...

Source file src/edge-infra.dev/pkg/sds/lib/etcd/client/client.go

Documentation: edge-infra.dev/pkg/sds/lib/etcd/client

     1  package client
     2  
     3  import (
     4  	"crypto/tls"
     5  	"crypto/x509"
     6  	"fmt"
     7  	"time"
     8  
     9  	clientv3 "go.etcd.io/etcd/client/v3"
    10  	"go.uber.org/zap"
    11  	"go.uber.org/zap/zapcore"
    12  
    13  	"edge-infra.dev/pkg/sds/lib/os/file"
    14  )
    15  
    16  func NewTLSConfig(fileHandler file.File) (*tls.Config, error) {
    17  	caCert, err := fileHandler.Read("/etc/kubernetes/pki/etcd/ca.crt")
    18  	if err != nil {
    19  		return nil, fmt.Errorf("failed to read ca.crt: %w", err)
    20  	}
    21  
    22  	caCertPool := x509.NewCertPool()
    23  	caCertPool.AppendCertsFromPEM(caCert)
    24  
    25  	cer, err := tls.LoadX509KeyPair("/etc/kubernetes/pki/etcd/server.crt", "/etc/kubernetes/pki/etcd/server.key")
    26  	if err != nil {
    27  		return nil, fmt.Errorf("failed to load key pair: %w", err)
    28  	}
    29  
    30  	config := &tls.Config{
    31  		Certificates: []tls.Certificate{cer},
    32  		RootCAs:      caCertPool,
    33  		MinVersion:   tls.VersionTLS12,
    34  	}
    35  	return config, nil
    36  }
    37  
    38  func New(tlsConfig *tls.Config, timeout time.Duration, endpoints ...string) (*clientv3.Client, error) {
    39  	config := clientv3.Config{
    40  		Logger:      zap.New(zapcore.NewNopCore()),
    41  		Endpoints:   endpoints,
    42  		DialTimeout: timeout,
    43  	}
    44  	if tlsConfig != nil {
    45  		config.TLS = tlsConfig
    46  	}
    47  	return clientv3.New(config)
    48  }
    49  

View as plain text