Add TLS support for k8s middleware (#289)

* Added TLS to k8s client Added options for TLS kubernetes client connection. * Fix k8s TLS config option parsing Brings config option parsing for kubernetes TLS in line with recent changes. * Put TLS config on one line Put kubernetes tls config on one line to match style established in etcd tls config. * Add tls option to README
2016-09-23 18:07:06 -04:00 · 2016-09-23 18:07:06 -04:00 · 15297c8e63
commit 15297c8e63
parent b9cf32f7a9
3 changed files with 43 additions and 12 deletions
--- a/middleware/kubernetes/kubernetes.go
+++ b/middleware/kubernetes/kubernetes.go
@ -18,6 +18,7 @@ import (
 	"k8s.io/kubernetes/pkg/api"
 	unversionedapi "k8s.io/kubernetes/pkg/api/unversioned"
 	unversionedclient "k8s.io/kubernetes/pkg/client/unversioned"
+	"k8s.io/kubernetes/pkg/client/restclient"
 	"k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
 	clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
 	"k8s.io/kubernetes/pkg/labels"
@ -29,6 +30,9 @@ type Kubernetes struct {
 	Zones         []string
 	Proxy         proxy.Proxy // Proxy for looking up names during the resolution process
 	APIEndpoint   string
+	APICertAuth   string
+	APIClientCert string
+	APIClientKey  string
 	APIConn       *dnsController
 	ResyncPeriod  time.Duration
 	NameTemplate  *nametemplate.NameTemplate
@ -37,23 +41,41 @@ type Kubernetes struct {
 	Selector      *labels.Selector
 }

-// InitKubeCache initializes a new Kubernetes cache.
-// TODO(miek): is this correct?
-func (k *Kubernetes) InitKubeCache() error {
+func (k *Kubernetes) getClientConfig() (*restclient.Config, error) {
 	// For a custom api server or running outside a k8s cluster
 	// set URL in env.KUBERNETES_MASTER or set endpoint in Corefile
 	loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
 	overrides := &clientcmd.ConfigOverrides{}
+	clusterinfo := clientcmdapi.Cluster{}
+	authinfo := clientcmdapi.AuthInfo{}
 	if len(k.APIEndpoint) > 0 {
-		overrides.ClusterInfo = clientcmdapi.Cluster{Server: k.APIEndpoint}
+		clusterinfo.Server = k.APIEndpoint
 	}
+	if len(k.APICertAuth) > 0 {
+		clusterinfo.CertificateAuthority = k.APICertAuth
+	}
+	if len(k.APIClientCert) > 0 {
+		authinfo.ClientCertificate = k.APIClientCert
+	}
+	if len(k.APIClientKey) > 0 {
+		authinfo.ClientKey = k.APIClientKey
+	}
+	overrides.ClusterInfo = clusterinfo
+	overrides.AuthInfo = authinfo
 	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, overrides)
-	config, err := clientConfig.ClientConfig()
+	return clientConfig.ClientConfig()
+}
+
+// InitKubeCache initializes a new Kubernetes cache.
+// TODO(miek): is this correct?
+func (k *Kubernetes) InitKubeCache() error {
+
+	config, err := k.getClientConfig()
 	if err != nil {
 		return err
 	}
-	kubeClient, err := unversionedclient.New(config)

+	kubeClient, err := unversionedclient.New(config)
 	if err != nil {
 		log.Printf("[ERROR] Failed to create kubernetes notification controller: %v", err)
 		return err