rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-26 02:18:34 +00:00
Code Issues Releases Wiki Activity

Merge pull request #3801 from thatmidwesterncoder/md5_fix_18

Browse Source 
[release/v1.8] use sha256 for checksumming when k8s version >= 1.31.6
This commit is contained in:
Jacob Lindgren 2025-04-02 13:38:12 -05:00 committed by GitHub
commit d63b52475d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 88 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
cluster/plan.go
View File

@ -3,9 +3,13 @@ package cluster
import ( import (
"context" "context"
"crypto/md5" "crypto/md5"
"crypto/sha256"
b64 "encoding/base64" b64 "encoding/base64"
"encoding/hex"
"encoding/json" "encoding/json"
"fmt" "fmt"
"hash"
"log"
"net" "net"
"path" "path"
"strconv" "strconv"
@ -216,7 +220,7 @@ func (c *Cluster) BuildKubeAPIProcess(host *hosts.Host, serviceOptions v3.Kubern
CommandArgs["authentication-token-webhook-cache-ttl"] = c.Authentication.Webhook.CacheTimeout CommandArgs["authentication-token-webhook-cache-ttl"] = c.Authentication.Webhook.CacheTimeout
} }
if len(c.CloudProvider.Name) > 0 { if len(c.CloudProvider.Name) > 0 {
Env = append(Env, fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile))) Env = append(Env, fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile, c.Version)))
} }
if c.EncryptionConfig.EncryptionProviderFile != "" { if c.EncryptionConfig.EncryptionProviderFile != "" {
CommandArgs[EncryptionProviderConfigArgument] = EncryptionProviderFilePath CommandArgs[EncryptionProviderConfigArgument] = EncryptionProviderFilePath
@ -293,7 +297,7 @@ func (c *Cluster) BuildKubeAPIProcess(host *hosts.Host, serviceOptions v3.Kubern
if err != nil { if err != nil {
logrus.Warnf("Error while marshalling admission configuration: %v", err) logrus.Warnf("Error while marshalling admission configuration: %v", err)
} }
Env = append(Env, fmt.Sprintf("%s=%s", AdmissionConfigSumEnv, getStringChecksum(string(bytes)))) Env = append(Env, fmt.Sprintf("%s=%s", AdmissionConfigSumEnv, getStringChecksum(string(bytes), c.Version)))
} }
if c.Services.KubeAPI.AuditLog != nil && c.Services.KubeAPI.AuditLog.Enabled { if c.Services.KubeAPI.AuditLog != nil && c.Services.KubeAPI.AuditLog.Enabled {
Binds = append(Binds, fmt.Sprintf("%s:/var/log/kube-audit", path.Join(host.PrefixPath, "/var/log/kube-audit"))) Binds = append(Binds, fmt.Sprintf("%s:/var/log/kube-audit", path.Join(host.PrefixPath, "/var/log/kube-audit")))
@ -301,7 +305,7 @@ func (c *Cluster) BuildKubeAPIProcess(host *hosts.Host, serviceOptions v3.Kubern
if err != nil { if err != nil {
logrus.Warnf("Error while marshalling auditlog policy: %v", err) logrus.Warnf("Error while marshalling auditlog policy: %v", err)
} }
Env = append(Env, fmt.Sprintf("%s=%s", AuditLogConfigSumEnv, getStringChecksum(string(bytes)))) Env = append(Env, fmt.Sprintf("%s=%s", AuditLogConfigSumEnv, getStringChecksum(string(bytes), c.Version)))
} }
matchedRange, err := util.SemVerMatchRange(c.Version, util.SemVerK8sVersion122OrHigher) matchedRange, err := util.SemVerMatchRange(c.Version, util.SemVerK8sVersion122OrHigher)
@ -379,7 +383,7 @@ func (c *Cluster) BuildKubeControllerProcess(host *hosts.Host, serviceOptions v3
if len(c.CloudProvider.Name) > 0 { if len(c.CloudProvider.Name) > 0 {
c.Services.KubeController.ExtraEnv = append( c.Services.KubeController.ExtraEnv = append(
c.Services.KubeController.ExtraEnv, c.Services.KubeController.ExtraEnv,
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile))) fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile, c.Version)))
} }
if serviceOptions.KubeController != nil { if serviceOptions.KubeController != nil {
@ -639,7 +643,7 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
if len(c.CloudProvider.Name) > 0 { if len(c.CloudProvider.Name) > 0 {
Env = append(Env, Env = append(Env,
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile))) fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile, c.Version)))
} }
if len(c.PrivateRegistriesMap) > 0 { if len(c.PrivateRegistriesMap) > 0 {
kubeletDockerConfig, _ := docker.GetKubeletDockerConfig(c.PrivateRegistriesMap) kubeletDockerConfig, _ := docker.GetKubeletDockerConfig(c.PrivateRegistriesMap)
@ -1274,9 +1278,25 @@ func (c *Cluster) getDefaultKubernetesServicesOptions(osType string) (v3.Kuberne
return v3.KubernetesServicesOptions{}, fmt.Errorf("getDefaultKubernetesServicesOptions: No serviceOptions found for cluster version [%s] or cluster major version [%s]", c.Version, clusterMajorVersion) return v3.KubernetesServicesOptions{}, fmt.Errorf("getDefaultKubernetesServicesOptions: No serviceOptions found for cluster version [%s] or cluster major version [%s]", c.Version, clusterMajorVersion)
} }
func getStringChecksum(config string) string { func getStringChecksum(config string, version string) string {
configByteSum := md5.Sum([]byte(config)) greaterThan1316, err := util.SemVerMatchRange(version, util.SemVerK8sVersion1316OrHigher)
return fmt.Sprintf("%x", configByteSum) if err != nil {
logrus.Warnf("failed to check if version %q was greater than 1.31.6: %v, falling back to old behavior", version, err)
}
var hasher hash.Hash
if greaterThan1316 {
hasher = sha256.New()
} else {
hasher = md5.New()
}
_, err = hasher.Write([]byte(config))
if err != nil {
log.Fatalf("failed to hash config: %v", err)
}
return hex.EncodeToString(hasher.Sum(nil))
} }
func getUniqStringList(l []string) []string { func getUniqStringList(l []string) []string {

57
cluster/plan_test.go
View File

@ -1,6 +1,9 @@
package cluster package cluster
import ( import (
"crypto/md5"
"crypto/sha256"
"fmt"
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -50,3 +53,57 @@ func Test_getUniqStringList(t *testing.T) {
}) })
} }
} }
func Test_getStringChecksum(t *testing.T) {
tests := []struct {
name string
config string
version string
expected string
}{
{
name: "version greater than 1.31.6, use sha256",
config: "test-config",
version: "v1.32.0-rancher0",
expected: fmt.Sprintf("%x", sha256.Sum256([]byte("test-config"))),
},
{
name: "version exactly 1.31.6, use sha256",
config: "test-config",
version: "v1.31.6-rancher0",
expected: fmt.Sprintf("%x", sha256.Sum256([]byte("test-config"))),
},
{
name: "version exactly 1.31.0, use md5",
config: "test-config",
version: "v1.31.0-rancher0",
expected: fmt.Sprintf("%x", md5.Sum([]byte("test-config"))),
},
{
name: "version less than 1.31, use md5",
config: "test-config",
version: "v1.30.0-rancher0",
expected: fmt.Sprintf("%x", md5.Sum([]byte("test-config"))),
},
{
name: "empty config",
config: "",
version: "v1.32.0-rancher0",
expected: fmt.Sprintf("%x", sha256.Sum256([]byte(""))),
},
{
name: "empty version",
config: "test-config",
version: "",
expected: fmt.Sprintf("%x", md5.Sum([]byte("test-config"))),
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
result := getStringChecksum(tt.config, tt.version)
assert.Equal(t, tt.expected, result)
})
}
}

5
util/util.go
View File

@ -17,8 +17,9 @@ import (
) )
const ( const (
WorkerThreads = 50 WorkerThreads = 50
SemVerK8sVersion122OrHigher = ">=1.22.0-rancher0" SemVerK8sVersion122OrHigher = ">=1.22.0-rancher0"
SemVerK8sVersion1316OrHigher = ">=1.31.6-rancher0"
) )
var ProxyEnvVars = [3]string{"HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY"} var ProxyEnvVars = [3]string{"HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY"}