java: 通过证书访问etcd

一、首先,要使用cfssl生成etcd证书相关的文件(ca.pem server.pem server-key.pem ),然后把server-key.pem进行转换:

openssl pkcs8 -topk8 -nocrypt -in server-key.pem -out server.key

二、带证书启动etcd

./etcd --name infra0   --cert-file=/root/server.pem --key-file=/root/server-key.pem   --advertise-client-urls=https://0.0.0.0:2379 --listen-client-urls=https://0.0.0.0:2379

可通过etcdctl 进行连接验证

./etcdctl --cacert=/root/ca.pem --cert=/root/server.pem --key=/root/server-key.pem --endpoints="https://10.180.23.10:2379" get Elon

三、在java项目中添加相关依赖,完整依赖类似如下:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>org.example</groupId>
    <artifactId>springbootetcd3</artifactId>
    <version>1.0-SNAPSHOT</version>

    <properties>
        <maven.compiler.source>8</maven.compiler.source>
        <maven.compiler.target>8</maven.compiler.target>
    </properties>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.6.6</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <dependencies>


        <dependency>
            <groupId>io.etcd</groupId>
            <artifactId>jetcd-core</artifactId>
            <version>0.7.7</version>
        </dependency>

        <!-- https://mvnrepository.com/artifact/com.coreos/jetcd-core -->
<!--        <dependency>
            <groupId>com.coreos</groupId>
            <artifactId>jetcd-core</artifactId>
            <version>0.0.2</version>
        </dependency>-->



        <!--                <dependency>
                            <groupId>io.etcd</groupId>
                            <artifactId>jetcd-core</artifactId>
                            <version>0.5.0</version>
                        </dependency>-->

<!--        <dependency>
            <groupId>io.grpc</groupId>
            <artifactId>grpc-netty-shaded</artifactId>
            <version>1.50.0</version>
        </dependency>-->

        <!-- https://mvnrepository.com/artifact/io.netty/netty-all -->
        <dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-all</artifactId>
            <version>4.1.90.Final</version>
        </dependency>

        <!-- https://mvnrepository.com/artifact/io.netty/netty-tcnative -->
        <dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-tcnative</artifactId>
            <version>2.0.65.Final</version>
        </dependency>

        <!-- https://mvnrepository.com/artifact/io.netty/netty-tcnative-boringssl-static -->
        <dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-tcnative-boringssl-static</artifactId>
            <version>2.0.65.Final</version>
        </dependency>




        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>



    </dependencies>

</project>

四、创建客户端,访问etcd

package cn.edu.tju;


import io.etcd.jetcd.ByteSequence;
import io.etcd.jetcd.Client;
import io.etcd.jetcd.KV;
import io.etcd.jetcd.api.PutResponse;
import io.grpc.netty.GrpcSslContexts;
import io.netty.handler.ssl.SslContext;


import java.io.File;
import java.io.IOException;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;

public class EtcdExample {
    public static void main(String[] args) throws IOException, ExecutionException, InterruptedException {

        File cert = new File("d:\\ca.pem");
        File keyCertChainFile = new File("d:\\server.pem");
        File keyFile = new File("d:\\server.key");
        SslContext context = GrpcSslContexts.forClient()
                .trustManager(cert)
                .keyManager(keyCertChainFile, keyFile)
                .build();
        Client client = Client.builder()
                .endpoints("https://xx.xx.xx.xx:2379")
                .sslContext(context)
                .build();

        ByteSequence key = ByteSequence.from("Elon".getBytes());
        ByteSequence value = ByteSequence.from("Musk".getBytes());
        // put the key-value
        client.getKVClient().put(key,value).get();
        System.out.println("ok");

    }
}
相关推荐
花晓木3 小时前
k8s etcd 数据损坏处理方式
容器·kubernetes·etcd
张声录13 小时前
【ETCD】【实操篇(十二)】分布式系统中的“王者之争”:基于ETCD的Leader选举实战
数据库·etcd
运维&陈同学3 小时前
【模块一】kubernetes容器编排进阶实战之基于velero及minio实现etcd数据备份与恢复
数据库·后端·云原生·容器·kubernetes·etcd·minio·velero
有态度的马甲3 小时前
一种基于etcd实践节点自动故障转移的思路
数据库·etcd
张声录13 小时前
【ETCD】【实操篇(十三)】ETCD Cluster体检指南:健康状态一键诊断,全方位解析!
数据库·etcd
花晓木3 小时前
k8s备份 ETCD , 使用velero工具进行备份
容器·kubernetes·etcd
张声录11 天前
【ETCD】【实操篇(三)】【ETCDCTL】如何向集群中写入数据
数据库·chrome·etcd
Likelong~1 天前
Etcd注册中心基本实现
etcd·注册中心
alden_ygq2 天前
etcd网关
服务器·数据库·etcd
张声录12 天前
【ETCD】ETCD Leader 节点写入数据流程概览
数据库·etcd