 +1206,10 @@
 			"ImportPath": "k8s.io/client-go/discovery/fake",
 			"Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
 		},
+		{
+			"ImportPath": "k8s.io/client-go/informers",
+			"Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+		},
 		{
 			"ImportPath": "k8s.io/client-go/informers/admissionregistration",
 			"Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
@@ -1366,6 +1370,10 @@
 			"ImportPath": "k8s.io/client-go/kubernetes",
 			"Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
 		},
+		{
+			"ImportPath": "k8s.io/client-go/kubernetes/fake",
+			"Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+		},
 		{
 			"ImportPath": "k8s.io/client-go/kubernetes/scheme",
 			"Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
@@ -1714,6 +1722,10 @@
 			"ImportPath": "k8s.io/client-go/tools/cache",
 			"Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
 		},
+		{
+			"ImportPath": "k8s.io/client-go/tools/clientcmd",
+			"Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
+		},
 		{
 			"ImportPath": "k8s.io/client-go/tools/clientcmd/api",
 			"Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
@@ -1781,74 +1793,6 @@
 		{
 			"ImportPath": "k8s.io/kube-openapi/pkg/util/proto",
 			"Rev": "a07b7bbb58e7fdc5144f8d7046331d29fc9ad3b3"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/discovery",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/informers",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/kubernetes",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/kubernetes/fake",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/kubernetes/scheme",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/kubernetes/typed/authentication/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/kubernetes/typed/authorization/v1beta1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/kubernetes/typed/core/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/listers/core/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/rest",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/testing",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/tools/cache",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/tools/clientcmd",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/tools/clientcmd/api",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/tools/clientcmd/api/v1",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/util/cert",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
-    },
-    {
-      "ImportPath": "k8s.io/client-go/util/flowcontrol",
-      "Rev": "8a8517e82fc13125243513ecac9aaf98789ced90"
 		}
 	]
 }

pkg/server/options/serving.go

@@ -54,6 +54,9 @@ type SecureServingOptions struct {
 	// CipherSuites is the list of allowed cipher suites for the server.
 	// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
 	CipherSuites []string
+	// MinTLSVersion is the minimum TLS version supported.
+	// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
+	MinTLSVersion string
 }
 
 type CertKey struct {
@@ -142,6 +145,10 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) {
 			"Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). "+
 			"If omitted, the default Go cipher suites will be used")
 
+	fs.StringVar(&s.MinTLSVersion, "tls-min-version", s.MinTLSVersion,
+		"Minimum TLS version supported. "+
+			"Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants.")
+
 	fs.Var(utilflag.NewNamedCertKeyArray(&s.SNICertKeys), "tls-sni-cert-key", ""+
 		"A pair of x509 certificate and private key file paths, optionally suffixed with a list of "+
 		"domain patterns which are fully qualified domain names, possibly with prefixed wildcard "+
@@ -249,6 +256,12 @@ func (s *SecureServingOptions) applyServingInfoTo(c *server.Config) error {
 		secureServingInfo.CipherSuites = cipherSuites
 	}
 
+	var err error
+	secureServingInfo.MinTLSVersion, err = utilflag.TLSVersion(s.MinTLSVersion)
+	if err != nil {
+		return err
+	}
+
 	// load SNI certs
 	namedTLSCerts := make([]server.NamedTLSCert, 0, len(s.SNICertKeys))
 	for _, nck := range s.SNICertKeys {
@@ -261,7 +274,6 @@ func (s *SecureServingOptions) applyServingInfoTo(c *server.Config) error {
 			return fmt.Errorf("failed to load SNI cert and key: %v", err)
 		}
 	}
-	var err error
 	secureServingInfo.SNICerts, err = server.GetNamedCertificateMap(namedTLSCerts)
 	if err != nil {
 		return err

pkg/util/flag/ciphersuites_flag.go

@@ -62,3 +62,26 @@ func TLSCipherSuites(cipherNames []string) ([]uint16, error) {
 	}
 	return ciphersIntSlice, nil
 }
+
+var versions = map[string]uint16{
+	"VersionTLS10": tls.VersionTLS10,
+	"VersionTLS11": tls.VersionTLS11,
+	"VersionTLS12": tls.VersionTLS12,
+}
+
+func TLSVersion(versionName string) (uint16, error) {
+	if len(versionName) == 0 {
+		return DefaultTLSVersion(), nil
+	}
+	if version, ok := versions[versionName]; ok {
+		return version, nil
+	}
+	return 0, fmt.Errorf("unknown tls version %q", versionName)
+}
+
+func DefaultTLSVersion() uint16 {
+	// Can't use SSLv3 because of POODLE and BEAST
+	// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
+	// Can't use TLSv1.1 because of RC4 cipher usage
+	return tls.VersionTLS12
+}

pkg/util/flag/ciphersuites_flag_test.go

@@ -80,8 +80,12 @@ func TestConstantMaps(t *testing.T) {
 		fmt.Printf("error: %s\n", err.Error())
 		return
 	}
+	discoveredVersions := map[string]bool{}
 	discoveredCiphers := map[string]bool{}
 	for _, declName := range pkg.Scope().Names() {
+		if strings.HasPrefix(declName, "VersionTLS") {
+			discoveredVersions[declName] = true
+		}
 		if strings.HasPrefix(declName, "TLS_RSA_") || strings.HasPrefix(declName, "TLS_ECDHE_") {
 			discoveredCiphers[declName] = true
 		}
@@ -97,4 +101,14 @@ func TestConstantMaps(t *testing.T) {
 			t.Errorf("ciphers map has %s not in tls package", k)
 		}
 	}
+	for k := range discoveredVersions {
+		if _, ok := versions[k]; !ok {
+			t.Errorf("discovered version tls.%s not in version map", k)
+		}
+	}
+	for k := range versions {
+		if _, ok := discoveredVersions[k]; !ok {
+			t.Errorf("versions map has %s not in tls package", k)
+		}
+	}
 }