mirror of
https://github.com/traefik/traefik.git
synced 2025-08-06 22:57:14 +02:00
add min and max version to tranport in k8s provider and validate if empty
This commit is contained in:
parent
0cf5c8716c
commit
337171ad1d
@ -422,6 +422,26 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
|
||||
}
|
||||
}
|
||||
|
||||
if serversTransport.Spec.MinVersion != "" {
|
||||
if _, exists := tls.MinVersion[serversTransport.Spec.MinVersion]; exists {
|
||||
sTransport.MinVersion = serversTransport.Spec.MinVersion
|
||||
} else {
|
||||
// Min TLS version does not exist
|
||||
logger.Error().Msgf("invalid TLS minimal version: %s", serversTransport.Spec.MinVersion)
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
if serversTransport.Spec.MaxVersion != "" {
|
||||
if _, exists := tls.MaxVersion[serversTransport.Spec.MaxVersion]; exists {
|
||||
sTransport.MaxVersion = serversTransport.Spec.MaxVersion
|
||||
} else {
|
||||
// Min TLS version does not exist
|
||||
logger.Error().Msgf("invalid TLS maximal version: %s", serversTransport.Spec.MaxVersion)
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
forwardingTimeout := &dynamic.ForwardingTimeouts{}
|
||||
forwardingTimeout.SetDefaults()
|
||||
|
||||
@ -468,9 +488,9 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
|
||||
InsecureSkipVerify: serversTransport.Spec.InsecureSkipVerify,
|
||||
RootCAs: rootCAs,
|
||||
Certificates: certs,
|
||||
CipherSuites: serversTransport.Spec.CipherSuites,
|
||||
MinVersion: serversTransport.Spec.MinVersion,
|
||||
MaxVersion: serversTransport.Spec.MaxVersion,
|
||||
CipherSuites: sTransport.CipherSuites,
|
||||
MinVersion: sTransport.MinVersion,
|
||||
MaxVersion: sTransport.MaxVersion,
|
||||
DisableHTTP2: serversTransport.Spec.DisableHTTP2,
|
||||
MaxIdleConnsPerHost: serversTransport.Spec.MaxIdleConnsPerHost,
|
||||
ForwardingTimeouts: forwardingTimeout,
|
||||
|
@ -187,16 +187,26 @@ func (t *TransportManager) createTLSConfig(cfg *dynamic.ServersTransport) (*tls.
|
||||
}
|
||||
}
|
||||
|
||||
// Set the minimum TLS version if set in the config
|
||||
// Set the min TLS version if set in the config
|
||||
var minVer uint16
|
||||
if minConst, exists := traefiktls.MinVersion[cfg.MinVersion]; exists {
|
||||
minVer = minConst
|
||||
if cfg.MinVersion != "" {
|
||||
if minConst, exists := traefiktls.MinVersion[cfg.MinVersion]; exists {
|
||||
minVer = minConst
|
||||
} else {
|
||||
// Min TLS version does not exist
|
||||
return nil, fmt.Errorf("invalid TLS minimal version: %v", minVer)
|
||||
}
|
||||
}
|
||||
|
||||
// Set the minimum TLS version if set in the config
|
||||
// Set the min TLS version if set in the config
|
||||
var maxVer uint16
|
||||
if maxConst, exists := traefiktls.MaxVersion[cfg.MaxVersion]; exists {
|
||||
maxVer = maxConst
|
||||
if cfg.MinVersion != "" {
|
||||
if maxConst, exists := traefiktls.MaxVersion[cfg.MaxVersion]; exists {
|
||||
maxVer = maxConst
|
||||
} else {
|
||||
// Max TLS version does not exist
|
||||
return nil, fmt.Errorf("invalid TLS maximal version: %v", maxVer)
|
||||
}
|
||||
}
|
||||
|
||||
config = &tls.Config{
|
||||
|
Loading…
Reference in New Issue
Block a user