prometheus/cadvisor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add runtime options for TLS support

Browse Source
This commit is contained in:
Karl 2017-06-16 18:26:47 +02:00
parent bcc6f2d23d
commit 5a033c064e
3 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
container/docker/client.go
View File

@ -18,9 +18,11 @@
package docker package docker
import ( import (
"net/http"
"sync" "sync"
dclient "github.com/docker/engine-api/client" dclient "github.com/docker/engine-api/client"
"github.com/docker/go-connections/tlsconfig"
) )
var ( var (
@ -29,9 +31,32 @@ var (
dockerClientOnce sync.Once dockerClientOnce sync.Once
) )
// Client creates a Docker API client based on the given Docker flags
func Client() (*dclient.Client, error) { func Client() (*dclient.Client, error) {
dockerClientOnce.Do(func() { dockerClientOnce.Do(func() {
dockerClient, dockerClientErr = dclient.NewClient(*ArgDockerEndpoint, "", nil, nil) var client *http.Client
if *ArgDockerTLS {
client = &http.Client{}
options := tlsconfig.Options{
CAFile: *ArgDockerCA,
CertFile: *ArgDockerCert,
KeyFile: *ArgDockerKey,
InsecureSkipVerify: false,
}
tlsc, err := tlsconfig.Client(options)
if err != nil {
dockerClientErr = err
return
}
client.Transport = &http.Transport{
TLSClientConfig: tlsc,
}
}
dockerClient, dockerClientErr = dclient.NewClient(*ArgDockerEndpoint,
"",
client,
nil)
}) })
return dockerClient, dockerClientErr return dockerClient, dockerClientErr
} }

4
container/docker/factory.go
View File

@ -41,6 +41,10 @@ import (
) )
var ArgDockerEndpoint = flag.String("docker", "unix:///var/run/docker.sock", "docker endpoint") var ArgDockerEndpoint = flag.String("docker", "unix:///var/run/docker.sock", "docker endpoint")
var ArgDockerTLS = flag.Bool("docker-tls", false, "use TLS to connect to docker")
var ArgDockerCert = flag.String("docker-tls-cert", "cert.pem", "path to client certificate")
var ArgDockerKey = flag.String("docker-tls-key", "key.pem", "path to private key")
var ArgDockerCA = flag.String("docker-tls-ca", "ca.pem", "path to trusted CA")
// The namespace under which Docker aliases are unique. // The namespace under which Docker aliases are unique.
const DockerNamespace = "docker" const DockerNamespace = "docker"

4
docs/runtime_options.md
View File

@ -46,6 +46,10 @@ From [glog](https://github.com/golang/glog) here are some flags we find useful:
--docker_env_metadata_whitelist="": a comma-separated list of environment variable keys that needs to be collected for docker containers --docker_env_metadata_whitelist="": a comma-separated list of environment variable keys that needs to be collected for docker containers
--docker_only=false: Only report docker containers in addition to root stats --docker_only=false: Only report docker containers in addition to root stats
--docker_root="/var/lib/docker": DEPRECATED: docker root is read from docker info (this is a fallback, default: /var/lib/docker) (default "/var/lib/docker") --docker_root="/var/lib/docker": DEPRECATED: docker root is read from docker info (this is a fallback, default: /var/lib/docker) (default "/var/lib/docker")
--docker-tls: use TLS to connect to docker
--docker-tls-cert="cert.pem": client certificate for TLS-connection with docker
--docker-tls-key="key.pem": private key for TLS-connection with docker
--docker-tls-ca="ca.pem": trusted CA for TLS-connection with docker
``` ```
## Housekeeping ## Housekeeping