feature: support TLS connection with etcd.

apisix/core/config_etcd.lua

@@ -472,6 +472,10 @@ function _M.new(key, opts)
     etcd_conf.protocol = "v3"
     etcd_conf.api_prefix = "/v3"
 
+    if etcd_conf.tls then
+        etcd_conf.ssl_verify = etcd_conf.tls.verify and true or false
+    end
+
     local automatic = opts and opts.automatic
     local item_schema = opts and opts.item_schema
     local filter_fun = opts and opts.filter

bin/apisix

@@ -1048,6 +1048,22 @@ local function init_etcd(show_output)
     end
 
     local host_count = #(yaml_conf.etcd.host)
+    local scheme
+    for i = 1, host_count do
+        local host = yaml_conf.etcd.host[i]
+        local fields = split(host, "://")
+        if not fields then
+            io.stderr:write("malformed etcd endpoint: ", host, "\n")
+            os.exit(1)
+        end
+
+        if not scheme then
+            scheme = fields[1]
+        elseif scheme ~= fields[1] then
+            print([[WARNING: mixed protocols among etcd endpoints]])
+        end
+    end
+
     local dkjson = require("dkjson")
 
     -- check the etcd cluster version

conf/config-default.yaml

@@ -147,8 +147,11 @@ etcd:
     - "http://127.0.0.1:2379"     # multiple etcd address
   prefix: "/apisix"               # apisix configurations prefix
   timeout: 30                     # 30 seconds
-  # user: root                     # root username for etcd
-  # password: 5tHkHhYkjr6cQY        # root password for etcd
+  # user: root                    # root username for etcd
+  # password: 5tHkHhYkjr6cQY      # root password for etcd
+  tls:
+      verify: true                # whether to verify the etcd endpoint certificate when setup a TLS connection to etcd,
+                                  # the default value is true, e.g. the certificate will be verified strictly.
 #eureka:
 #  host:                           # it's possible to define multiple eureka hosts addresses of the same eureka cluster.
 #    - "http://127.0.0.1:8761"