feat: docker over tls (#178)

internal/docker/client.go

@@ -18,6 +18,7 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/common"
+	"github.com/yusing/godoxy/internal/types"
 	httputils "github.com/yusing/goutils/http"
 	"github.com/yusing/goutils/task"
 	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
@@ -28,6 +29,8 @@ type (
 	SharedClient struct {
 		*client.Client
 
+		cfg types.DockerProviderConfig
+
 		refCount atomic.Int32
 		closedOn atomic.Int64
 
@@ -120,7 +123,7 @@ func Clients() map[string]*SharedClient {
 // Returns:
 //   - Client: the Docker client connection.
 //   - error: an error if the connection failed.
-func NewClient(host string, unique ...bool) (*SharedClient, error) {
+func NewClient(cfg types.DockerProviderConfig, unique ...bool) (*SharedClient, error) {
 	initClientCleanerOnce.Do(initClientCleaner)
 
 	u := false
@@ -128,6 +131,8 @@ func NewClient(host string, unique ...bool) (*SharedClient, error) {
 		u = unique[0]
 	}
 
+	host := cfg.URL
+
 	if !u {
 		clientMapMu.Lock()
 		defer clientMapMu.Unlock()
@@ -185,6 +190,10 @@ func NewClient(host string, unique ...bool) (*SharedClient, error) {
 		}
 	}
 
+	if cfg.TLS != nil {
+		opt = append(opt, client.WithTLSClientConfig(cfg.TLS.CAFile, cfg.TLS.CertFile, cfg.TLS.KeyFile))
+	}
+
 	client, err := client.NewClientWithOpts(opt...)
 	if err != nil {
 		return nil, err
@@ -192,6 +201,7 @@ func NewClient(host string, unique ...bool) (*SharedClient, error) {
 
 	c := &SharedClient{
 		Client: client,
+		cfg:    cfg,
 		addr:   addr,
 		key:    host,
 		dial:   dial,
@@ -228,7 +238,7 @@ func (c *SharedClient) InterceptHTTPClient(intercept httputils.InterceptFunc) {
 func (c *SharedClient) CloneUnique() *SharedClient {
 	// there will be no error here
 	// since we are using the same host from a valid client.
-	c, _ = NewClient(c.key, true)
+	c, _ = NewClient(c.cfg, true)
 	return c
 }