From 2fced0ce52de39c41cc4455f891fd7b135e952cb Mon Sep 17 00:00:00 2001
From: matthieugouel <matthieu.gouel@protonmail.com>
Date: Sun, 26 May 2024 13:32:54 +0200
Subject: [PATCH] feat(coredns): etcd authentication

---
 docs/tutorials/coredns.md   | 1 +
 provider/coredns/coredns.go | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/tutorials/coredns.md b/docs/tutorials/coredns.md
index 13d7877576..bc673494c5 100644
--- a/docs/tutorials/coredns.md
+++ b/docs/tutorials/coredns.md
@@ -86,6 +86,7 @@ helm install --name my-coredns --values values.yaml stable/coredns
 ## Installing ExternalDNS
 ### Install external ExternalDNS
 ETCD_URLS is configured to etcd client service address.
+Optionnally, you can configure ETCD_USERNAME and ETCD_PASSWORD for authenticating to etcd.
 
 #### Manifest (for clusters without RBAC enabled)
 
diff --git a/provider/coredns/coredns.go b/provider/coredns/coredns.go
index a514ca8659..eeb545aea5 100644
--- a/provider/coredns/coredns.go
+++ b/provider/coredns/coredns.go
@@ -205,8 +205,10 @@ func getETCDConfig() (*etcdcv3.Config, error) {
 	}
 	etcdURLs := strings.Split(etcdURLsStr, ",")
 	firstURL := strings.ToLower(etcdURLs[0])
+	etcdUsername := os.Getenv("ETCD_USERNAME")
+	etcdPassword := os.Getenv("ETCD_PASSWORD")
 	if strings.HasPrefix(firstURL, "http://") {
-		return &etcdcv3.Config{Endpoints: etcdURLs}, nil
+		return &etcdcv3.Config{Endpoints: etcdURLs, Username: etcdUsername, Password: etcdPassword}, nil
 	} else if strings.HasPrefix(firstURL, "https://") {
 		caFile := os.Getenv("ETCD_CA_FILE")
 		certFile := os.Getenv("ETCD_CERT_FILE")
@@ -221,6 +223,8 @@ func getETCDConfig() (*etcdcv3.Config, error) {
 		return &etcdcv3.Config{
 			Endpoints: etcdURLs,
 			TLS:       tlsConfig,
+			Username:  etcdUsername,
+			Password:  etcdPassword,
 		}, nil
 	} else {
 		return nil, errors.New("etcd URLs must start with either http:// or https://")