github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

stream: can use user certificates

Browse Source 
Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>
This commit is contained in:
JulienBalestra 2018-08-27 19:16:32 +02:00
parent a3af7393fe
commit b82b524260
No known key found for this signature in database
GPG Key ID: DDC658F2EE07BF0B
2 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/config/config.go
View File

@ -114,6 +114,10 @@ type PluginConfig struct {
SystemdCgroup bool `toml:"systemd_cgroup" json:"systemdCgroup"`
// EnableTLSStreaming indicates to enable the TLS streaming support.
EnableTLSStreaming bool `toml:"enable_tls_streaming" json:"enableTLSStreaming"`
// TLSCertFileStreaming is the path to a certificate file
TLSCertFileStreaming string `toml:"tls_cert_file_streaming" json:"tlsCertFileStreaming"`
// TLSKeyFileStreaming is the path to a private key file
TLSKeyFileStreaming string `toml:"tls_key_file_streaming" json:"tlsKeyFileStreaming"`
// MaxContainerLogLineSize is the maximum log line size in bytes for a container.
// Log line longer than the limit will be split into multiple lines. Non-positive
// value means no limit.

26
pkg/server/streaming.go
View File

@ -44,18 +44,30 @@ func newStreamServer(c *criService, addr, port string) (streaming.Server, error)
}
config := streaming.DefaultConfig
config.Addr = net.JoinHostPort(addr, port)
runtime := newStreamRuntime(c)
if c.config.EnableTLSStreaming {
tlsCert, err := newTLSCert()
run := newStreamRuntime(c)
if !c.config.EnableTLSStreaming {
return streaming.NewServer(config, run)
}
if c.config.TLSCertFileStreaming != "" && c.config.TLSKeyFileStreaming != "" {
tlsCert, err := tls.LoadX509KeyPair(c.config.TLSCertFileStreaming, c.config.TLSKeyFileStreaming)
if err != nil {
return nil, errors.Wrap(err, "failed to generate tls certificate for stream server")
return nil, errors.Wrap(err, "failed to load x509 key pair for stream server")
}
config.TLSConfig = &tls.Config{
Certificates: []tls.Certificate{tlsCert},
InsecureSkipVerify: true,
Certificates: []tls.Certificate{tlsCert},
}
return streaming.NewServer(config, run)
}
return streaming.NewServer(config, runtime)
// generating self-sign certs
tlsCert, err := newTLSCert()
if err != nil {
return nil, errors.Wrap(err, "failed to generate tls certificate for stream server")
}
config.TLSConfig = &tls.Config{
Certificates: []tls.Certificate{tlsCert},
InsecureSkipVerify: true,
}
return streaming.NewServer(config, run)
}
type streamRuntime struct {