mirror of
https://github.com/traefik/traefik.git
synced 2025-08-07 15:17:09 +02:00
add min and max version to tranport in k8s provider and validate if empty
This commit is contained in:
NEwa-05
NEwa
parent
0cf5c8716c
commit
337171ad1d
@ -422,6 +422,26 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if serversTransport.Spec.MinVersion != "" {
|
||||||
|
if _, exists := tls.MinVersion[serversTransport.Spec.MinVersion]; exists {
|
||||||
|
sTransport.MinVersion = serversTransport.Spec.MinVersion
|
||||||
|
} else {
|
||||||
|
// Min TLS version does not exist
|
||||||
|
logger.Error().Msgf("invalid TLS minimal version: %s", serversTransport.Spec.MinVersion)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if serversTransport.Spec.MaxVersion != "" {
|
||||||
|
if _, exists := tls.MaxVersion[serversTransport.Spec.MaxVersion]; exists {
|
||||||
|
sTransport.MaxVersion = serversTransport.Spec.MaxVersion
|
||||||
|
} else {
|
||||||
|
// Min TLS version does not exist
|
||||||
|
logger.Error().Msgf("invalid TLS maximal version: %s", serversTransport.Spec.MaxVersion)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
forwardingTimeout := &dynamic.ForwardingTimeouts{}
|
forwardingTimeout := &dynamic.ForwardingTimeouts{}
|
||||||
forwardingTimeout.SetDefaults()
|
forwardingTimeout.SetDefaults()
|
||||||
|
|
||||||
@ -468,9 +488,9 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
|
|||||||
InsecureSkipVerify: serversTransport.Spec.InsecureSkipVerify,
|
InsecureSkipVerify: serversTransport.Spec.InsecureSkipVerify,
|
||||||
RootCAs: rootCAs,
|
RootCAs: rootCAs,
|
||||||
Certificates: certs,
|
Certificates: certs,
|
||||||
CipherSuites: serversTransport.Spec.CipherSuites,
|
CipherSuites: sTransport.CipherSuites,
|
||||||
MinVersion: serversTransport.Spec.MinVersion,
|
MinVersion: sTransport.MinVersion,
|
||||||
MaxVersion: serversTransport.Spec.MaxVersion,
|
MaxVersion: sTransport.MaxVersion,
|
||||||
DisableHTTP2: serversTransport.Spec.DisableHTTP2,
|
DisableHTTP2: serversTransport.Spec.DisableHTTP2,
|
||||||
MaxIdleConnsPerHost: serversTransport.Spec.MaxIdleConnsPerHost,
|
MaxIdleConnsPerHost: serversTransport.Spec.MaxIdleConnsPerHost,
|
||||||
ForwardingTimeouts: forwardingTimeout,
|
ForwardingTimeouts: forwardingTimeout,
|
||||||
|
|||||||
@ -187,16 +187,26 @@ func (t *TransportManager) createTLSConfig(cfg *dynamic.ServersTransport) (*tls.
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the minimum TLS version if set in the config
|
// Set the min TLS version if set in the config
|
||||||
var minVer uint16
|
var minVer uint16
|
||||||
if minConst, exists := traefiktls.MinVersion[cfg.MinVersion]; exists {
|
if cfg.MinVersion != "" {
|
||||||
minVer = minConst
|
if minConst, exists := traefiktls.MinVersion[cfg.MinVersion]; exists {
|
||||||
|
minVer = minConst
|
||||||
|
} else {
|
||||||
|
// Min TLS version does not exist
|
||||||
|
return nil, fmt.Errorf("invalid TLS minimal version: %v", minVer)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the minimum TLS version if set in the config
|
// Set the min TLS version if set in the config
|
||||||
var maxVer uint16
|
var maxVer uint16
|
||||||
if maxConst, exists := traefiktls.MaxVersion[cfg.MaxVersion]; exists {
|
if cfg.MinVersion != "" {
|
||||||
maxVer = maxConst
|
if maxConst, exists := traefiktls.MaxVersion[cfg.MaxVersion]; exists {
|
||||||
|
maxVer = maxConst
|
||||||
|
} else {
|
||||||
|
// Max TLS version does not exist
|
||||||
|
return nil, fmt.Errorf("invalid TLS maximal version: %v", maxVer)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
config = &tls.Config{
|
config = &tls.Config{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user