feat: kubesphere 4.0 (#6115)
* feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> * feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> --------- Signed-off-by: ci-bot <ci-bot@kubesphere.io> Co-authored-by: ks-ci-bot <ks-ci-bot@example.com> Co-authored-by: joyceliu <joyceliu@yunify.com>
This commit is contained in:
KubeSphere CI Bot
committed by
GitHub
GitHub
parent
b5015ec7b9
commit
447a51f08b
33
vendor/go.etcd.io/etcd/client/pkg/v3/transport/listener.go
generated
vendored
33
vendor/go.etcd.io/etcd/client/pkg/v3/transport/listener.go
generated
vendored
@@ -165,6 +165,14 @@ type TLSInfo struct {
|
||||
// Note that cipher suites are prioritized in the given order.
|
||||
CipherSuites []uint16
|
||||
|
||||
// MinVersion is the minimum TLS version that is acceptable.
|
||||
// If not set, the minimum version is TLS 1.2.
|
||||
MinVersion uint16
|
||||
|
||||
// MaxVersion is the maximum TLS version that is acceptable.
|
||||
// If not set, the default used by Go is selected (see tls.Config.MaxVersion).
|
||||
MaxVersion uint16
|
||||
|
||||
selfCert bool
|
||||
|
||||
// parseFunc exists to simplify testing. Typically, parseFunc
|
||||
@@ -339,8 +347,8 @@ func SelfCert(lg *zap.Logger, dirpath string, hosts []string, selfSignedCertVali
|
||||
// Previously,
|
||||
// 1. Server has non-empty (*tls.Config).Certificates on client hello
|
||||
// 2. Server calls (*tls.Config).GetCertificate iff:
|
||||
// - Server's (*tls.Config).Certificates is not empty, or
|
||||
// - Client supplies SNI; non-empty (*tls.ClientHelloInfo).ServerName
|
||||
// - Server's (*tls.Config).Certificates is not empty, or
|
||||
// - Client supplies SNI; non-empty (*tls.ClientHelloInfo).ServerName
|
||||
//
|
||||
// When (*tls.Config).Certificates is always populated on initial handshake,
|
||||
// client is expected to provide a valid matching SNI to pass the TLS
|
||||
@@ -378,8 +386,17 @@ func (info TLSInfo) baseConfig() (*tls.Config, error) {
|
||||
}
|
||||
}
|
||||
|
||||
var minVersion uint16
|
||||
if info.MinVersion != 0 {
|
||||
minVersion = info.MinVersion
|
||||
} else {
|
||||
// Default minimum version is TLS 1.2, previous versions are insecure and deprecated.
|
||||
minVersion = tls.VersionTLS12
|
||||
}
|
||||
|
||||
cfg := &tls.Config{
|
||||
MinVersion: tls.VersionTLS12,
|
||||
MinVersion: minVersion,
|
||||
MaxVersion: info.MaxVersion,
|
||||
ServerName: info.ServerName,
|
||||
}
|
||||
|
||||
@@ -510,11 +527,6 @@ func (info TLSInfo) ServerConfig() (*tls.Config, error) {
|
||||
// "h2" NextProtos is necessary for enabling HTTP2 for go's HTTP server
|
||||
cfg.NextProtos = []string{"h2"}
|
||||
|
||||
// go1.13 enables TLS 1.3 by default
|
||||
// and in TLS 1.3, cipher suites are not configurable
|
||||
// setting Max TLS version to TLS 1.2 for go 1.13
|
||||
cfg.MaxVersion = tls.VersionTLS12
|
||||
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
@@ -569,11 +581,6 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {
|
||||
}
|
||||
}
|
||||
|
||||
// go1.13 enables TLS 1.3 by default
|
||||
// and in TLS 1.3, cipher suites are not configurable
|
||||
// setting Max TLS version to TLS 1.2 for go 1.13
|
||||
cfg.MaxVersion = tls.VersionTLS12
|
||||
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
|
||||
4
vendor/go.etcd.io/etcd/client/pkg/v3/transport/sockopt.go
generated
vendored
4
vendor/go.etcd.io/etcd/client/pkg/v3/transport/sockopt.go
generated
vendored
@@ -21,12 +21,12 @@ type SocketOpts struct {
|
||||
// in which case lock on data file could result in unexpected
|
||||
// condition. User should take caution to protect against lock race.
|
||||
// [1] https://man7.org/linux/man-pages/man7/socket.7.html
|
||||
ReusePort bool
|
||||
ReusePort bool `json:"reuse-port"`
|
||||
// ReuseAddress enables a socket option SO_REUSEADDR which allows
|
||||
// binding to an address in `TIME_WAIT` state. Useful to improve MTTR
|
||||
// in cases where etcd slow to restart due to excessive `TIME_WAIT`.
|
||||
// [1] https://man7.org/linux/man-pages/man7/socket.7.html
|
||||
ReuseAddress bool
|
||||
ReuseAddress bool `json:"reuse-address"`
|
||||
}
|
||||
|
||||
func getControls(sopts *SocketOpts) Controls {
|
||||
|
||||
5
vendor/go.etcd.io/etcd/client/pkg/v3/transport/tls.go
generated
vendored
5
vendor/go.etcd.io/etcd/client/pkg/v3/transport/tls.go
generated
vendored
@@ -15,6 +15,7 @@
|
||||
package transport
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
@@ -27,6 +28,8 @@ func ValidateSecureEndpoints(tlsInfo TLSInfo, eps []string) ([]string, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer t.CloseIdleConnections()
|
||||
|
||||
var errs []string
|
||||
var endpoints []string
|
||||
for _, ep := range eps {
|
||||
@@ -34,7 +37,7 @@ func ValidateSecureEndpoints(tlsInfo TLSInfo, eps []string) ([]string, error) {
|
||||
errs = append(errs, fmt.Sprintf("%q is insecure", ep))
|
||||
continue
|
||||
}
|
||||
conn, cerr := t.Dial("tcp", ep[len("https://"):])
|
||||
conn, cerr := t.DialContext(context.Background(), "tcp", ep[len("https://"):])
|
||||
if cerr != nil {
|
||||
errs = append(errs, fmt.Sprintf("%q failed to dial (%v)", ep, cerr))
|
||||
continue
|
||||
|
||||
Reference in New Issue
Block a user