feat: docker over tls (#178)

2026-04-01 06:33:18 +02:00 · 2025-12-23 12:01:11 +08:00
parent 9acb9fa50f
commit 8340d93ab7
25 changed files with 312 additions and 85 deletions
--- a/internal/docker/client.go
+++ b/internal/docker/client.go
@@ -18,6 +18,7 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/common"
+	"github.com/yusing/godoxy/internal/types"
 	httputils "github.com/yusing/goutils/http"
 	"github.com/yusing/goutils/task"
 	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
@@ -28,6 +29,8 @@ type (
 	SharedClient struct {
 		*client.Client

+		cfg types.DockerProviderConfig
+
 		refCount atomic.Int32
 		closedOn atomic.Int64

@@ -120,7 +123,7 @@ func Clients() map[string]*SharedClient {
 // Returns:
 //   - Client: the Docker client connection.
 //   - error: an error if the connection failed.
-func NewClient(host string, unique ...bool) (*SharedClient, error) {
+func NewClient(cfg types.DockerProviderConfig, unique ...bool) (*SharedClient, error) {
 	initClientCleanerOnce.Do(initClientCleaner)

 	u := false
@@ -128,6 +131,8 @@ func NewClient(host string, unique ...bool) (*SharedClient, error) {
 		u = unique[0]
 	}

+	host := cfg.URL
+
 	if !u {
 		clientMapMu.Lock()
 		defer clientMapMu.Unlock()
@@ -185,6 +190,10 @@ func NewClient(host string, unique ...bool) (*SharedClient, error) {
 		}
 	}

+	if cfg.TLS != nil {
+		opt = append(opt, client.WithTLSClientConfig(cfg.TLS.CAFile, cfg.TLS.CertFile, cfg.TLS.KeyFile))
+	}
+
 	client, err := client.NewClientWithOpts(opt...)
 	if err != nil {
 		return nil, err
@@ -192,6 +201,7 @@ func NewClient(host string, unique ...bool) (*SharedClient, error) {

 	c := &SharedClient{
 		Client: client,
+		cfg:    cfg,
 		addr:   addr,
 		key:    host,
 		dial:   dial,
@@ -228,7 +238,7 @@ func (c *SharedClient) InterceptHTTPClient(intercept httputils.InterceptFunc) {
 func (c *SharedClient) CloneUnique() *SharedClient {
 	// there will be no error here
 	// since we are using the same host from a valid client.
-	c, _ = NewClient(c.key, true)
+	c, _ = NewClient(c.cfg, true)
 	return c
 }

--- a/internal/docker/container.go
+++ b/internal/docker/container.go
@@ -28,7 +28,7 @@ var (
 	ErrNoNetwork       = errors.New("no network found")
 )

-func FromDocker(c *container.Summary, dockerHost string) (res *types.Container) {
+func FromDocker(c *container.Summary, dockerCfg types.DockerProviderConfig) (res *types.Container) {
 	actualLabels := maps.Clone(c.Labels)

 	_, isExplicit := c.Labels[LabelAliases]
@@ -46,7 +46,7 @@ func FromDocker(c *container.Summary, dockerHost string) (res *types.Container)

 	isExcluded, _ := strconv.ParseBool(helper.getDeleteLabel(LabelExclude))
 	res = &types.Container{
-		DockerHost:    dockerHost,
+		DockerCfg:     dockerCfg,
 		Image:         helper.parseImage(),
 		ContainerName: helper.getName(),
 		ContainerID:   c.ID,
@@ -68,11 +68,11 @@ func FromDocker(c *container.Summary, dockerHost string) (res *types.Container)
 		State:             c.State,
 	}

-	if agent.IsDockerHostAgent(dockerHost) {
+	if agent.IsDockerHostAgent(dockerCfg.URL) {
 		var ok bool
-		res.Agent, ok = agent.GetAgent(dockerHost)
+		res.Agent, ok = agent.GetAgent(dockerCfg.URL)
 		if !ok {
-			addError(res, fmt.Errorf("agent %q not found", dockerHost))
+			addError(res, fmt.Errorf("agent %q not found", dockerCfg.URL))
 		}
 	}

@@ -91,13 +91,13 @@ func IsBlacklisted(c *types.Container) bool {
 }

 func UpdatePorts(c *types.Container) error {
-	client, err := NewClient(c.DockerHost)
+	dockerClient, err := NewClient(c.DockerCfg)
 	if err != nil {
 		return err
 	}
-	defer client.Close()
+	defer dockerClient.Close()

-	inspect, err := client.ContainerInspect(context.Background(), c.ContainerID)
+	inspect, err := dockerClient.ContainerInspect(context.Background(), c.ContainerID)
 	if err != nil {
 		return err
 	}
@@ -162,14 +162,14 @@ func isDatabase(c *types.Container) bool {
 }

 func isLocal(c *types.Container) bool {
-	if strings.HasPrefix(c.DockerHost, "unix://") {
+	if strings.HasPrefix(c.DockerCfg.URL, "unix://") {
 		return true
 	}
 	// treat it as local if the docker host is the same as the environment variable
-	if c.DockerHost == EnvDockerHost {
+	if c.DockerCfg.URL == EnvDockerHost {
 		return true
 	}
-	url, err := url.Parse(c.DockerHost)
+	url, err := url.Parse(c.DockerCfg.URL)
 	if err != nil {
 		return false
 	}
@@ -189,7 +189,7 @@ func setPublicHostname(c *types.Container) {
 		c.PublicHostname = "127.0.0.1"
 		return
 	}
-	url, err := url.Parse(c.DockerHost)
+	url, err := url.Parse(c.DockerCfg.URL)
 	if err != nil {
 		c.PublicHostname = "127.0.0.1"
 		return
@@ -257,7 +257,7 @@ func loadDeleteIdlewatcherLabels(c *types.Container, helper containerHelper) {
 	if hasIdleTimeout {
 		idwCfg := new(types.IdlewatcherConfig)
 		idwCfg.Docker = &types.DockerConfig{
-			DockerHost:    c.DockerHost,
+			DockerCfg:     c.DockerCfg,
 			ContainerID:   c.ContainerID,
 			ContainerName: c.ContainerName,
 		}
--- a/internal/docker/container_test.go
+++ b/internal/docker/container_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"

 	"github.com/docker/docker/api/types/container"
+	"github.com/yusing/godoxy/internal/types"
 	expect "github.com/yusing/goutils/testing"
 )

@@ -36,7 +37,7 @@ func TestContainerExplicit(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := FromDocker(&container.Summary{Names: []string{"test"}, State: "test", Labels: tt.labels}, "")
+			c := FromDocker(&container.Summary{Names: []string{"test"}, State: "test", Labels: tt.labels}, types.DockerProviderConfig{})
 			expect.Equal(t, c.IsExplicit, tt.isExplicit)
 		})
 	}
@@ -73,7 +74,7 @@ func TestContainerHostNetworkMode(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := FromDocker(tt.container, "")
+			c := FromDocker(tt.container, types.DockerProviderConfig{})
 			expect.Equal(t, c.IsHostNetworkMode, tt.isHostNetworkMode)
 		})
 	}
--- a/internal/docker/id_lookup.go
+++ b/internal/docker/id_lookup.go
@@ -2,18 +2,19 @@ package docker

 import (
 	"github.com/puzpuzpuz/xsync/v4"
+	"github.com/yusing/godoxy/internal/types"
 )

-var idDockerHostMap = xsync.NewMap[string, string](xsync.WithPresize(100))
+var idDockerCfgMap = xsync.NewMap[string, types.DockerProviderConfig](xsync.WithPresize(100))

-func GetDockerHostByContainerID(id string) (string, bool) {
-	return idDockerHostMap.Load(id)
+func GetDockerCfgByContainerID(id string) (types.DockerProviderConfig, bool) {
+	return idDockerCfgMap.Load(id)
 }

-func SetDockerHostByContainerID(id, host string) {
-	idDockerHostMap.Store(id, host)
+func SetDockerCfgByContainerID(id string, cfg types.DockerProviderConfig) {
+	idDockerCfgMap.Store(id, cfg)
 }

-func DeleteDockerHostByContainerID(id string) {
-	idDockerHostMap.Delete(id)
+func DeleteDockerCfgByContainerID(id string) {
+	idDockerCfgMap.Delete(id)
 }
--- a/internal/docker/list_containers.go
+++ b/internal/docker/list_containers.go
@@ -5,6 +5,7 @@ import (

 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
+	"github.com/yusing/godoxy/internal/types"
 )

 var listOptions = container.ListOptions{
@@ -19,8 +20,8 @@ var listOptions = container.ListOptions{
 	All: true,
 }

-func ListContainers(ctx context.Context, clientHost string) ([]container.Summary, error) {
-	dockerClient, err := NewClient(clientHost)
+func ListContainers(ctx context.Context, dockerCfg types.DockerProviderConfig) ([]container.Summary, error) {
+	dockerClient, err := NewClient(dockerCfg)
 	if err != nil {
 		return nil, err
 	}