Add fields for TLS material to destination config

Signed-off-by: Andrew Melnick <[email protected]>

docs/containers.conf.5.md

@@ -897,11 +897,24 @@ URI to access the Podman service
 - **rootless remote** - ssh://[email protected]/run/user/1000/podman/podman.sock
 - **rootful local**  - unix:///run/podman/podman.sock
 - **rootful remote** - ssh://[email protected]:22/run/podman/podman.sock
+- **tcp/tls remote** - tcp://10.10.1.136:9443
 
 **identity="~/.ssh/id_rsa**
 
 Path to file containing ssh identity key
 
+**tls_cert_file="~/certs/podman/tls.crt"**
+
+Path to PEM file containing TLS client certificate
+
+**tls_key_file="~/certs/podman/tls.key"**
+
+Path to PEM file containing TLS client certificate private key
+
+**tls_ca_file="~/certs/podman/ca.crt"**
+
+Path to PEM file containing TLS certificate authority (CA) bundle
+
 **[engine.volume_plugins]**
 
 A table of all the enabled volume plugins on the system. Volume plugins can be

pkg/config/config.go

@@ -694,6 +694,13 @@ type Destination struct {
 	// Identity file with ssh key, optional
 	Identity string `json:",omitempty" toml:"identity,omitempty"`
 
+	// Path to TLS client certificate PEM file, optional
+	TLSCertFile string `json:",omitempty" toml:"tls_cert_file,omitempty"`
+	// Path to TLS client certificate private key PEM file, optional
+	TLSKeyFile string `json:",omitempty" toml:"tls_key_file,omitempty"`
+	// Path to TLS certificate authority PEM file, optional
+	TLSCAFile string `json:",omitempty" toml:"tls_ca_file,omitempty"`
+
 	// isMachine describes if the remote destination is a machine.
 	IsMachine bool `json:",omitempty" toml:"is_machine,omitempty"`
 }

pkg/config/containers.conf

@@ -758,10 +758,18 @@ default_sysctls = [
 #       rootful "unix:///run/podman/podman.sock (Default)
 #       remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
 #       remote rootful ssh://[email protected]:22/run/podman/podman.sock
+#       tcp/tls remote tcp://10.10.1.136:9443
 #
 #    uri = "ssh://[email protected]/run/user/1001/podman/podman.sock"
 #    Path to file containing ssh identity key
 #    identity = "~/.ssh/id_rsa"
+#    Path to PEM file containing TLS client certificate
+#    tls_cert_file = "~/certs/podman/tls.crt"
+#    Path to PEM file containing TLS client certificate private key
+#    tls_key_file = "~/certs/podman/tls.key"
+#    Path to PEM file containing TLS certificate authority (CA) bundle
+#    tls_ca_file = "~/certs/podman/ca.crt"
+
 
 # Directory for temporary files. Must be tmpfs (wiped after reboot)
 #

pkg/config/containers.conf-freebsd

@@ -581,10 +581,17 @@ default_sysctls = [
 #       rootful "unix:///run/podman/podman.sock (Default)
 #       remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
 #       remote rootful ssh://[email protected]:22/run/podman/podman.sock
+#       tcp/tls remote tcp://10.10.1.136:9443
 #
 #    uri = "ssh://[email protected]/run/user/1001/podman/podman.sock"
 #    Path to file containing ssh identity key
 #    identity = "~/.ssh/id_rsa"
+#    Path to PEM file containing TLS client certificate
+#    tls_cert_file = "~/certs/podman/tls.crt"
+#    Path to PEM file containing TLS client certificate private key
+#    tls_key_file = "~/certs/podman/tls.key"
+#    Path to PEM file containing TLS certificate authority (CA) bundle
+#    tls_ca_file = "~/certs/podman/ca.crt"
 
 # Directory for temporary files. Must be tmpfs (wiped after reboot)
 #