From 014ad631118fc88db4d0619588f717e13a58eef6 Mon Sep 17 00:00:00 2001
From: Hongchao Deng <hongchaodeng1@gmail.com>
Date: Wed, 17 Aug 2016 20:07:47 -0700
Subject: [PATCH] etcd3 backend: support TLS

---
 pkg/storage/storagebackend/factory/etcd3.go | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/pkg/storage/storagebackend/factory/etcd3.go b/pkg/storage/storagebackend/factory/etcd3.go
index 22546a6290b..ca0fe5526c4 100644
--- a/pkg/storage/storagebackend/factory/etcd3.go
+++ b/pkg/storage/storagebackend/factory/etcd3.go
@@ -19,21 +19,33 @@ package factory
 import (
 	"strings"
 
-	"github.com/coreos/etcd/clientv3"
-	"golang.org/x/net/context"
-
 	"k8s.io/kubernetes/pkg/storage"
 	"k8s.io/kubernetes/pkg/storage/etcd3"
 	"k8s.io/kubernetes/pkg/storage/storagebackend"
+
+	"github.com/coreos/etcd/clientv3"
+	"github.com/coreos/etcd/pkg/transport"
+	"golang.org/x/net/context"
 )
 
 func newETCD3Storage(c storagebackend.Config) (storage.Interface, error) {
+	info := transport.TLSInfo{
+		CertFile: c.CertFile,
+		KeyFile:  c.KeyFile,
+		CAFile:   c.CAFile,
+	}
+	tlsConfig, err := info.ClientConfig()
+	if err != nil {
+		return nil, err
+	}
+
 	endpoints := c.ServerList
 	for i, s := range endpoints {
 		endpoints[i] = strings.TrimLeft(s, "http://")
 	}
 	cfg := clientv3.Config{
 		Endpoints: endpoints,
+		TLS:       tlsConfig,
 	}
 	client, err := clientv3.New(cfg)
 	if err != nil {