github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

componentstatus: support client cert health check

Browse Source 
etcd has support for client-cert-auth, which can be configured via the flag `--ca-file`,
when that is enabled, all the client requests must present with a client certificate,
however, the current component status check uses a single transport for all of the checks,
this is wrong, the checks should be different for each of different component, and make
each of them use different transport(tls configurations).
This commit is contained in:
zhouhaibing089
2017-01-11 14:40:09 +08:00
committed by haibzhou
parent dee81ed56a
commit b1040171b6
9 changed files with 93 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/probe/http/http.go
View File

@@ -32,7 +32,12 @@ import (
func New() HTTPProber {
tlsConfig := &tls.Config{InsecureSkipVerify: true}
transport := utilnet.SetTransportDefaults(&http.Transport{TLSClientConfig: tlsConfig, DisableKeepAlives: true})
return NewWithTLSConfig(tlsConfig)
}
// NewWithTLSConfig takes tls config as parameter.
func NewWithTLSConfig(config *tls.Config) HTTPProber {
transport := utilnet.SetTransportDefaults(&http.Transport{TLSClientConfig: config, DisableKeepAlives: true})
return httpProber{transport}
}