Merge pull request #47049 from dshulyak/tls_config_coredns

Automatic merge from submit-queue (batch tested with PRs 47806, 49539, 48763, 47049, 50600). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..

Allow to specify tls config for etcd in federation coredns provider

Closes: https://github.com/kubernetes/kubernetes/issues/42995

```release-note
CoreDNS provider config allows setting TLS certificates for etcd client.
```
This commit is contained in:
Kubernetes Submit Queue 2017-09-22 21:20:56 -07:00 committed by GitHub
commit 19cf8af8b7
2 changed files with 56 additions and 5 deletions

View File

@ -22,10 +22,12 @@ go_library(
"//federation/pkg/dnsprovider/providers/coredns/stubs:go_default_library",
"//federation/pkg/dnsprovider/rrstype:go_default_library",
"//vendor/github.com/coreos/etcd/client:go_default_library",
"//vendor/github.com/coreos/etcd/pkg/transport:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/miekg/coredns/middleware/etcd/msg:go_default_library",
"//vendor/golang.org/x/net/context:go_default_library",
"//vendor/gopkg.in/gcfg.v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/net:go_default_library",
],
)

View File

@ -18,14 +18,21 @@ limitations under the License.
package coredns
import (
"crypto/tls"
"fmt"
etcdc "github.com/coreos/etcd/client"
"github.com/golang/glog"
"gopkg.in/gcfg.v1"
"io"
"k8s.io/kubernetes/federation/pkg/dnsprovider"
"net"
"net/http"
"strconv"
"strings"
"time"
etcdc "github.com/coreos/etcd/client"
"github.com/coreos/etcd/pkg/transport"
"github.com/golang/glog"
"gopkg.in/gcfg.v1"
utilnet "k8s.io/apimachinery/pkg/util/net"
"k8s.io/kubernetes/federation/pkg/dnsprovider"
)
// "coredns" should be used to use this DNS provider
@ -37,6 +44,9 @@ const (
type Config struct {
Global struct {
EtcdEndpoints string `gcfg:"etcd-endpoints"`
CertFile string `gcfg:"etcd-cert-file"`
KeyFile string `gcfg:"etcd-key-file"`
CAFile string `gcfg:"etcd-ca-file"`
DNSZones string `gcfg:"zones"`
CoreDNSEndpoints string `gcfg:"coredns-endpoints"`
}
@ -48,11 +58,42 @@ func init() {
})
}
func newTransportForETCD2(certFile, keyFile, caFile string) (*http.Transport, error) {
var cfg *tls.Config
if len(certFile) == 0 && len(keyFile) == 0 && len(caFile) == 0 {
cfg = nil
} else {
info := transport.TLSInfo{
CertFile: certFile,
KeyFile: keyFile,
CAFile: caFile,
}
var err error
cfg, err = info.ClientConfig()
if err != nil {
return nil, fmt.Errorf("error creating tls config: %v", err)
}
}
// Copied from etcd.DefaultTransport declaration.
// TODO: Determine if transport needs optimization
tr := utilnet.SetTransportDefaults(&http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: cfg,
})
return tr, nil
}
// newCoreDnsProviderInterface creates a new instance of an CoreDNS DNS Interface.
func newCoreDNSProviderInterface(config io.Reader) (*Interface, error) {
etcdEndpoints := "http://federation-dns-server-etcd:2379"
etcdPathPrefix := "skydns"
dnsZones := ""
var certFile, keyFile, caFile string
// Possibly override defaults with config below
if config != nil {
@ -63,16 +104,24 @@ func newCoreDNSProviderInterface(config io.Reader) (*Interface, error) {
}
etcdEndpoints = cfg.Global.EtcdEndpoints
dnsZones = cfg.Global.DNSZones
certFile = cfg.Global.CertFile
caFile = cfg.Global.CAFile
keyFile = cfg.Global.KeyFile
}
glog.Infof("Using CoreDNS DNS provider")
if dnsZones == "" {
return nil, fmt.Errorf("Need to provide at least one DNS Zone")
}
glog.Infof("Creating etcd transport with %s, %s, %s", certFile, keyFile, caFile)
etcdTransport, err := newTransportForETCD2(certFile, keyFile, caFile)
if err != nil {
return nil, fmt.Errorf("error creating transport for etcd: %v", err)
}
etcdCfg := etcdc.Config{
Endpoints: strings.Split(etcdEndpoints, ","),
Transport: etcdc.DefaultTransport,
Transport: etcdTransport,
}
c, err := etcdc.New(etcdCfg)