Skip to content
This repository was archived by the owner on Mar 9, 2022. It is now read-only.

Commit b82b524

Browse files
JulienBalestraJulienBalestra
committed
stream: can use user certificates
Signed-off-by: JulienBalestra <[email protected]>
1 parent a3af739 commit b82b524

2 files changed

Lines changed: 23 additions & 7 deletions

File tree

pkg/config/config.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -114,6 +114,10 @@ type PluginConfig struct {
114114
SystemdCgroup bool `toml:"systemd_cgroup" json:"systemdCgroup"`
115115
// EnableTLSStreaming indicates to enable the TLS streaming support.
116116
EnableTLSStreaming bool `toml:"enable_tls_streaming" json:"enableTLSStreaming"`
117+
// TLSCertFileStreaming is the path to a certificate file
118+
TLSCertFileStreaming string `toml:"tls_cert_file_streaming" json:"tlsCertFileStreaming"`
119+
// TLSKeyFileStreaming is the path to a private key file
120+
TLSKeyFileStreaming string `toml:"tls_key_file_streaming" json:"tlsKeyFileStreaming"`
117121
// MaxContainerLogLineSize is the maximum log line size in bytes for a container.
118122
// Log line longer than the limit will be split into multiple lines. Non-positive
119123
// value means no limit.

pkg/server/streaming.go

Lines changed: 19 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -44,18 +44,30 @@ func newStreamServer(c *criService, addr, port string) (streaming.Server, error)
4444
}
4545
config := streaming.DefaultConfig
4646
config.Addr = net.JoinHostPort(addr, port)
47-
runtime := newStreamRuntime(c)
48-
if c.config.EnableTLSStreaming {
49-
tlsCert, err := newTLSCert()
47+
run := newStreamRuntime(c)
48+
if !c.config.EnableTLSStreaming {
49+
return streaming.NewServer(config, run)
50+
}
51+
if c.config.TLSCertFileStreaming != "" && c.config.TLSKeyFileStreaming != "" {
52+
tlsCert, err := tls.LoadX509KeyPair(c.config.TLSCertFileStreaming, c.config.TLSKeyFileStreaming)
5053
if err != nil {
51-
return nil, errors.Wrap(err, "failed to generate tls certificate for stream server")
54+
return nil, errors.Wrap(err, "failed to load x509 key pair for stream server")
5255
}
5356
config.TLSConfig = &tls.Config{
54-
Certificates: []tls.Certificate{tlsCert},
55-
InsecureSkipVerify: true,
57+
Certificates: []tls.Certificate{tlsCert},
5658
}
59+
return streaming.NewServer(config, run)
60+
}
61+
// generating self-sign certs
62+
tlsCert, err := newTLSCert()
63+
if err != nil {
64+
return nil, errors.Wrap(err, "failed to generate tls certificate for stream server")
65+
}
66+
config.TLSConfig = &tls.Config{
67+
Certificates: []tls.Certificate{tlsCert},
68+
InsecureSkipVerify: true,
5769
}
58-
return streaming.NewServer(config, runtime)
70+
return streaming.NewServer(config, run)
5971
}
6072

6173
type streamRuntime struct {

0 commit comments

Comments
 (0)