Example JSON config doc:
{
"endpoints": "https://dev3-9.compose.direct:15182,https://dev3-11.compose.direct:15182",
"userid": "userid",
"password": "password",
"root_prefix": "aka-chroot-or-namespace",
"certificate_file": "etcd-dev.pem",
"override_authority": "etcd-development-01",
"client_key_file": "etcd-client-key.key",
"client_certificate_file": "etcd-client-cert.crt"
}- All attributes apart from
endpointsare optional. - The
root_prefixattribute currently has no effect on clients created viaEtcdClientConfig.getClient(). It's included in the configuration for use by application code (to query viaEtcdClientConfig.getRootPrefix()). In future full chroot-like functionality at the client level might be supported. certificate_fileis the name of a pem-format (public) cert to use for TLS server-auth, either an absolute path or a filename assumed to be in the same directory as the json config file itself.- A
certificateattribute may be included instead ofcertificate_file, whose value is an embedded string UTF-8 pem format certificate. This allows a single json doc to hold all of the necessary connection info. client_key_fileandclient_certificate_fileform an optional key/cert pair for TLS client-auth. Either may also be embedded in a similar way by instead includingclient_keyand/orclient_certificatestring attributes.-
Note that the private key must be PKCS8-encoded. PKCS1-encoded keys can be converted using openssl:
openssl pkcs8 -topk8 -nocrypt -in pkcs1_key_file -out pkcs8_key.pem
-
- The
override_authorityattribute is optional and may be used to override the authority used for TLS hostname verification for all endpoints.
Example with embedded (trunctated) TLS cert:
{
"endpoints": "https://dev3-9.compose.direct:15182,https://dev3-11.compose.direct:15182",
"userid": "userid",
"password": "password",
"root_prefix": "aka-chroot-or-namespace",
"certificate": "-----BEGIN CERTIFICATE-----\nMIIDaTCCA ... MP0u6J/xasx14IW4A==\n-----END CERTIFICATE-----\n",
"override_authority": "etcd-development-01"
}