-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
server.go
84 lines (75 loc) · 2.85 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package servers
import (
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"
certutil "k8s.io/client-go/util/cert"
"k8s.io/klog/v2"
hubconfig "github.com/kubeedge/kubeedge/cloud/pkg/cloudhub/config"
"github.com/kubeedge/kubeedge/cloud/pkg/cloudhub/handler"
"github.com/kubeedge/viaduct/pkg/api"
"github.com/kubeedge/viaduct/pkg/server"
)
// StartCloudHub starts the cloud hub service
func StartCloudHub(messageHandler handler.Handler) {
// start websocket server
if hubconfig.Config.WebSocket.Enable {
go startWebsocketServer(messageHandler)
}
// start quic server
if hubconfig.Config.Quic.Enable {
go startQuicServer(messageHandler)
}
}
func createTLSConfig(ca, cert, key []byte) tls.Config {
// init certificate
pool := x509.NewCertPool()
ok := pool.AppendCertsFromPEM(pem.EncodeToMemory(&pem.Block{Type: certutil.CertificateBlockType, Bytes: ca}))
if !ok {
panic(fmt.Errorf("fail to load ca content"))
}
certificate, err := tls.X509KeyPair(pem.EncodeToMemory(&pem.Block{Type: certutil.CertificateBlockType, Bytes: cert}), pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: key}))
if err != nil {
panic(err)
}
return tls.Config{
ClientCAs: pool,
ClientAuth: tls.RequireAndVerifyClientCert,
Certificates: []tls.Certificate{certificate},
MinVersion: tls.VersionTLS12,
// has to match cipher used by NewPrivateKey method, currently is ECDSA
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
},
}
}
func startWebsocketServer(messageHandler handler.Handler) {
tlsConfig := createTLSConfig(hubconfig.Config.Ca, hubconfig.Config.Cert, hubconfig.Config.Key)
svc := server.Server{
Type: api.ProtocolTypeWS,
TLSConfig: &tlsConfig,
AutoRoute: true,
ConnNotify: messageHandler.HandleConnection,
OnReadTransportErr: messageHandler.OnReadTransportErr,
Addr: fmt.Sprintf("%s:%d", hubconfig.Config.WebSocket.Address, hubconfig.Config.WebSocket.Port),
ExOpts: api.WSServerOption{Path: "/"},
}
klog.Infof("Starting cloudhub %s server", api.ProtocolTypeWS)
klog.Exit(svc.ListenAndServeTLS("", ""))
}
func startQuicServer(messageHandler handler.Handler) {
tlsConfig := createTLSConfig(hubconfig.Config.Ca, hubconfig.Config.Cert, hubconfig.Config.Key)
svc := server.Server{
Type: api.ProtocolTypeQuic,
TLSConfig: &tlsConfig,
AutoRoute: true,
ConnNotify: messageHandler.HandleConnection,
OnReadTransportErr: messageHandler.OnReadTransportErr,
Addr: fmt.Sprintf("%s:%d", hubconfig.Config.Quic.Address, hubconfig.Config.Quic.Port),
ExOpts: api.QuicServerOption{MaxIncomingStreams: int(hubconfig.Config.Quic.MaxIncomingStreams)},
}
klog.Infof("Starting cloudhub %s server", api.ProtocolTypeQuic)
klog.Exit(svc.ListenAndServeTLS("", ""))
}