本文整理汇总了Golang中k8s/io/kubernetes/pkg/client/restclient.TLSConfigFor函数的典型用法代码示例。如果您正苦于以下问题:Golang TLSConfigFor函数的具体用法?Golang TLSConfigFor怎么用?Golang TLSConfigFor使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了TLSConfigFor函数的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: MakeEtcdClient
// MakeEtcdClient creates an etcd client based on the provided config.
func MakeEtcdClient(etcdClientInfo configapi.EtcdConnectionInfo) (etcdclient.Client, error) {
tlsConfig, err := restclient.TLSConfigFor(&restclient.Config{
TLSClientConfig: restclient.TLSClientConfig{
CertFile: etcdClientInfo.ClientCert.CertFile,
KeyFile: etcdClientInfo.ClientCert.KeyFile,
CAFile: etcdClientInfo.CA,
},
})
if err != nil {
return nil, err
}
transport := knet.SetTransportDefaults(&http.Transport{
TLSClientConfig: tlsConfig,
Dial: (&net.Dialer{
// default from http.DefaultTransport
Timeout: 30 * time.Second,
// Lower the keep alive for connections.
KeepAlive: 1 * time.Second,
}).Dial,
// Because watches are very bursty, defends against long delays in watch reconnections.
MaxIdleConnsPerHost: 500,
})
cfg := etcdclient.Config{
Endpoints: etcdClientInfo.URLs,
// TODO: Determine if transport needs optimization
Transport: transport,
}
return etcdclient.New(cfg)
}
示例2: dialBackend
func (p *UpgradeAwareSingleHostReverseProxy) dialBackend(req *http.Request) (net.Conn, error) {
dialAddr := netutil.CanonicalAddr(req.URL)
switch p.backendAddr.Scheme {
case "http":
return net.Dial("tcp", dialAddr)
case "https":
tlsConfig, err := restclient.TLSConfigFor(p.clientConfig)
if err != nil {
return nil, err
}
tlsConn, err := tls.Dial("tcp", dialAddr, tlsConfig)
if err != nil {
return nil, err
}
hostToVerify, _, err := net.SplitHostPort(dialAddr)
if err != nil {
return nil, err
}
err = tlsConn.VerifyHostname(hostToVerify)
return tlsConn, err
default:
return nil, fmt.Errorf("unknown scheme: %s", p.backendAddr.Scheme)
}
}
示例3: EtcdClient
// EtcdClient creates an etcd client based on the provided config.
func EtcdClient(etcdClientInfo configapi.EtcdConnectionInfo) (*etcdclient.Client, error) {
tlsConfig, err := restclient.TLSConfigFor(&restclient.Config{
TLSClientConfig: restclient.TLSClientConfig{
CertFile: etcdClientInfo.ClientCert.CertFile,
KeyFile: etcdClientInfo.ClientCert.KeyFile,
CAFile: etcdClientInfo.CA,
},
})
if err != nil {
return nil, err
}
transport := knet.SetTransportDefaults(&http.Transport{
TLSClientConfig: tlsConfig,
Dial: (&net.Dialer{
// default from http.DefaultTransport
Timeout: 30 * time.Second,
// Lower the keep alive for connections.
KeepAlive: 1 * time.Second,
}).Dial,
// Because watches are very bursty, defends against long delays in watch reconnections.
MaxIdleConnsPerHost: 500,
})
etcdClient := etcdclient.NewClient(etcdClientInfo.URLs)
etcdClient.SetTransport(transport)
etcdClient.CheckRetry = NeverRetryOnFailure
return etcdClient, nil
}
示例4: maybeWrapForConnectionUpgrades
// maybeWrapForConnectionUpgrades wraps the roundtripper for upgrades. The bool indicates if it was wrapped
func (r *proxyHandler) maybeWrapForConnectionUpgrades(rt http.RoundTripper, req *http.Request) (http.RoundTripper, bool, error) {
connectionHeader := req.Header.Get("Connection")
if len(connectionHeader) == 0 {
return rt, false, nil
}
cfg := r.getRESTConfig()
tlsConfig, err := restclient.TLSConfigFor(cfg)
if err != nil {
return nil, true, err
}
upgradeRoundTripper := spdy.NewRoundTripper(tlsConfig)
wrappedRT, err := restclient.HTTPWrappersForConfig(cfg, upgradeRoundTripper)
if err != nil {
return nil, true, err
}
return wrappedRT, true, nil
}
示例5: NewExecutor
// NewExecutor connects to the provided server and upgrades the connection to
// multiplexed bidirectional streams. The current implementation uses SPDY,
// but this could be replaced with HTTP/2 once it's available, or something else.
// TODO: the common code between this and portforward could be abstracted.
func NewExecutor(config *restclient.Config, method string, url *url.URL) (StreamExecutor, error) {
tlsConfig, err := restclient.TLSConfigFor(config)
if err != nil {
return nil, err
}
upgradeRoundTripper := spdy.NewRoundTripper(tlsConfig)
wrapper, err := restclient.HTTPWrappersForConfig(config, upgradeRoundTripper)
if err != nil {
return nil, err
}
return &streamExecutor{
upgrader: upgradeRoundTripper,
transport: wrapper,
method: method,
url: url,
}, nil
}
示例6: makeTransport
func makeTransport(config *schedulerapi.ExtenderConfig) (http.RoundTripper, error) {
var cfg restclient.Config
if config.TLSConfig != nil {
cfg.TLSClientConfig = *config.TLSConfig
}
if config.EnableHttps {
hasCA := len(cfg.CAFile) > 0 || len(cfg.CAData) > 0
if !hasCA {
cfg.Insecure = true
}
}
tlsConfig, err := restclient.TLSConfigFor(&cfg)
if err != nil {
return nil, err
}
if tlsConfig != nil {
return utilnet.SetTransportDefaults(&http.Transport{
TLSClientConfig: tlsConfig,
}), nil
}
return utilnet.SetTransportDefaults(&http.Transport{}), nil
}
示例7: getClients
// getClients returns a Kube client, OpenShift client, and registry client.
func getClients(f *clientcmd.Factory, caBundle string) (*client.Client, *kclient.Client, *http.Client, error) {
clientConfig, err := f.OpenShiftClientConfig.ClientConfig()
if err != nil {
return nil, nil, nil, err
}
var (
token string
osClient *client.Client
kClient *kclient.Client
registryClient *http.Client
)
switch {
case len(clientConfig.BearerToken) > 0:
osClient, kClient, err = f.Clients()
if err != nil {
return nil, nil, nil, err
}
token = clientConfig.BearerToken
default:
err = errors.New("You must use a client config with a token")
return nil, nil, nil, err
}
// copy the config
registryClientConfig := *clientConfig
// zero out everything we don't want to use
registryClientConfig.BearerToken = ""
registryClientConfig.CertFile = ""
registryClientConfig.CertData = []byte{}
registryClientConfig.KeyFile = ""
registryClientConfig.KeyData = []byte{}
// we have to set a username to something for the Docker login
// but it's not actually used
registryClientConfig.Username = "unused"
// set the "password" to be the token
registryClientConfig.Password = token
tlsConfig, err := restclient.TLSConfigFor(®istryClientConfig)
if err != nil {
return nil, nil, nil, err
}
// if the user specified a CA on the command line, add it to the
// client config's CA roots
if len(caBundle) > 0 {
data, err := ioutil.ReadFile(caBundle)
if err != nil {
return nil, nil, nil, err
}
if tlsConfig.RootCAs == nil {
tlsConfig.RootCAs = x509.NewCertPool()
}
tlsConfig.RootCAs.AppendCertsFromPEM(data)
}
transport := knet.SetTransportDefaults(&http.Transport{
TLSClientConfig: tlsConfig,
})
wrappedTransport, err := restclient.HTTPWrappersForConfig(®istryClientConfig, transport)
if err != nil {
return nil, nil, nil, err
}
registryClient = &http.Client{
Transport: wrappedTransport,
}
return osClient, kClient, registryClient, nil
}
示例8: init
func (h *hawkularSink) init() error {
h.reg = make(map[string]*metrics.MetricDefinition)
h.models = make(map[string]*metrics.MetricDefinition)
h.modifiers = make([]metrics.Modifier, 0)
h.filters = make([]Filter, 0)
h.batchSize = batchSizeDefault
p := metrics.Parameters{
Tenant: "heapster",
Url: h.uri.String(),
Concurrency: concurrencyDefault,
}
opts := h.uri.Query()
if v, found := opts["tenant"]; found {
p.Tenant = v[0]
}
if v, found := opts["labelToTenant"]; found {
h.labelTenant = v[0]
}
if v, found := opts[nodeId]; found {
h.labelNodeId = v[0]
}
if v, found := opts["useServiceAccount"]; found {
if b, _ := strconv.ParseBool(v[0]); b {
// If a readable service account token exists, then use it
if contents, err := ioutil.ReadFile(defaultServiceAccountFile); err == nil {
p.Token = string(contents)
}
}
}
// Authentication / Authorization parameters
tC := &tls.Config{}
if v, found := opts["auth"]; found {
if _, f := opts["caCert"]; f {
return fmt.Errorf("Both auth and caCert files provided, combination is not supported")
}
if len(v[0]) > 0 {
// Authfile
kubeConfig, err := kubeClientCmd.NewNonInteractiveDeferredLoadingClientConfig(&kubeClientCmd.ClientConfigLoadingRules{
ExplicitPath: v[0]},
&kubeClientCmd.ConfigOverrides{}).ClientConfig()
if err != nil {
return err
}
tC, err = kube_client.TLSConfigFor(kubeConfig)
if err != nil {
return err
}
}
}
if u, found := opts["user"]; found {
if _, wrong := opts["useServiceAccount"]; wrong {
return fmt.Errorf("If user and password are used, serviceAccount cannot be used")
}
if p, f := opts["pass"]; f {
h.modifiers = append(h.modifiers, func(req *http.Request) error {
req.SetBasicAuth(u[0], p[0])
return nil
})
}
}
if v, found := opts["caCert"]; found {
caCert, err := ioutil.ReadFile(v[0])
if err != nil {
return err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tC.RootCAs = caCertPool
}
if v, found := opts["insecure"]; found {
_, f := opts["caCert"]
_, f2 := opts["auth"]
if f || f2 {
return fmt.Errorf("Insecure can't be defined with auth or caCert")
}
insecure, err := strconv.ParseBool(v[0])
if err != nil {
return err
}
tC.InsecureSkipVerify = insecure
}
p.TLSConfig = tC
// Filters
if v, found := opts["filter"]; found {
filters, err := parseFilters(v)
//.........这里部分代码省略.........
示例9: init
// init initializes the Hawkular dataSource. Almost equal to the Heapster initialization
func (hs *hawkularSource) init() error {
hs.modifiers = make([]metrics.Modifier, 0)
p := metrics.Parameters{
Tenant: "heapster", // This data is stored by the heapster - for no-namespace hits
Url: hs.uri.String(),
}
opts := hs.uri.Query()
if v, found := opts["tenant"]; found {
p.Tenant = v[0]
}
if v, found := opts["useServiceAccount"]; found {
if b, _ := strconv.ParseBool(v[0]); b {
accountFile := defaultServiceAccountFile
if file, f := opts["serviceAccountFile"]; f {
accountFile = file[0]
}
// If a readable service account token exists, then use it
if contents, err := ioutil.ReadFile(accountFile); err == nil {
p.Token = string(contents)
} else {
glog.Errorf("Could not read contents of %s, no token authentication is used\n", defaultServiceAccountFile)
}
}
}
// Authentication / Authorization parameters
tC := &tls.Config{}
if v, found := opts["auth"]; found {
if _, f := opts["caCert"]; f {
return fmt.Errorf("Both auth and caCert files provided, combination is not supported")
}
if len(v[0]) > 0 {
// Authfile
kubeConfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(&clientcmd.ClientConfigLoadingRules{
ExplicitPath: v[0]},
&clientcmd.ConfigOverrides{}).ClientConfig()
if err != nil {
return err
}
tC, err = restclient.TLSConfigFor(kubeConfig)
if err != nil {
return err
}
}
}
if u, found := opts["user"]; found {
if _, wrong := opts["useServiceAccount"]; wrong {
return fmt.Errorf("If user and password are used, serviceAccount cannot be used")
}
if p, f := opts["pass"]; f {
hs.modifiers = append(hs.modifiers, func(req *http.Request) error {
req.SetBasicAuth(u[0], p[0])
return nil
})
}
}
if v, found := opts["caCert"]; found {
caCert, err := ioutil.ReadFile(v[0])
if err != nil {
return err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tC.RootCAs = caCertPool
}
if v, found := opts["insecure"]; found {
insecure, err := strconv.ParseBool(v[0])
if err != nil {
return err
}
tC.InsecureSkipVerify = insecure
}
p.TLSConfig = tC
c, err := metrics.NewHawkularClient(p)
if err != nil {
return err
}
hs.client = c
glog.Infof("Initialised Hawkular Source with parameters %v", p)
return nil
}