Allow passing in a *tls.Config object for the embedded ETCD Server

[ShivanshVij]

What would you like to be added?

I would like the ability to pass in a *tls.Config object to the embedded ETCD Server, specifically as an option for the *embed.Config.ClientTLSInfo and *embed.Config.ServerTLSInfo structs. Those structs are of type transport.TLSInfo and currently that struct only allows passing in paths to the certificates and key files. I would instead like to allow the user to pass in their own *tls.Config object.

Why is this needed?

Currently, when configuring the embedded ETCD Server, you must pass in a transport.TLSInfo object to the *embed.Config.ClientTLSInfo struct or the *embed.Config.ServerTLSInfo struct.

That's fine when you just want to read a certificate from the disk but becomes problematic if you want to programatically change the TLS config (for things like short-lived mTLS Certificates).

By allowing users to bass in a *tls.Configobject, you get the ability to completely customize what certificates are served when.

I would be happy to implement this feature myself too! I just want to get an understanding of whether it would be welcome or not.

[RaphSku]

@ShivanshVij I just wanted to ask whether you have started working on this issue or if I can tackle this? Thank you in advance.

[ShivanshVij]

We have not started working on this - I'd appreciate it if you did end up adding this feature!

[RaphSku]

@ShivanshVij Okay, I'll give it a take. I started working on: https://github.com/RaphSku/etcd/tree/issue-16339

[NHAS]

Just seconding this as I think its quite a good idea to have. Makes it possible to use things like lets encrypt or certmanager to have short lived rotating certs.

[RaphSku]

Looking for feedback on my PR, please have a look at: #17130
Thank you all!