首页 新闻 会员 周边

dapr: 如何启用 AppChannelAllowInsecureTLS feature

0
悬赏园豆:30 [待解决问题]

AppChannelAllowInsecureTLS 是在 https://github.com/dapr/dapr/pull/6078 中引入的 feature tag。

dapr 1.11 带来了一个 breaking change

When communicating with apps using HTTPS or gRPC with TLS, Dapr now enforces the use of TLS 1.2 or higher. This behavior can be disabled temporarily using a Configuration option.

通过 AppChannelAllowInsecureTLS 可以允许使用低版本的 TLS。

请问启用 AppChannelAllowInsecureTLS?

问题补充:

dapr configuration 中添加下面的配置没有起作用

kubectl edit configuration -n dapr-system  

spec:
  features:
  - enabled: true
    name: AppChannelAllowInsecureTLS
dudu的主页 dudu | 高人七级 | 园豆:30994
提问于:2023-08-07 08:58
< >
分享
所有回答(2)
0

apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: daprConfig
spec:
features:

  • name: "AppChannelAllowInsecureTLS"
    enabled: true
npe0 | 园豆:1299 (小虾三级) | 2023-12-12 17:04

这个顺序没有影响,通过 kubectl edit configuration -n dapr-system 修改成你的写法,会提示

Edit cancelled, no changes made.

支持(0) 反对(0) dudu | 园豆:30994 (高人七级) | 2023-12-12 17:35
0

这个 feature flag 会在 Dapr 1.13 中移除,详见 configuration.go#L45

const (
	// Disables enforcing minimum TLS version 1.2 in AppChannel, which is insecure.
	// TODO: Remove this feature flag in Dapr 1.13.
	AppChannelAllowInsecureTLS Feature = "AppChannelAllowInsecureTLS"
	// Enables support for setting TTL on Actor state keys. Remove this flag in
	// Dapr 1.12.
	ActorStateTTL Feature = "ActorStateTTL"
)
dudu | 园豆:30994 (高人七级) | 2023-12-12 17:38
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册