一、首先,要使用cfssl生成etcd证书相关的文件(ca.pem server.pem server-key.pem ),然后把server-key.pem进行转换:
openssl pkcs8 -topk8 -nocrypt -in server-key.pem -out server.key
二、带证书启动etcd
./etcd --name infra0 --cert-file=/root/server.pem --key-file=/root/server-key.pem --advertise-client-urls=https://0.0.0.0:2379 --listen-client-urls=https://0.0.0.0:2379
可通过etcdctl 进行连接验证
./etcdctl --cacert=/root/ca.pem --cert=/root/server.pem --key=/root/server-key.pem --endpoints="https://10.180.23.10:2379" get Elon
三、在java项目中添加相关依赖,完整依赖类似如下:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>springbootetcd3</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
</properties>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.6</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
<dependency>
<groupId>io.etcd</groupId>
<artifactId>jetcd-core</artifactId>
<version>0.7.7</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.coreos/jetcd-core -->
<!-- <dependency>
<groupId>com.coreos</groupId>
<artifactId>jetcd-core</artifactId>
<version>0.0.2</version>
</dependency>-->
<!-- <dependency>
<groupId>io.etcd</groupId>
<artifactId>jetcd-core</artifactId>
<version>0.5.0</version>
</dependency>-->
<!-- <dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-netty-shaded</artifactId>
<version>1.50.0</version>
</dependency>-->
<!-- https://mvnrepository.com/artifact/io.netty/netty-all -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-all</artifactId>
<version>4.1.90.Final</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.netty/netty-tcnative -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative</artifactId>
<version>2.0.65.Final</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.netty/netty-tcnative-boringssl-static -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>2.0.65.Final</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
</project>
四、创建客户端,访问etcd
package cn.edu.tju;
import io.etcd.jetcd.ByteSequence;
import io.etcd.jetcd.Client;
import io.etcd.jetcd.KV;
import io.etcd.jetcd.api.PutResponse;
import io.grpc.netty.GrpcSslContexts;
import io.netty.handler.ssl.SslContext;
import java.io.File;
import java.io.IOException;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
public class EtcdExample {
public static void main(String[] args) throws IOException, ExecutionException, InterruptedException {
File cert = new File("d:\\ca.pem");
File keyCertChainFile = new File("d:\\server.pem");
File keyFile = new File("d:\\server.key");
SslContext context = GrpcSslContexts.forClient()
.trustManager(cert)
.keyManager(keyCertChainFile, keyFile)
.build();
Client client = Client.builder()
.endpoints("https://xx.xx.xx.xx:2379")
.sslContext(context)
.build();
ByteSequence key = ByteSequence.from("Elon".getBytes());
ByteSequence value = ByteSequence.from("Musk".getBytes());
// put the key-value
client.getKVClient().put(key,value).get();
System.out.println("ok");
}
}