Task Summary

SSH into cka000048b

Update the nginx-config ConfigMap in the nginx-static namespace to allow TLSv1.2

Ensure the nginx-static Deployment picks up the new config

Verify the change using the provided curl command

Step-by-Step Instructions

Step 1: SSH into the correct host

ssh cka000048b

Step 2: Get the ConfigMap

kubectl get configmap nginx-config -n nginx-static -o yaml > nginx-config.yaml

Open the file for editing:

nano nginx-config.yaml

Look for the TLS configuration in the data field. You are likely to find something like:

ssl_protocols TLSv1.3;

Modify it to include TLSv1.2 as well:

ssl_protocols TLSv1.2 TLSv1.3;

Save and exit the file.

Now update the ConfigMap:

kubectl apply -f nginx-config.yaml

Step 3: Restart the NGINX pods to pick up the new ConfigMap

Pods will not reload a ConfigMap automatically unless it's mounted in a way that supports dynamic reload and the app is watching for it (NGINX typically doesn't by default).

The safest way is to restart the pods:

Option 1: Roll the deployment

kubectl rollout restart deployment nginx-static -n nginx-static

Option 2: Delete pods to force recreation

kubectl delete pod -n nginx-static -l app=nginx-static

Step 4: Verify using curl

Use the provided curl command to confirm that TLS 1.2 is accepted:

curl --tls-max 1.2 https://web.k8s.local

A successful response means the TLS configuration is correct.

Final Command Summary

ssh cka000048b

kubectl get configmap nginx-config -n nginx-static -o yaml > nginx-config.yaml

nano nginx-config.yaml # Modify to include 'ssl_protocols TLSv1.2 TLSv1.3;'

kubectl apply -f nginx-config.yaml

kubectl rollout restart deployment nginx-static -n nginx-static

# or

kubectl delete pod -n nginx-static -l app=nginx-static

curl --tls-max 1.2 https://web.k8s.local