Open markhowells opened 8 years ago
itsonlycode
commented
8 years ago I had the same issue. I made up a new backend that does TLS. It works by setting env. variables ETCD_CACERT, ETCD_TLSPEM, ETCD_TLSKEY. I made it for skydns2 but if you need it for etcd directly it is only a couple of lines of code. https://github.com/rudolfrandal/registrator
progrium
commented
8 years ago You can't run an etcd daemon in client mode? I would take a PR for TLS support for Etcd using environment variables.
evan-mcginnis
commented
8 years ago I am really interested in getting this working for etcd, but I'm don't have anything in the way of go skills. How can I get this working for etcd?
dalbani
commented
8 years ago For those who might be interested, I've hacked a etcd2 backend (version 1 is really end-of-life now, version 3 is even available!): https://github.com/dalbani/registrator/commit/d1c54fc046fb0c80f3b4c8c13756438053cba001
Credits to @rudolfrandal, I simply adapted his code.
I run this container with:
docker run --name=registrator --net=host --volume=/var/run/docker.sock:/tmp/docker.sock --env ETCD_CERT_FILE=/etc/ssl/etcd/client.cert.pem --env ETCD_KEY_FILE=/etc/ssl/etcd/client.key.pem --env ETCD_CA_CERT_FILE=/etc/ssl/etcd/ca/cert.pem -v /etc/ssl/etcd/:/etc/ssl/etcd:ro damianoalbani/registrator:v7 etcd2://1.2.3.4:2379/services
Due to a number of operational issues, it fairly well impossible for us to deploy etcd offering http endpoints - all our traffic must be secured using SSL/TLS. Is there any intention to allow a secured connection to the etcd cluster?