add min and max version to tranport in k8s provider and validate if empty

This commit is contained in:
NEwa-05 2025-07-31 18:07:47 +02:00 committed by NEwa
parent 0cf5c8716c
commit 337171ad1d
2 changed files with 39 additions and 9 deletions

View File

@ -422,6 +422,26 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
}
}
if serversTransport.Spec.MinVersion != "" {
if _, exists := tls.MinVersion[serversTransport.Spec.MinVersion]; exists {
sTransport.MinVersion = serversTransport.Spec.MinVersion
} else {
// Min TLS version does not exist
logger.Error().Msgf("invalid TLS minimal version: %s", serversTransport.Spec.MinVersion)
continue
}
}
if serversTransport.Spec.MaxVersion != "" {
if _, exists := tls.MaxVersion[serversTransport.Spec.MaxVersion]; exists {
sTransport.MaxVersion = serversTransport.Spec.MaxVersion
} else {
// Min TLS version does not exist
logger.Error().Msgf("invalid TLS maximal version: %s", serversTransport.Spec.MaxVersion)
continue
}
}
forwardingTimeout := &dynamic.ForwardingTimeouts{}
forwardingTimeout.SetDefaults()
@ -468,9 +488,9 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
InsecureSkipVerify: serversTransport.Spec.InsecureSkipVerify,
RootCAs: rootCAs,
Certificates: certs,
CipherSuites: serversTransport.Spec.CipherSuites,
MinVersion: serversTransport.Spec.MinVersion,
MaxVersion: serversTransport.Spec.MaxVersion,
CipherSuites: sTransport.CipherSuites,
MinVersion: sTransport.MinVersion,
MaxVersion: sTransport.MaxVersion,
DisableHTTP2: serversTransport.Spec.DisableHTTP2,
MaxIdleConnsPerHost: serversTransport.Spec.MaxIdleConnsPerHost,
ForwardingTimeouts: forwardingTimeout,

View File

@ -187,16 +187,26 @@ func (t *TransportManager) createTLSConfig(cfg *dynamic.ServersTransport) (*tls.
}
}
// Set the minimum TLS version if set in the config
// Set the min TLS version if set in the config
var minVer uint16
if minConst, exists := traefiktls.MinVersion[cfg.MinVersion]; exists {
minVer = minConst
if cfg.MinVersion != "" {
if minConst, exists := traefiktls.MinVersion[cfg.MinVersion]; exists {
minVer = minConst
} else {
// Min TLS version does not exist
return nil, fmt.Errorf("invalid TLS minimal version: %v", minVer)
}
}
// Set the minimum TLS version if set in the config
// Set the min TLS version if set in the config
var maxVer uint16
if maxConst, exists := traefiktls.MaxVersion[cfg.MaxVersion]; exists {
maxVer = maxConst
if cfg.MinVersion != "" {
if maxConst, exists := traefiktls.MaxVersion[cfg.MaxVersion]; exists {
maxVer = maxConst
} else {
// Max TLS version does not exist
return nil, fmt.Errorf("invalid TLS maximal version: %v", maxVer)
}
}
config = &tls.Config{