Add runtime options for TLS support
This commit is contained in:
Karl
parent
bcc6f2d23d
commit
5a033c064e
@ -18,9 +18,11 @@
|
||||
package docker
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"sync"
|
||||
|
||||
dclient "github.com/docker/engine-api/client"
|
||||
"github.com/docker/go-connections/tlsconfig"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -29,9 +31,32 @@ var (
|
||||
dockerClientOnce sync.Once
|
||||
)
|
||||
|
||||
// Client creates a Docker API client based on the given Docker flags
|
||||
func Client() (*dclient.Client, error) {
|
||||
dockerClientOnce.Do(func() {
|
||||
dockerClient, dockerClientErr = dclient.NewClient(*ArgDockerEndpoint, "", nil, nil)
|
||||
var client *http.Client
|
||||
if *ArgDockerTLS {
|
||||
client = &http.Client{}
|
||||
options := tlsconfig.Options{
|
||||
CAFile: *ArgDockerCA,
|
||||
CertFile: *ArgDockerCert,
|
||||
KeyFile: *ArgDockerKey,
|
||||
InsecureSkipVerify: false,
|
||||
}
|
||||
tlsc, err := tlsconfig.Client(options)
|
||||
if err != nil {
|
||||
dockerClientErr = err
|
||||
return
|
||||
}
|
||||
client.Transport = &http.Transport{
|
||||
TLSClientConfig: tlsc,
|
||||
}
|
||||
}
|
||||
dockerClient, dockerClientErr = dclient.NewClient(*ArgDockerEndpoint,
|
||||
"",
|
||||
client,
|
||||
nil)
|
||||
|
||||
})
|
||||
return dockerClient, dockerClientErr
|
||||
}
|
||||
|
||||
@ -41,6 +41,10 @@ import (
|
||||
)
|
||||
|
||||
var ArgDockerEndpoint = flag.String("docker", "unix:///var/run/docker.sock", "docker endpoint")
|
||||
var ArgDockerTLS = flag.Bool("docker-tls", false, "use TLS to connect to docker")
|
||||
var ArgDockerCert = flag.String("docker-tls-cert", "cert.pem", "path to client certificate")
|
||||
var ArgDockerKey = flag.String("docker-tls-key", "key.pem", "path to private key")
|
||||
var ArgDockerCA = flag.String("docker-tls-ca", "ca.pem", "path to trusted CA")
|
||||
|
||||
// The namespace under which Docker aliases are unique.
|
||||
const DockerNamespace = "docker"
|
||||
|
||||
@ -46,6 +46,10 @@ From [glog](https://github.com/golang/glog) here are some flags we find useful:
|
||||
--docker_env_metadata_whitelist="": a comma-separated list of environment variable keys that needs to be collected for docker containers
|
||||
--docker_only=false: Only report docker containers in addition to root stats
|
||||
--docker_root="/var/lib/docker": DEPRECATED: docker root is read from docker info (this is a fallback, default: /var/lib/docker) (default "/var/lib/docker")
|
||||
--docker-tls: use TLS to connect to docker
|
||||
--docker-tls-cert="cert.pem": client certificate for TLS-connection with docker
|
||||
--docker-tls-key="key.pem": private key for TLS-connection with docker
|
||||
--docker-tls-ca="ca.pem": trusted CA for TLS-connection with docker
|
||||
```
|
||||
|
||||
## Housekeeping
|
||||
|
||||
Loading…
Reference in New Issue
Block a user