-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add acls and tls to endpoints controller #470
Changes from 6 commits
05f1341
7c06765
683355e
696b2ca
b6488ad
b7d962d
c3cfa71
303347a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -418,6 +418,7 @@ func (c *Command) Run(args []string) int { | |
ReleaseName: c.flagReleaseName, | ||
ReleaseNamespace: c.flagReleaseNamespace, | ||
Context: ctx, | ||
ConsulClientCfg: api.DefaultConfig(), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we may need to use // create Consul API config object
cfg := api.DefaultConfig()
c.http.MergeOntoConfig(cfg)
if cfg.TLSConfig.CAFile == "" && c.flagConsulCACert != "" {
cfg.TLSConfig.CAFile = c.flagConsulCACert
}
consulURLRaw := cfg.Address
// cfg.Address may or may not be prefixed with scheme.
if !strings.Contains(cfg.Address, "://") {
consulURLRaw = fmt.Sprintf("%s://%s", cfg.Scheme, cfg.Address)
}
consulURL, err := url.Parse(consulURLRaw)
if err != nil {
c.UI.Error(fmt.Sprintf("error parsing consul address %q: %s", consulURLRaw, err))
return 1
}
// load CA file contents
var consulCACert []byte
if cfg.TLSConfig.CAFile != "" {
var err error
consulCACert, err = ioutil.ReadFile(cfg.TLSConfig.CAFile)
if err != nil {
c.UI.Error(fmt.Sprintf("error reading Consul's CA cert file %q: %s", cfg.TLSConfig.CAFile, err))
return 1
}
} I haven't tested this out in an acceptance test but I'm guessing we need to use that config? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah good catch. At runtime it worked for me deployed on a cluster as-is, but we definitely can use cfg instead here. |
||
}).SetupWithManager(mgr); err != nil { | ||
setupLog.Error(err, "unable to create controller", "controller", connectinject.EndpointsController{}) | ||
return 1 | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I liked Luke's suggestion from here to name this
remoteConsulClient
orexternalConsulClient
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remoteConsulClient
looks great, switching to that, thanks!