Add etcd client certificate configuration (#2367)

* Add etcd client certificate
This commit is contained in:
YoukiLin 2019-03-27 13:53:40 +08:00 committed by turtleDeng
parent a3fd8846a5
commit fee94525db
2 changed files with 37 additions and 2 deletions

View File

@ -114,6 +114,22 @@ cluster.autoclean = 5m
## Default: 1m, 1 minute ## Default: 1m, 1 minute
## cluster.etcd.node_ttl = 1m ## cluster.etcd.node_ttl = 1m
## Path to a file containing the client's private PEM-encoded key.
##
## Value: File
## cluster.etcd.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
## The path to a file containing the client's certificate.
##
## Value: File
## cluster.etcd.ssl.certfile = {{ platform_etc_dir }}/certs/client.pem
## Path to the file containing PEM-encoded CA certificates. The CA certificates
## are used during server authentication and when building the client certificate chain.
##
## Value: File
## cluster.etcd.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem
##-------------------------------------------------------------------- ##--------------------------------------------------------------------
## Cluster using Kubernates ## Cluster using Kubernates

View File

@ -105,6 +105,18 @@
{default, "1m"} {default, "1m"}
]}. ]}.
{mapping, "cluster.etcd.ssl.keyfile", "ekka.cluster_discovery", [
{datatype, string}
]}.
{mapping, "cluster.etcd.ssl.certfile", "ekka.cluster_discovery", [
{datatype, string}
]}.
{mapping, "cluster.etcd.ssl.cacertfile", "ekka.cluster_discovery", [
{datatype, string}
]}.
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Cluster on K8s %% Cluster on K8s
@ -149,9 +161,16 @@
[{name, cuttlefish:conf_get("cluster.dns.name", Conf)}, [{name, cuttlefish:conf_get("cluster.dns.name", Conf)},
{app, cuttlefish:conf_get("cluster.dns.app", Conf)}]; {app, cuttlefish:conf_get("cluster.dns.app", Conf)}];
(etcd) -> (etcd) ->
SslOpts = fun(Conf) ->
Options = cuttlefish_variable:filter_by_prefix("cluster.etcd.ssl", Conf),
lists:map(fun({["cluster", "etcd", "ssl", Name], Value}) ->
{list_to_atom(Name), Value}
end, Options)
end,
[{server, string:tokens(cuttlefish:conf_get("cluster.etcd.server", Conf), ",")}, [{server, string:tokens(cuttlefish:conf_get("cluster.etcd.server", Conf), ",")},
{prefix, cuttlefish:conf_get("cluster.etcd.prefix", Conf, "emqcl")}, {prefix, cuttlefish:conf_get("cluster.etcd.prefix", Conf, "emqcl")},
{node_ttl, cuttlefish:conf_get("cluster.etcd.node_ttl", Conf, 60)}]; {node_ttl, cuttlefish:conf_get("cluster.etcd.node_ttl", Conf, 60)},
{ssl_options, SslOpts(Conf)}];
(k8s) -> (k8s) ->
[{apiserver, cuttlefish:conf_get("cluster.k8s.apiserver", Conf)}, [{apiserver, cuttlefish:conf_get("cluster.k8s.apiserver", Conf)},
{service_name, cuttlefish:conf_get("cluster.k8s.service_name", Conf)}, {service_name, cuttlefish:conf_get("cluster.k8s.service_name", Conf)},
@ -2106,4 +2125,4 @@ end}.
[{check_interval, cuttlefish:conf_get("vm_mon.check_interval", Conf)}, [{check_interval, cuttlefish:conf_get("vm_mon.check_interval", Conf)},
{process_high_watermark, cuttlefish:conf_get("vm_mon.process_high_watermark", Conf)}, {process_high_watermark, cuttlefish:conf_get("vm_mon.process_high_watermark", Conf)},
{process_low_watermark, cuttlefish:conf_get("vm_mon.process_low_watermark", Conf)}] {process_low_watermark, cuttlefish:conf_get("vm_mon.process_low_watermark", Conf)}]
end}. end}.