Add etcd client certificate configuration (#2367)
* Add etcd client certificate
This commit is contained in:
YoukiLin
turtleDeng
parent
a3fd8846a5
commit
fee94525db
|
|
@ -114,6 +114,22 @@ cluster.autoclean = 5m
|
||||||
## Default: 1m, 1 minute
|
## Default: 1m, 1 minute
|
||||||
## cluster.etcd.node_ttl = 1m
|
## cluster.etcd.node_ttl = 1m
|
||||||
|
|
||||||
|
## Path to a file containing the client's private PEM-encoded key.
|
||||||
|
##
|
||||||
|
## Value: File
|
||||||
|
## cluster.etcd.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
|
||||||
|
|
||||||
|
## The path to a file containing the client's certificate.
|
||||||
|
##
|
||||||
|
## Value: File
|
||||||
|
## cluster.etcd.ssl.certfile = {{ platform_etc_dir }}/certs/client.pem
|
||||||
|
|
||||||
|
## Path to the file containing PEM-encoded CA certificates. The CA certificates
|
||||||
|
## are used during server authentication and when building the client certificate chain.
|
||||||
|
##
|
||||||
|
## Value: File
|
||||||
|
## cluster.etcd.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem
|
||||||
|
|
||||||
##--------------------------------------------------------------------
|
##--------------------------------------------------------------------
|
||||||
## Cluster using Kubernates
|
## Cluster using Kubernates
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -105,6 +105,18 @@
|
||||||
{default, "1m"}
|
{default, "1m"}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
|
{mapping, "cluster.etcd.ssl.keyfile", "ekka.cluster_discovery", [
|
||||||
|
{datatype, string}
|
||||||
|
]}.
|
||||||
|
|
||||||
|
{mapping, "cluster.etcd.ssl.certfile", "ekka.cluster_discovery", [
|
||||||
|
{datatype, string}
|
||||||
|
]}.
|
||||||
|
|
||||||
|
{mapping, "cluster.etcd.ssl.cacertfile", "ekka.cluster_discovery", [
|
||||||
|
{datatype, string}
|
||||||
|
]}.
|
||||||
|
|
||||||
%%--------------------------------------------------------------------
|
%%--------------------------------------------------------------------
|
||||||
%% Cluster on K8s
|
%% Cluster on K8s
|
||||||
|
|
||||||
|
|
@ -149,9 +161,16 @@
|
||||||
[{name, cuttlefish:conf_get("cluster.dns.name", Conf)},
|
[{name, cuttlefish:conf_get("cluster.dns.name", Conf)},
|
||||||
{app, cuttlefish:conf_get("cluster.dns.app", Conf)}];
|
{app, cuttlefish:conf_get("cluster.dns.app", Conf)}];
|
||||||
(etcd) ->
|
(etcd) ->
|
||||||
|
SslOpts = fun(Conf) ->
|
||||||
|
Options = cuttlefish_variable:filter_by_prefix("cluster.etcd.ssl", Conf),
|
||||||
|
lists:map(fun({["cluster", "etcd", "ssl", Name], Value}) ->
|
||||||
|
{list_to_atom(Name), Value}
|
||||||
|
end, Options)
|
||||||
|
end,
|
||||||
[{server, string:tokens(cuttlefish:conf_get("cluster.etcd.server", Conf), ",")},
|
[{server, string:tokens(cuttlefish:conf_get("cluster.etcd.server", Conf), ",")},
|
||||||
{prefix, cuttlefish:conf_get("cluster.etcd.prefix", Conf, "emqcl")},
|
{prefix, cuttlefish:conf_get("cluster.etcd.prefix", Conf, "emqcl")},
|
||||||
{node_ttl, cuttlefish:conf_get("cluster.etcd.node_ttl", Conf, 60)}];
|
{node_ttl, cuttlefish:conf_get("cluster.etcd.node_ttl", Conf, 60)},
|
||||||
|
{ssl_options, SslOpts(Conf)}];
|
||||||
(k8s) ->
|
(k8s) ->
|
||||||
[{apiserver, cuttlefish:conf_get("cluster.k8s.apiserver", Conf)},
|
[{apiserver, cuttlefish:conf_get("cluster.k8s.apiserver", Conf)},
|
||||||
{service_name, cuttlefish:conf_get("cluster.k8s.service_name", Conf)},
|
{service_name, cuttlefish:conf_get("cluster.k8s.service_name", Conf)},
|
||||||
|
|
@ -2106,4 +2125,4 @@ end}.
|
||||||
[{check_interval, cuttlefish:conf_get("vm_mon.check_interval", Conf)},
|
[{check_interval, cuttlefish:conf_get("vm_mon.check_interval", Conf)},
|
||||||
{process_high_watermark, cuttlefish:conf_get("vm_mon.process_high_watermark", Conf)},
|
{process_high_watermark, cuttlefish:conf_get("vm_mon.process_high_watermark", Conf)},
|
||||||
{process_low_watermark, cuttlefish:conf_get("vm_mon.process_low_watermark", Conf)}]
|
{process_low_watermark, cuttlefish:conf_get("vm_mon.process_low_watermark", Conf)}]
|
||||||
end}.
|
end}.
|
||||||
Loading…
Reference in New Issue