Introduce peer-local-addr

Signed-off-by: HighPon <s.shiraki.business@gmail.com>
etcd-io · May 3, 2024 · e82c7e0 · e82c7e0
1 parent 36414cb
commit e82c7e0
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 1 deletion.
diff --git a/client/pkg/transport/listener.go b/client/pkg/transport/listener.go
@@ -193,6 +193,9 @@ type TLSInfo struct {
 	// EmptyCN indicates that the cert must have empty CN.
 	// If true, ClientConfig() will return an error for a cert with non empty CN.
 	EmptyCN bool
+
+	// LocalAddr is the local IP address to use when communicating peer.
+	LocalAddr string
 }
 
 func (info TLSInfo) String() string {

diff --git a/client/pkg/transport/transport.go b/client/pkg/transport/transport.go
@@ -30,10 +30,19 @@ func NewTransport(info TLSInfo, dialtimeoutd time.Duration) (*http.Transport, er
 		return nil, err
 	}
 
+	var ipAddr net.Addr
+	if info.LocalAddr != "" {
+		ipAddr, err = net.ResolveTCPAddr("tcp", info.LocalAddr+":0")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	t := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		DialContext: (&net.Dialer{
-			Timeout: dialtimeoutd,
+			Timeout:   dialtimeoutd,
+			LocalAddr: ipAddr,
 			// value taken from http.DefaultTransport
 			KeepAlive: 30 * time.Second,
 		}).DialContext,

diff --git a/server/config/config.go b/server/config/config.go
@@ -204,6 +204,9 @@ type ServerConfig struct {
 
 	// V2Deprecation defines a phase of v2store deprecation process.
 	V2Deprecation V2DeprecationEnum `json:"v2-deprecation"`
+
+	// LocalAddr is the local IP address to use when communicating peer.
+	LocalAddr string `json:"local-address"`
 }
 
 // VerifyBootstrap sanity-checks the initial config for bootstrap case

diff --git a/server/embed/config.go b/server/embed/config.go
@@ -335,6 +335,9 @@ type Config struct {
 	// AuthTokenTTL in seconds of the simple token
 	AuthTokenTTL uint `json:"auth-token-ttl"`
 
+	// PeerLocalAddr is the local IP address to use when communicating peer.
+	PeerLocalAddr string `json:"peer-local-addr"`
+
 	ExperimentalInitialCorruptCheck     bool          `json:"experimental-initial-corrupt-check"`
 	ExperimentalCorruptCheckTime        time.Duration `json:"experimental-corrupt-check-time"`
 	ExperimentalCompactHashCheckEnabled bool          `json:"experimental-compact-hash-check-enabled"`
@@ -670,6 +673,8 @@ func (cfg *Config) AddFlags(fs *flag.FlagSet) {
 	fs.StringVar(&cfg.PeerTLSInfo.ClientKeyFile, "peer-client-key-file", "", "Path to an explicit peer client TLS key file otherwise peer key file will be used when client auth is required.")
 	fs.BoolVar(&cfg.PeerTLSInfo.ClientCertAuth, "peer-client-cert-auth", false, "Enable peer client cert authentication.")
 	fs.StringVar(&cfg.PeerTLSInfo.TrustedCAFile, "peer-trusted-ca-file", "", "Path to the peer server TLS trusted CA file.")
+	fs.StringVar(&cfg.PeerTLSInfo.LocalAddr, "peer-local-addr", "", "peer-local-addr is the local IP address to use when communicating peer.")
+
 	fs.BoolVar(&cfg.PeerAutoTLS, "peer-auto-tls", false, "Peer TLS using generated certificates")
 	fs.UintVar(&cfg.SelfSignedCertValidity, "self-signed-cert-validity", 1, "The validity period of the client and peer certificates, unit is year")
 	fs.StringVar(&cfg.PeerTLSInfo.CRLFile, "peer-crl-file", "", "Path to the peer certificate revocation list file.")

diff --git a/server/etcdmain/help.go b/server/etcdmain/help.go
@@ -221,6 +221,9 @@ Security:
     Minimum TLS version supported by etcd. Possible values: TLS1.2, TLS1.3.
   --tls-max-version ''
     Maximum TLS version supported by etcd. Possible values: TLS1.2, TLS1.3 (empty will be auto-populated by Go).
+  --peer-local-addr ''
+    LocalAddr is the local IP address to use when communicating peer.
+
 
 Auth:
   --auth-token 'simple'