add insecure-no-tls flag (#281)
* support enable tls flag * modify tls enable control flag Co-authored-by: Nikolay Edigaryev <edigaryev@gmail.com> * Optimize message print * Avoid unrelated changes to the bootstrap message * Consistent command-line argument order * Extra spacing * No need to shadow controllerCert --------- Co-authored-by: Nikolay Edigaryev <edigaryev@gmail.com>
This commit is contained in:
gsakun
GitHub
parent
39243978ed
commit
705bf8bd83
|
|
@ -84,14 +84,19 @@ func Bootstrap(controllerInstance *controller.Controller, controllerCert tls.Cer
|
|||
serviceAccountTokenToDisplay = orchardBootstrapAdminToken
|
||||
}
|
||||
|
||||
pterm.Info.Print(
|
||||
messages := []any{
|
||||
pterm.Sprintf("%s:\n", reasonToDisplay),
|
||||
pterm.Sprintln(),
|
||||
pterm.Sprintf("Service account name: %s\n", pterm.Bold.Sprint(BootstrapAdminName)),
|
||||
pterm.Sprintf("Service account token: %s\n", pterm.Bold.Sprint(serviceAccountTokenToDisplay)),
|
||||
pterm.Sprintf("Certificate SHA-256 fingerprint: %s.\n",
|
||||
pterm.Bold.Sprint(certificatefingerprint.CertificateFingerprint(controllerCert.Certificate[0]))),
|
||||
)
|
||||
}
|
||||
|
||||
if !noTLS {
|
||||
messages = append(messages, pterm.Sprintf("Certificate SHA-256 fingerprint: %s.\n",
|
||||
pterm.Bold.Sprint(certificatefingerprint.CertificateFingerprint(controllerCert.Certificate[0]))))
|
||||
}
|
||||
|
||||
pterm.Info.Print(messages...)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ var ErrRunFailed = errors.New("failed to run controller")
|
|||
var address string
|
||||
var addressSSH string
|
||||
var debug bool
|
||||
var noTLS bool
|
||||
var sshNoClientAuth bool
|
||||
var experimentalRPCV2 bool
|
||||
var noExperimentalRPCV2 bool
|
||||
|
|
@ -50,6 +51,8 @@ func newRunCommand() *cobra.Command {
|
|||
" (requires --controller-cert)")
|
||||
cmd.PersistentFlags().StringVar(&sshHostKeyPath, "ssh-host-key", "",
|
||||
"use the SSH private host key from the specified path instead of the auto-generated one")
|
||||
cmd.PersistentFlags().BoolVar(&noTLS, "insecure-no-tls", false,
|
||||
"disable TLS, making all connections to the controller unencrypted")
|
||||
cmd.PersistentFlags().BoolVar(&sshNoClientAuth, "insecure-ssh-no-client-auth", false,
|
||||
"allow SSH clients to connect to the controller's SSH server without authentication, "+
|
||||
"thus only authenticating on the target worker/VM's SSH server")
|
||||
|
|
@ -93,16 +96,21 @@ func runController(cmd *cobra.Command, args []string) (err error) {
|
|||
return err
|
||||
}
|
||||
|
||||
controllerCert, err := FindControllerCertificate(dataDir)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
controllerOpts := []controller.Option{
|
||||
controller.WithListenAddr(address),
|
||||
controller.WithDataDir(dataDir),
|
||||
controller.WithLogger(logger),
|
||||
controller.WithTLSConfig(&tls.Config{
|
||||
}
|
||||
|
||||
var controllerCert tls.Certificate
|
||||
|
||||
if !noTLS {
|
||||
controllerCert, err = FindControllerCertificate(dataDir)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
controllerOpts = append(controllerOpts, controller.WithTLSConfig(&tls.Config{
|
||||
MinVersion: tls.VersionTLS12,
|
||||
Certificates: []tls.Certificate{
|
||||
controllerCert,
|
||||
|
|
@ -111,7 +119,7 @@ func runController(cmd *cobra.Command, args []string) (err error) {
|
|||
//
|
||||
// See https://github.com/grpc/grpc-go/issues/7922 for more details.
|
||||
NextProtos: []string{"http/1.1", "h2"},
|
||||
}),
|
||||
}))
|
||||
}
|
||||
|
||||
if addressSSH != "" {
|
||||
|
|
|
|||
Loading…
Reference in New Issue