From 08f459ac8146df5955582045d662c3c7b0ae97f0 Mon Sep 17 00:00:00 2001 From: Vivek Koppuru Date: Wed, 1 Dec 2021 15:51:57 -0800 Subject: [PATCH 1/4] Add support for cipher-suites --- apis/config.go | 4 ++++ cmd/init.go | 1 + cmd/join.go | 1 + constants/constants.go | 2 ++ service/diff.go | 3 ++- service/unit.go | 4 +++- 6 files changed, 13 insertions(+), 2 deletions(-) diff --git a/apis/config.go b/apis/config.go index 67c1f203..149b55fb 100644 --- a/apis/config.go +++ b/apis/config.go @@ -110,6 +110,10 @@ type EtcdAdmConfig struct { // This is a bool, but we use a string because the default value changes across versions. EnableV2 string Endpoint string + + // CipherSuites is a list of supported TLS cipher suites, mapping to the --cipher-suites flag. + // Default is empty, which means that they will be auto-populated by Go. + CipherSuites []string } // InitSystem represents the different types of init system diff --git a/cmd/init.go b/cmd/init.go index cb52ae19..819bab37 100644 --- a/cmd/init.go +++ b/cmd/init.go @@ -52,6 +52,7 @@ func init() { initCmd.PersistentFlags().StringVar(&etcdAdmConfig.ImageRepository, "image-repository", constants.DefaultImageRepository, "image repository when using kubelet init system") initCmd.PersistentFlags().StringVar(&etcdAdmConfig.DataDir, "data-dir", constants.DefaultDataDir, "etcd data directory") initCmd.PersistentFlags().StringVar(&etcdAdmConfig.PodSpecDir, "kubelet-pod-manifest-path", constants.DefaultPodSpecDir, "kubelet podspec directory") + initCmd.PersistentFlags().StringSliceVar(&etcdAdmConfig.CipherSuites, "cipher-suites", etcdAdmConfig.CipherSuites, "optional list of supported TLS cipher suites between server/client and peers, can be multiple comma separated TLS cipher suites") runner.registerPhasesAsSubcommands(initCmd) } diff --git a/cmd/join.go b/cmd/join.go index 8f2f700c..4ee97a03 100644 --- a/cmd/join.go +++ b/cmd/join.go @@ -50,6 +50,7 @@ func init() { joinCmd.PersistentFlags().StringVar(&etcdAdmConfig.ImageRepository, "image-repository", constants.DefaultImageRepository, "image repository when using kubelet init system") joinCmd.PersistentFlags().StringVar(&etcdAdmConfig.DataDir, "data-dir", constants.DefaultDataDir, "etcd data directory") joinCmd.PersistentFlags().StringVar(&etcdAdmConfig.PodSpecDir, "kubelet-pod-manifest-path", constants.DefaultPodSpecDir, "kubelet podspec directory") + joinCmd.PersistentFlags().StringSliceVar(&etcdAdmConfig.CipherSuites, "cipher-suites", etcdAdmConfig.CipherSuites, "optional list of supported TLS cipher suites between server/client and peers, can be multiple comma separated TLS cipher suites") runner.registerPhasesAsSubcommands(joinCmd) } diff --git a/constants/constants.go b/constants/constants.go index 6f3ec911..e5e421ac 100644 --- a/constants/constants.go +++ b/constants/constants.go @@ -126,6 +126,8 @@ ETCD_CERT_FILE={{ .CertFile }} ETCD_KEY_FILE={{ .KeyFile }} ETCD_TRUSTED_CA_FILE={{ .TrustedCAFile }} +ETCD_CIPHER_SUITES={{ StringsJoin .CipherSuites "," }} + # Other ETCD_DATA_DIR={{ .DataDir }} ETCD_STRICT_RECONFIG_CHECK=true diff --git a/service/diff.go b/service/diff.go index ed1b4e88..f8fea4d3 100644 --- a/service/diff.go +++ b/service/diff.go @@ -98,7 +98,8 @@ func DiffVersion(cfg *apis.EtcdAdmConfig) (string, error) { } func desiredEnvironment(cfg *apis.EtcdAdmConfig) (map[string]string, error) { - t := template.Must(template.New("environment").Parse(constants.EnvFileTemplate)) + t := template.Must(template.New("environment").Funcs(template.FuncMap{"StringsJoin": strings.Join}). + Parse(constants.EnvFileTemplate)) var b bytes.Buffer t.Execute(&b, cfg) return makeEnvironment(&b) diff --git a/service/unit.go b/service/unit.go index f06e73b6..8beaaadd 100644 --- a/service/unit.go +++ b/service/unit.go @@ -22,6 +22,7 @@ import ( "html/template" "os" "path/filepath" + "strings" "sigs.k8s.io/etcdadm/apis" "sigs.k8s.io/etcdadm/constants" @@ -54,7 +55,8 @@ func WriteEnvironmentFile(cfg *apis.EtcdAdmConfig) error { // BuildEnvironment returns the environment variables corresponding to the desired configuration func BuildEnvironment(cfg *apis.EtcdAdmConfig) ([]byte, error) { - t := template.Must(template.New("environment").Parse(constants.EnvFileTemplate)) + t := template.Must(template.New("environment").Funcs(template.FuncMap{"StringsJoin": strings.Join}). + Parse(constants.EnvFileTemplate)) var b bytes.Buffer -- 2.39.2