...
1 package client
2
3 import (
4 "crypto/tls"
5 "crypto/x509"
6 "fmt"
7 "time"
8
9 clientv3 "go.etcd.io/etcd/client/v3"
10 "go.uber.org/zap"
11 "go.uber.org/zap/zapcore"
12
13 "edge-infra.dev/pkg/sds/lib/os/file"
14 )
15
16 func NewTLSConfig(fileHandler file.File) (*tls.Config, error) {
17 caCert, err := fileHandler.Read("/etc/kubernetes/pki/etcd/ca.crt")
18 if err != nil {
19 return nil, fmt.Errorf("failed to read ca.crt: %w", err)
20 }
21
22 caCertPool := x509.NewCertPool()
23 caCertPool.AppendCertsFromPEM(caCert)
24
25 cer, err := tls.LoadX509KeyPair("/etc/kubernetes/pki/etcd/server.crt", "/etc/kubernetes/pki/etcd/server.key")
26 if err != nil {
27 return nil, fmt.Errorf("failed to load key pair: %w", err)
28 }
29
30 config := &tls.Config{
31 Certificates: []tls.Certificate{cer},
32 RootCAs: caCertPool,
33 MinVersion: tls.VersionTLS12,
34 }
35 return config, nil
36 }
37
38 func New(tlsConfig *tls.Config, timeout time.Duration, endpoints ...string) (*clientv3.Client, error) {
39 config := clientv3.Config{
40 Logger: zap.New(zapcore.NewNopCore()),
41 Endpoints: endpoints,
42 DialTimeout: timeout,
43 }
44 if tlsConfig != nil {
45 config.TLS = tlsConfig
46 }
47 return clientv3.New(config)
48 }
49
View as plain text