Possible cipher suites values and tls versions in help for apiserver and kubelet
Kubernetes-commit: 3dfa22e3fd8c650789176b9f4a8e46ab43ef5ebf
This commit is contained in:
Victor Garcia
Kubernetes Publisher
parent
81d24bb50b
commit
37be5e4c9f
|
|
@ -22,6 +22,7 @@ import (
|
|||
"net"
|
||||
"path"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/spf13/pflag"
|
||||
|
|
@ -134,14 +135,16 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) {
|
|||
fs.StringVar(&s.ServerCert.CertKey.KeyFile, "tls-private-key-file", s.ServerCert.CertKey.KeyFile,
|
||||
"File containing the default x509 private key matching --tls-cert-file.")
|
||||
|
||||
tlsCipherPossibleValues := utilflag.TLSCipherPossibleValues()
|
||||
fs.StringSliceVar(&s.CipherSuites, "tls-cipher-suites", s.CipherSuites,
|
||||
"Comma-separated list of cipher suites for the server. "+
|
||||
"Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). "+
|
||||
"If omitted, the default Go cipher suites will be used")
|
||||
"If omitted, the default Go cipher suites will be use. "+
|
||||
"Possible values: "+strings.Join(tlsCipherPossibleValues, ","))
|
||||
|
||||
tlsPossibleVersions := utilflag.TLSPossibleVersions()
|
||||
fs.StringVar(&s.MinTLSVersion, "tls-min-version", s.MinTLSVersion,
|
||||
"Minimum TLS version supported. "+
|
||||
"Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants.")
|
||||
"Possible values: "+strings.Join(tlsPossibleVersions, ", "))
|
||||
|
||||
fs.Var(utilflag.NewNamedCertKeyArray(&s.SNICertKeys), "tls-sni-cert-key", ""+
|
||||
"A pair of x509 certificate and private key file paths, optionally suffixed with a list of "+
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ package flag
|
|||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
)
|
||||
|
||||
// ciphers maps strings into tls package cipher constants in
|
||||
|
|
@ -48,6 +50,14 @@ var ciphers = map[string]uint16{
|
|||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
||||
}
|
||||
|
||||
func TLSCipherPossibleValues() []string {
|
||||
cipherKeys := sets.NewString()
|
||||
for key := range ciphers {
|
||||
cipherKeys.Insert(key)
|
||||
}
|
||||
return cipherKeys.List()
|
||||
}
|
||||
|
||||
func TLSCipherSuites(cipherNames []string) ([]uint16, error) {
|
||||
if len(cipherNames) == 0 {
|
||||
return nil, nil
|
||||
|
|
@ -69,6 +79,14 @@ var versions = map[string]uint16{
|
|||
"VersionTLS12": tls.VersionTLS12,
|
||||
}
|
||||
|
||||
func TLSPossibleVersions() []string {
|
||||
versionsKeys := sets.NewString()
|
||||
for key := range versions {
|
||||
versionsKeys.Insert(key)
|
||||
}
|
||||
return versionsKeys.List()
|
||||
}
|
||||
|
||||
func TLSVersion(versionName string) (uint16, error) {
|
||||
if len(versionName) == 0 {
|
||||
return DefaultTLSVersion(), nil
|
||||
|
|
|
|||
Loading…
Reference in New Issue