TLS support for http and RPC #1853
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diptanu
force-pushed
the
f-rpc-http-tls
branch
2 times, most recently
from
f834ea5 to
348382c
Compare
diptanu
force-pushed
the
f-rpc-http-tls
branch
from
348382c to
0e6e5b3
Compare
dadgar
reviewed
Oct 25, 2016
| @@ -164,12 +165,22 @@ var ( | |||
|
|
|||
| // NewClient is used to create a new client from the given configuration | |||
| func NewClient(cfg *config.Config, consulSyncer *consul.Syncer, logger *log.Logger) (*Client, error) { | |||
| //Create the tls wrapper | |||
| @@ -132,6 +133,32 @@ type Config struct { | |||
| // PublishAllocationMetrics determines whether nomad is going to publish | |||
| // allocation metrics to remote Telemetry sinks | |||
| PublishAllocationMetrics bool | |||
|
|
|||
| // HttpTLS enables TLS for the HTTP endpoints on the clients. | |||
| HttpTLS bool | |||
There was a problem hiding this comment.
Can you just embed the TLSConfig struct
|
|
||
| // CAFile is a path to a certificate authority file. This is used with VerifyIncoming | ||
| // or VerifyOutgoing to verify the TLS connection. | ||
| CAFile string `mapstructure:"ca_file"` |
| @@ -191,6 +192,29 @@ type Config struct { | |||
| // This period is meant to be long enough for a leader election to take | |||
| // place, and a small jitter is applied to avoid a thundering herd. | |||
| RPCHoldTimeout time.Duration | |||
|
|
|||
| // Enable TLS for incoming RPC calls from Nomad clients | |||
| RpcTLS bool | |||
| @@ -0,0 +1,237 @@ | |||
| package tlsutil | |||
There was a problem hiding this comment.
Should this be in helper pkg?
| @@ -0,0 +1,17 @@ | |||
| -----BEGIN CERTIFICATE----- | |||
There was a problem hiding this comment.
These should be in a subdirectory under the tlsutil, not at the top level
Closed
|
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A subsequent PR is going to introduce support for TLS in the Nomad CLI and API client lib.