Add TLS support for libkv #1254
Conversation
|
If we choose to make any changes to the CLI args, we probably want to keep them in sync with moby/moby#16644 |
|
Once docker/libkv#75 is merged and vendored into swarm, I'll squash the second commit on this change. |
|
Added workaround for libkv/etcd https bug in case we decide not to bump libkv version. The fix should be benign if we do decide to bump libkv |
|
LGTM. (CI unhappy but this will be fixed soon) |
|
Also |
|
FYI moby/moby#16644 was merged |
abronan
added
area/discovery
area/TLS
area/store
status/2-code-review
priority/P0
and removed
status/0-triage
labels
|
ping @docker/swarm-maintainers |
|
@dhiltgen It's a bit strange to use Perhaps |
|
@aluzzardi I was shooting for consistency with engine, but I'm fine with your proposed flag names. I'll make the change now and will push an update to the PR shortly. |
|
Does anyone have an option on flags consistency? /cc @docker/swarm-maintainers |
dhiltgen
force-pushed
the
tls_kv
branch
2 times, most recently
from
4d72eb5 to
2a75173
Compare
|
Updated with new flag name: |
| @@ -14,7 +14,7 @@ var ( | |||
| Name: "list", | |||
| ShortName: "l", | |||
| Usage: "List nodes in a cluster", | |||
| Flags: []cli.Flag{flTimeout}, | |||
| Flags: []cli.Flag{flTimeout, flClusterStoreOpt}, | |||
There was a problem hiding this comment.
We should probably change all the occurrences mentioning ClusterStoreOpt or ClusterOpt to DiscoveryOpt.
|
Renamed the internal var's to match the flag name change. |
This adds TLS support into the KV store for swarm. The manage, join,
and list commands all have a new CLI argument, matching the docker engine
discovery backend. This required adding the tlsconfig utility
package from docker engine.
Here's an example showing re-use of the cluster certs for the KV store:
swarm manage --tlsverify \
--tlscacert /etc/docker/ssl/ca.pem
--tlscert /etc/docker/ssl/cert.pem
--tlskey /etc/docker/ssl/key.pem
--discovery-opt kv.cacertfile=/etc/docker/ssl/ca.pem
--discovery-opt kv.certfile=/etc/docker/ssl/cert.pem
--discovery-opt kv.keyfile=/etc/docker/ssl/key.pem
--advertise 192.168.122.47:3376
etcd://192.168.122.47:2379
Signed-off-by: Daniel Hiltgen <[email protected]>
|
Missed a couple renames - fixed now. |
|
Thanks @dhiltgen! LGTM ping @aluzzardi for the merge |
|
LGTM |
Add TLS support for libkv
This adds TLS support into the KV store for swarm. The manage, join,
and list commands all have a new CLI argument, matching the docker engine
discovery backend. This required adding the tlsconfig utility
package from docker engine.
Here's an example showing re-use of the cluster certs for the KV store:
Signed-off-by: Daniel Hiltgen [email protected]