fn: SSL config adjustments (#1160)

SSL related FN_NODE_CERT (and related) settings are
not very clear today. Removing this in favor of a
simple map of tls.Config objects. Three keys are
provided for this map:

TLSGRPCServer
TLSAdminServer
TLSWebServer

which correspond to server TLS settings for the
associated services.

Operators/implementers can further add more
keys to the map and add their own TLS config.

api/agent/static_pool.go

@@ -2,6 +2,7 @@ package agent
 
 import (
 	"context"
+	"crypto/tls"
 
 	pool "github.com/fnproject/fn/api/runnerpool"
 	"github.com/sirupsen/logrus"
@@ -10,20 +11,20 @@ import (
 // manages a single set of runners ignoring lb groups
 type staticRunnerPool struct {
 	generator pool.MTLSRunnerFactory
-	pki       *pool.PKIData // can be nil when running in insecure mode
+	tlsConf   *tls.Config // can be nil when running in insecure mode
 	runnerCN  string
 	runners   []pool.Runner
 }
 
 func DefaultStaticRunnerPool(runnerAddresses []string) pool.RunnerPool {
-	return NewStaticRunnerPool(runnerAddresses, nil, "", SecureGRPCRunnerFactory)
+	return NewStaticRunnerPool(runnerAddresses, nil, SecureGRPCRunnerFactory)
 }
 
-func NewStaticRunnerPool(runnerAddresses []string, pki *pool.PKIData, runnerCN string, runnerFactory pool.MTLSRunnerFactory) pool.RunnerPool {
+func NewStaticRunnerPool(runnerAddresses []string, tlsConf *tls.Config, runnerFactory pool.MTLSRunnerFactory) pool.RunnerPool {
 	logrus.WithField("runners", runnerAddresses).Info("Starting static runner pool")
 	var runners []pool.Runner
 	for _, addr := range runnerAddresses {
-		r, err := runnerFactory(addr, runnerCN, pki)
+		r, err := runnerFactory(addr, tlsConf)
 		if err != nil {
 			logrus.WithError(err).WithField("runner_addr", addr).Warn("Invalid runner")
 			continue
@@ -33,8 +34,7 @@ func NewStaticRunnerPool(runnerAddresses []string, pki *pool.PKIData, runnerCN s
 	}
 	return &staticRunnerPool{
 		runners:   runners,
-		pki:       pki,
-		runnerCN:  runnerCN,
+		tlsConf:   tlsConf,
 		generator: runnerFactory,
 	}
 }