Add option to pass custom CA certificate for S3 backend

2025-09-01 15:06:23 +00:00 · 2019-06-12 00:31:01 +02:00
parent ffa42ab900
commit 38c31b9766
5 changed files with 46 additions and 2 deletions
--- a/cmd/common.go
+++ b/cmd/common.go
@@ -11,6 +11,7 @@ import (
 	"github.com/rancher/rke/cluster"
 	"github.com/rancher/rke/hosts"
 	"github.com/rancher/rke/log"
+	"github.com/rancher/rke/pki"
 	"github.com/rancher/rke/util"
 	v3 "github.com/rancher/types/apis/management.cattle.io/v3"
 	"github.com/sirupsen/logrus"
@@ -114,6 +115,7 @@ func setS3OptionsFromCLI(c *cli.Context) *v3.S3BackupConfig {
 	region := c.String("region")
 	accessKey := c.String("access-key")
 	secretKey := c.String("secret-key")
+	endpointCA := c.String("s3-endpoint-ca")
 	var s3BackupBackend = &v3.S3BackupConfig{}
 	if len(endpoint) != 0 {
 		s3BackupBackend.Endpoint = endpoint
@@ -130,6 +132,14 @@ func setS3OptionsFromCLI(c *cli.Context) *v3.S3BackupConfig {
 	if len(secretKey) != 0 {
 		s3BackupBackend.SecretKey = secretKey
 	}
+	if len(endpointCA) != 0 {
+		caStr, err := pki.ReadCertToStr(endpointCA)
+		if err != nil {
+			logrus.Warnf("Failed to read s3-endpoint-ca [%s]: %v", endpointCA, err)
+		} else {
+			s3BackupBackend.EndpointCA = caStr
+		}
+	}
 	return s3BackupBackend
 }