Support etcd TLS certficates (#6719)

This PR supports two models for etcd certs - Client-to-server transport security with HTTPS - Client-to-server authentication with HTTPS client certificates
2025-11-20 01:50:24 -05:00 · 2018-10-29 11:14:12 -07:00
parent 7e879a45d5
commit 9fe51e392b
5 changed files with 39 additions and 15 deletions
--- a/cmd/gateway-main.go
+++ b/cmd/gateway-main.go
@@ -134,9 +134,6 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
 	// Handle common command args.
 	handleCommonCmdArgs(ctx)

-	// Handle common env vars.
-	handleCommonEnvVars()
-
 	// Get port to listen on from gateway address
 	_, gatewayPort, pErr := net.SplitHostPort(gatewayAddr)
 	if pErr != nil {
@@ -149,11 +146,6 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
 	// To avoid this error situation we check for port availability.
 	logger.FatalIf(checkPortAvailability(gatewayPort), "Unable to start the gateway")

-	// Validate if we have access, secret set through environment.
-	if !globalIsEnvCreds {
-		logger.Fatal(uiErrEnvCredentialsMissingGateway(nil), "Unable to start gateway")
-	}
-
 	// Create certs path.
 	logger.FatalIf(createConfigDir(), "Unable to create configuration directories")

@@ -166,6 +158,14 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
 	globalRootCAs, err = getRootCAs(getCADir())
 	logger.FatalIf(err, "Failed to read root CAs (%v)", err)

+	// Handle common env vars.
+	handleCommonEnvVars()
+
+	// Validate if we have access, secret set through environment.
+	if !globalIsEnvCreds {
+		logger.Fatal(uiErrEnvCredentialsMissingGateway(nil), "Unable to start gateway")
+	}
+
 	// Set system resources to maximum.
 	logger.LogIf(context.Background(), setMaxResources())