Merge pull request #3968 from onedr0p/etcd-snapshot-insecure

Allow option to disable s3 over https when using etcd-snapshot
3 years ago · bfb3d9b19d
7 changed files with 17 additions and 1 deletions
--- a/pkg/cli/cmds/etcd_snapshot.go
+++ b/pkg/cli/cmds/etcd_snapshot.go
@ -77,6 +77,11 @@ var EtcdSnapshotFlags = []cli.Flag{
 		Usage:       "(db) S3 folder",
 		Destination: &ServerConfig.EtcdS3Folder,
 	},
+	&cli.BoolFlag{
+		Name:        "s3-insecure",
+		Usage:       "(db) Disables S3 over HTTPS",
+		Destination: &ServerConfig.EtcdS3Insecure,
+	},
 }

 func NewEtcdSnapshotCommand(action func(*cli.Context) error, subcommands []cli.Command) cli.Command {
--- a/pkg/cli/cmds/server.go
+++ b/pkg/cli/cmds/server.go
@ -89,6 +89,7 @@ type Server struct {
 	EtcdS3BucketName         string
 	EtcdS3Region             string
 	EtcdS3Folder             string
+	EtcdS3Insecure           bool
 }

 var (
@ -331,6 +332,11 @@ func NewServerCommand(action func(*cli.Context) error) cli.Command {
 				Usage:       "(db) S3 folder",
 				Destination: &ServerConfig.EtcdS3Folder,
 			},
+			&cli.BoolFlag{
+				Name:        "etcd-s3-insecure",
+				Usage:       "(db) Disables S3 over HTTPS",
+				Destination: &ServerConfig.EtcdS3Insecure,
+			},
 			cli.StringFlag{
 				Name:        "default-local-storage-path",
 				Usage:       "(storage) Default local storage path for local provisioner storage class",
--- a/pkg/cli/etcdsnapshot/etcd_snapshot.go
+++ b/pkg/cli/etcdsnapshot/etcd_snapshot.go
@ -49,6 +49,7 @@ func commandSetup(app *cli.Context, cfg *cmds.Server, sc *server.Config) (string
 	sc.ControlConfig.EtcdS3BucketName = cfg.EtcdS3BucketName
 	sc.ControlConfig.EtcdS3Region = cfg.EtcdS3Region
 	sc.ControlConfig.EtcdS3Folder = cfg.EtcdS3Folder
+	sc.ControlConfig.EtcdS3Insecure = cfg.EtcdS3Insecure
 	sc.ControlConfig.Runtime = &config.ControlRuntime{}

 	return server.ResolveDataDir(cfg.DataDir)
--- a/pkg/cli/server/server.go
+++ b/pkg/cli/server/server.go
@ -145,6 +145,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 		serverConfig.ControlConfig.EtcdS3BucketName = cfg.EtcdS3BucketName
 		serverConfig.ControlConfig.EtcdS3Region = cfg.EtcdS3Region
 		serverConfig.ControlConfig.EtcdS3Folder = cfg.EtcdS3Folder
+		serverConfig.ControlConfig.EtcdS3Insecure = cfg.EtcdS3Insecure
 	} else {
 		logrus.Info("ETCD snapshots are disabled")
 	}
--- a/pkg/daemons/config/types.go
+++ b/pkg/daemons/config/types.go
@ -167,6 +167,7 @@ type Control struct {
 	EtcdS3BucketName         string
 	EtcdS3Region             string
 	EtcdS3Folder             string
+	EtcdS3Insecure           bool

 	BindAddress string
 	SANs        []string
--- a/pkg/etcd/etcd.go
+++ b/pkg/etcd/etcd.go
@ -879,6 +879,7 @@ type s3Config struct {
 	Bucket        string `json:"bucket,omitempty"`
 	Region        string `json:"region,omitempty"`
 	Folder        string `json:"folder,omitempty"`
+	Insecure      bool   `json:"insecure,omitempty"`
 }

 // SnapshotFile represents a single snapshot and it's
@ -945,6 +946,7 @@ func (e *ETCD) listSnapshots(ctx context.Context, snapshotDir string) ([]Snapsho
 					Bucket:        e.config.EtcdS3BucketName,
 					Region:        e.config.EtcdS3Region,
 					Folder:        e.config.EtcdS3Folder,
+					Insecure:      e.config.EtcdS3Insecure,
 				},
 			})
 		}
--- a/pkg/etcd/s3.go
+++ b/pkg/etcd/s3.go
@ -53,7 +53,7 @@ func NewS3(ctx context.Context, config *config.Control) (*S3, error) {

 	opt := minio.Options{
 		Creds:        creds,
-		Secure:       true,
+		Secure:       !config.EtcdS3Insecure,
 		Region:       config.EtcdS3Region,
 		Transport:    tr,
 		BucketLookup: bucketLookupType(config.EtcdS3Endpoint),