Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-11-02 10:13:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

README.md: clean TLS cert language (#797)

Browse Source 
Cleanup various READMEs to use the same naming scheme for certs, keys,
and cacerts.

Fixes #762
This commit is contained in:
Miek Gieben
2017-07-29 04:03:55 -07:00
committed by GitHub
parent 64353d8f3b
commit 9b805988f4
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
middleware/etcd/README.md
View File

@@ -26,7 +26,7 @@ etcd [ZONES...] {
path PATH path PATH
endpoint ENDPOINT... endpoint ENDPOINT...
upstream ADDRESS... upstream ADDRESS...
tls CERT KEY CACERt tls CERT KEY CACERT
debug debug
} }
~~~ ~~~

4
middleware/kubernetes/README.md
View File

@@ -10,7 +10,7 @@ CoreDNS running the kubernetes middleware can be used as a replacement of kube-d
kubernetes ZONE [ZONE...] [{ kubernetes ZONE [ZONE...] [{
[resyncperiod DURATION] [resyncperiod DURATION]
[endpoint URL [endpoint URL
[tls CERT-FILE KEY-FILE CACERT-FILE]] [tls CERT KEY CACERT]]
[namespaces NAMESPACE [NAMESPACE...]] [namespaces NAMESPACE [NAMESPACE...]]
[labels EXPRESSION] [labels EXPRESSION]
[pods POD-MODE] [pods POD-MODE]
@@ -46,7 +46,7 @@ kubernetes ZONE [ZONE...] [{
} }
``` ```
* `tls` **CERT-FILE KEY-FILE CACERT-FILE** * `tls` **CERT** **KEY** **CACERT**
The TLS cert, key and the CA cert file names for remote k8s connection. This option is ignored if connecting in-cluster (i.e. endpoint is not The TLS cert, key and the CA cert file names for remote k8s connection. This option is ignored if connecting in-cluster (i.e. endpoint is not
specified). specified).

10
middleware/proxy/README.md
View File

@@ -27,7 +27,7 @@ proxy FROM TO... {
health_check PATH:PORT [DURATION] health_check PATH:PORT [DURATION]
except IGNORED_NAMES... except IGNORED_NAMES...
spray spray
protocol [dns [force_tcp]|https_google [bootstrap ADDRESS...]|grpc [insecure|CA-PEM|KEY-PEM CERT-PEM|KEY-PEM CERT-PEM CA-PEM]] protocol [dns [force_tcp]|https_google [bootstrap ADDRESS...]|grpc [insecure|CACERT|KEY CERT|KEY CERT CACERT]]
} }
~~~ ~~~
@@ -85,11 +85,11 @@ payload over HTTPS). Note that with `https_google` the entire transport is encry
* `grpc`: options are used to control how the TLS connection is made to the gRPC server. * `grpc`: options are used to control how the TLS connection is made to the gRPC server.
* None - No client authentication is used, and the system CAs are used to verify the server certificate. * None - No client authentication is used, and the system CAs are used to verify the server certificate.
* `insecure` - TLS is not used, the connection is made in plaintext (not good in production). * `insecure` - TLS is not used, the connection is made in plaintext (not good in production).
* CA-PEM - No client authentication is used, and the file CA-PEM is used to verify the server certificate. * **CACERT** - No client authentication is used, and the file **CACERT** is used to verify the server certificate.
* KEY-PEM CERT-PEM - Client authentication is used with the specified key/cert pair. The server * **KEY** **CERT** - Client authentication is used with the specified key/cert pair. The server
certificate is verified with the system CAs. certificate is verified with the system CAs.
* KEY-PEM CERT-PEM CA-PEM - Client authentication is used with the specified key/cert pair. The * **KEY** **CERT** **CACERT** - Client authentication is used with the specified key/cert pair. The
server certificate is verified using the CA-PEM file. server certificate is verified using the **CACERT** file.
An out-of-tree middleware that implements the server side of this can be found at An out-of-tree middleware that implements the server side of this can be found at
[here](https://github.com/infobloxopen/coredns-grpc). [here](https://github.com/infobloxopen/coredns-grpc).