Add fields for TLS material to destination config

meln5674 · meln5674 · commit d1b90b399d65 · 2024-11-30T13:49:30.000-07:00
Signed-off-by: Andrew Melnick &lt;meln5674@kettering.edu&gt;
diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md
@@ -907,11 +907,24 @@ URI to access the Podman service
 - **rootless remote** - ssh://user@engineering.lab.company.com/run/user/1000/podman/podman.sock
 - **rootful local**  - unix:///run/podman/podman.sock
 - **rootful remote** - ssh://root@10.10.1.136:22/run/podman/podman.sock
+- **tcp/tls remote** - tcp://10.10.1.136:9443
 
 **identity="~/.ssh/id_rsa**
 
 Path to file containing ssh identity key
 
+**tls_cert_file="~/certs/podman/tls.crt"**
+
+Path to PEM file containing TLS client certificate
+
+**tls_key_file="~/certs/podman/tls.key"**
+
+Path to PEM file containing TLS client certificate private key
+
+**tls_ca_file="~/certs/podman/ca.crt"**
+
+Path to PEM file containing TLS certificate authority (CA) bundle
+
 **[engine.volume_plugins]**
 
 A table of all the enabled volume plugins on the system. Volume plugins can be
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -701,6 +701,13 @@ type Destination struct {
 	// Identity file with ssh key, optional
 	Identity string `json:",omitempty" toml:"identity,omitempty"`
 
+	// Path to TLS client certificate PEM file, optional
+	TLSCertFile string `json:",omitempty" toml:"tls_cert_file,omitempty"`
+	// Path to TLS client certificate private key PEM file, optional
+	TLSKeyFile string `json:",omitempty" toml:"tls_key_file,omitempty"`
+	// Path to TLS certificate authority PEM file, optional
+	TLSCAFile string `json:",omitempty" toml:"tls_ca_file,omitempty"`
+
 	// isMachine describes if the remote destination is a machine.
 	IsMachine bool `json:",omitempty" toml:"is_machine,omitempty"`
 }
diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf
@@ -766,10 +766,18 @@ default_sysctls = [
 #       rootful "unix:///run/podman/podman.sock (Default)
 #       remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
 #       remote rootful ssh://root@10.10.1.136:22/run/podman/podman.sock
+#       tcp/tls remote tcp://10.10.1.136:9443
 #
 #    uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock"
 #    Path to file containing ssh identity key
 #    identity = "~/.ssh/id_rsa"
+#    Path to PEM file containing TLS client certificate
+#    tls_cert_file = "~/certs/podman/tls.crt"
+#    Path to PEM file containing TLS client certificate private key
+#    tls_key_file = "~/certs/podman/tls.key"
+#    Path to PEM file containing TLS certificate authority (CA) bundle
+#    tls_ca_file = "~/certs/podman/ca.crt"
+
 
 # Directory for temporary files. Must be tmpfs (wiped after reboot)
 #
diff --git a/pkg/config/containers.conf-freebsd b/pkg/config/containers.conf-freebsd
@@ -587,10 +587,17 @@ default_sysctls = [
 #       rootful "unix:///run/podman/podman.sock (Default)
 #       remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
 #       remote rootful ssh://root@10.10.1.136:22/run/podman/podman.sock
+#       tcp/tls remote tcp://10.10.1.136:9443
 #
 #    uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock"
 #    Path to file containing ssh identity key
 #    identity = "~/.ssh/id_rsa"
+#    Path to PEM file containing TLS client certificate
+#    tls_cert_file = "~/certs/podman/tls.crt"
+#    Path to PEM file containing TLS client certificate private key
+#    tls_key_file = "~/certs/podman/tls.key"
+#    Path to PEM file containing TLS certificate authority (CA) bundle
+#    tls_ca_file = "~/certs/podman/ca.crt"
 
 # Directory for temporary files. Must be tmpfs (wiped after reboot)
 #
