From a59db7c9ec979846036ee0c54c145626da4444ef Mon Sep 17 00:00:00 2001 From: Dmitry Shulyak Date: Tue, 6 Jun 2017 17:48:15 +0300 Subject: [PATCH 1/2] Allow to specify tls config for coredns provider --- .../pkg/dnsprovider/providers/coredns/BUILD | 2 + .../dnsprovider/providers/coredns/coredns.go | 59 +++++++++++++++++-- 2 files changed, 56 insertions(+), 5 deletions(-) diff --git a/federation/pkg/dnsprovider/providers/coredns/BUILD b/federation/pkg/dnsprovider/providers/coredns/BUILD index f1654143a05..ba07387f883 100644 --- a/federation/pkg/dnsprovider/providers/coredns/BUILD +++ b/federation/pkg/dnsprovider/providers/coredns/BUILD @@ -25,10 +25,12 @@ go_library( "//federation/pkg/dnsprovider/providers/coredns/stubs:go_default_library", "//federation/pkg/dnsprovider/rrstype:go_default_library", "//vendor/github.com/coreos/etcd/client:go_default_library", + "//vendor/github.com/coreos/etcd/pkg/transport:go_default_library", "//vendor/github.com/golang/glog:go_default_library", "//vendor/github.com/miekg/coredns/middleware/etcd/msg:go_default_library", "//vendor/golang.org/x/net/context:go_default_library", "//vendor/gopkg.in/gcfg.v1:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/util/net:go_default_library", ], ) diff --git a/federation/pkg/dnsprovider/providers/coredns/coredns.go b/federation/pkg/dnsprovider/providers/coredns/coredns.go index ba39ba5fb1c..155107ae16e 100644 --- a/federation/pkg/dnsprovider/providers/coredns/coredns.go +++ b/federation/pkg/dnsprovider/providers/coredns/coredns.go @@ -18,14 +18,21 @@ limitations under the License. package coredns import ( + "crypto/tls" "fmt" - etcdc "github.com/coreos/etcd/client" - "github.com/golang/glog" - "gopkg.in/gcfg.v1" "io" - "k8s.io/kubernetes/federation/pkg/dnsprovider" + "net" + "net/http" "strconv" "strings" + "time" + + etcdc "github.com/coreos/etcd/client" + "github.com/coreos/etcd/pkg/transport" + "github.com/golang/glog" + "gopkg.in/gcfg.v1" + utilnet "k8s.io/apimachinery/pkg/util/net" + "k8s.io/kubernetes/federation/pkg/dnsprovider" ) // "coredns" should be used to use this DNS provider @@ -37,6 +44,9 @@ const ( type Config struct { Global struct { EtcdEndpoints string `gcfg:"etcd-endpoints"` + CertFile string `gcfg:"etcd-cert-file"` + KeyFile string `gcfg:"etcd-key-file"` + CAFile string `gcfg:"etcd-ca-file"` DNSZones string `gcfg:"zones"` CoreDNSEndpoints string `gcfg:"coredns-endpoints"` } @@ -48,11 +58,42 @@ func init() { }) } +func newTransportForETCD2(certFile, keyFile, caFile string) (*http.Transport, error) { + var cfg *tls.Config + if len(certFile) == 0 && len(keyFile) == 0 && len(caFile) == 0 { + cfg = nil + } else { + info := transport.TLSInfo{ + CertFile: certFile, + KeyFile: keyFile, + CAFile: caFile, + } + var err error + cfg, err = info.ClientConfig() + if err != nil { + return nil, fmt.Errorf("error creating tls config: %v", err) + } + } + // Copied from etcd.DefaultTransport declaration. + // TODO: Determine if transport needs optimization + tr := utilnet.SetTransportDefaults(&http.Transport{ + Proxy: http.ProxyFromEnvironment, + Dial: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + }).Dial, + TLSHandshakeTimeout: 10 * time.Second, + TLSClientConfig: cfg, + }) + return tr, nil +} + // newCoreDnsProviderInterface creates a new instance of an CoreDNS DNS Interface. func newCoreDNSProviderInterface(config io.Reader) (*Interface, error) { etcdEndpoints := "http://federation-dns-server-etcd:2379" etcdPathPrefix := "skydns" dnsZones := "" + var certFile, keyFile, caFile string // Possibly override defaults with config below if config != nil { @@ -63,6 +104,9 @@ func newCoreDNSProviderInterface(config io.Reader) (*Interface, error) { } etcdEndpoints = cfg.Global.EtcdEndpoints dnsZones = cfg.Global.DNSZones + certFile = cfg.Global.CertFile + keyFile = cfg.Global.KeyFile + caFile = cfg.Global.CAFile } glog.Infof("Using CoreDNS DNS provider") @@ -70,9 +114,14 @@ func newCoreDNSProviderInterface(config io.Reader) (*Interface, error) { return nil, fmt.Errorf("Need to provide at least one DNS Zone") } + etcdTransport, err := newTransportForETCD2(certFile, keyFile, caFile) + if err != nil { + return nil, fmt.Errorf("error creating transport for etcd: %v", err) + } + etcdCfg := etcdc.Config{ Endpoints: strings.Split(etcdEndpoints, ","), - Transport: etcdc.DefaultTransport, + Transport: etcdTransport, } c, err := etcdc.New(etcdCfg) From ffd035e82c5b39433f165719ce9279a8c28bce3d Mon Sep 17 00:00:00 2001 From: Dmitry Shulyak Date: Thu, 8 Jun 2017 15:11:59 +0300 Subject: [PATCH 2/2] Expect that path to files will be provided not raw data --- federation/pkg/dnsprovider/providers/coredns/coredns.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/federation/pkg/dnsprovider/providers/coredns/coredns.go b/federation/pkg/dnsprovider/providers/coredns/coredns.go index 155107ae16e..02f50e33633 100644 --- a/federation/pkg/dnsprovider/providers/coredns/coredns.go +++ b/federation/pkg/dnsprovider/providers/coredns/coredns.go @@ -105,15 +105,15 @@ func newCoreDNSProviderInterface(config io.Reader) (*Interface, error) { etcdEndpoints = cfg.Global.EtcdEndpoints dnsZones = cfg.Global.DNSZones certFile = cfg.Global.CertFile - keyFile = cfg.Global.KeyFile caFile = cfg.Global.CAFile + keyFile = cfg.Global.KeyFile } glog.Infof("Using CoreDNS DNS provider") if dnsZones == "" { return nil, fmt.Errorf("Need to provide at least one DNS Zone") } - + glog.Infof("Creating etcd transport with %s, %s, %s", certFile, keyFile, caFile) etcdTransport, err := newTransportForETCD2(certFile, keyFile, caFile) if err != nil { return nil, fmt.Errorf("error creating transport for etcd: %v", err)