Move tls package to network/tls, keep aliases for backward compatibility#3331
Merged
Conversation
knative-prow
Bot
added
the
kind/api-change
knative-prow
Bot
added
the
size/L
The TLS configuration package is moved from tls/ to network/tls/ to co-locate it with the rest of the networking code. The old tls/ package now re-exports all public symbols as deprecated aliases so that existing consumers continue to compile without changes. The webhook package is updated to import from the new location directly. Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com>
Contributor
Author
|
Related request: #3324 (comment) |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3331 +/- ##
==========================================
- Coverage 74.86% 74.84% -0.03%
==========================================
Files 189 189
Lines 8287 8287
==========================================
- Hits 6204 6202 -2
- Misses 1843 1844 +1
- Partials 240 241 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
|
/cc @dprotaso Hi Dave! Can you take a look? Thank you! Mike moved the implementation as you requested. |
Contributor
Author
|
We have to keep deprecated aliases in |
Member
|
/lgtm |
Member
|
/lgtm Once we move over to the new usage can we delete the old package? |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dprotaso, Fedosin The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
knative-prow
Bot
added
the
approved
Fedosin
added a commit
to Fedosin/knative-pkg
that referenced
this pull request
Mar 18, 2026
…ity (knative#3331) The TLS configuration package is moved from tls/ to network/tls/ to co-locate it with the rest of the networking code. The old tls/ package now re-exports all public symbols as deprecated aliases so that existing consumers continue to compile without changes. The webhook package is updated to import from the new location directly. Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com>
knative-prow Bot
pushed a commit
that referenced
this pull request
Mar 19, 2026
* feat: add shared tls package for reading TLS config from environment (#3324) * feat: add shared tls package for reading TLS config from environment Extract TLS configuration parsing into a reusable knative.dev/pkg/tls package so that any Knative component (not just webhooks) can read TLS_MIN_VERSION, TLS_MAX_VERSION, TLS_CIPHER_SUITES, and TLS_CURVE_PREFERENCES from environment variables with an optional prefix. The webhook package is updated to use the new tls package, extending env var support from just WEBHOOK_TLS_MIN_VERSION to all four WEBHOOK_TLS_* variables. Programmatic Options values continue to take precedence over environment variables. Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com> * fix: address review feedback on tls package Reduce the public API surface of the tls package by unexporting ParseVersion, ParseCipherSuites, and ParseCurvePreferences since they are implementation details of NewConfigFromEnv. Also validate that TLS max version is not smaller than min version in webhook.New(), document the Options TLS field precedence (programmatic > env vars > defaults), and broaden TestConfig_TLSConfig to exercise the full NewConfigFromEnv → TLSConfig path. Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com> --------- Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com> * Replace NewConfigFromEnv with DefaultConfigFromEnv (#3328) DefaultConfigFromEnv replaces NewConfigFromEnv by returning a full default tls.Config with overrides from env vars. This avoids specifying e.g. the TLS MinVersion explicitely. * Move tls package to network/tls, keep aliases for backward compatibility (#3331) The TLS configuration package is moved from tls/ to network/tls/ to co-locate it with the rest of the networking code. The old tls/ package now re-exports all public symbols as deprecated aliases so that existing consumers continue to compile without changes. The webhook package is updated to import from the new location directly. Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com> * remove deprecated TLS package (#3333) --------- Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com> Co-authored-by: Vincent Link <linkvt@users.noreply.github.com> Co-authored-by: Dave Protasowski <dprotaso@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
The TLS configuration package is moved from
tls/ tonetwork/tls/to co-locate it with the rest of the networking code. The oldtls/package now re-exports all public symbols as deprecated aliases so that existing consumers continue to compile without changes. The webhook package is updated to import from the new location directly./kind api-change
Fixes #
Release Note
Docs