Skip to content

Latest commit

 

History

History
36 lines (27 loc) · 1.54 KB

SslConfig.md

File metadata and controls

36 lines (27 loc) · 1.54 KB

How to Build Jectd Client for One TLS Secured Etcd Cluster

prepare certification files

If your etcd cluster is installed using etcdadm, you are likely to find certification files in the path /etc/etcd/pki/: ca.crt, etcdctl-etcd-client.key, etcdctl-etcd-client.crt.

If your etcd cluster is the builtin etcd in one kubernetes cluster( using kubeadm),

you can find the same files in /etc/kubernetes/pki/etcd/: ca.crt, healthcheck-client.crt, healthcheck-client.key.

Because SslContextBuilder only support a PKCS#8 private key file in PEM format, convert etcdctl-etcd-client.key to etcdctl-etcd-client.key.pem according to netty SslContextBuilder doc.

build jetcd client

        File cert = new File("ca.crt");
        File keyCertChainFile = new File("etcdctl-etcd-client.crt");
        File keyFile = new File("etcdctl-etcd-client.key.pem");
        SslContext context = GrpcSslContexts.forClient()
                .trustManager(cert)
                .keyManager(keyCertChainFile, keyFile)
                .build();
        Client client = Client.builder()
                .endpoints("https://10.168.168.66:2379")
                .sslContext(context)
                .build();

        client.getClusterClient().listMember().get().getMembers().forEach(member -> {
            logger.info("member: {}", member);
        });