set golang's secure cipher suites as etcd's cipher suites

[zhzhuang-zju]

What type of PR is this?
/kind cleanup

What this PR does / why we need it:
set golang's default secure cipher suites as etcd's cipher suites to fix CVE-2016-2183.
Which issue(s) this PR fixes:
Parts of #4191

Special notes for your reviewer:
none
Does this PR introduce a user-facing change?:

Fixed CVE-2016-2183 by setting golang's secure cipher suites to etcd's cipher suites

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (4d6e9d7) 52.83% compared to head (6c7d34f) 52.79%.
Report is 12 commits behind head on master.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4253      +/-   ##
==========================================
- Coverage   52.83%   52.79%   -0.04%     
==========================================
  Files         240      240              
  Lines       23595    23620      +25     
==========================================
+ Hits        12466    12470       +4     
- Misses      10453    10471      +18     
- Partials      676      679       +3     

Flag	Coverage Δ
unittests	52.79% <100.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[RainbowMango]

I guess the CLI part also needs this.

[zhzhuang-zju]

I guess the CLI part also needs this.

You are absolutely right! I'll add this part in this pr later.

[yanfeng1992]

I have some suggestions #4191 (comment) @zhzhuang-zju

[RainbowMango]

It'd be great to have a comment to describe where these suites come from.

[yanfeng1992]

It'd be great to have a comment to describe where these suites come from.

+1

Other parts, lgtm

[zhzhuang-zju]

Referring to go/src/crypto/tls/cipher_suites.go, golang supports 17 security algorithms.

On this basis, k8s adds map mapping to two of the security algorithms. Finally, these 19 cipher suites were formed.

karmada/vendor/k8s.io/component-base/cli/flag/ciphersuites_flag.go

Lines 33 to 44 in 98e655f

	func init() {
	for _, suite := range tls.CipherSuites() {
	ciphers[suite.Name] = suite.ID
	}
	// keep legacy names for backward compatibility
	ciphers["TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"] = tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
	ciphers["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"] = tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
	for _, suite := range tls.InsecureCipherSuites() {
	insecureCiphers[suite.Name] = suite.ID
	}
	}

[RainbowMango]

I mean comment in the code, so that when people read the code they can get where these cipher suites come from.

[zhzhuang-zju]

Got it~, I'll comment in the code right away

[RainbowMango]

/approve

@yanfeng1992 would you like to take another look?

[karmada-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [RainbowMango]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[yanfeng1992]

Does add = here have any effect? @zhzhuang-zju

[zhzhuang-zju]

Thank you for finding this problem. I fixed it in PR #4286 . Can you help with review?