Skip to content

Commit

Permalink
client java/rust/go should support TLS (#352)
Browse files Browse the repository at this point in the history
* client java/rust/go should support TLS

Signed-off-by: iosmanthus <[email protected]>

* add code snippets for tls config

Signed-off-by: iosmanthus <[email protected]>

---------

Signed-off-by: iosmanthus <[email protected]>
  • Loading branch information
iosmanthus authored Mar 5, 2024
1 parent c061417 commit c8363a0
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 10 deletions.
33 changes: 28 additions & 5 deletions content/docs/7.1/deploy/configure/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,9 @@ For the information about all TLS configuration parameters of PD, see [PD securi

## Step 3. Configure the TiKV client

You need to set TLS options for the TiKV client to connect to TiKV. Taking [Rust Client](https://github.com/tikv/client-rust) as an example, the TLS options are set as follows:
You need to set TLS options for the TiKV client to connect to TiKV.

### [Rust Client](https://github.com/tikv/client-rust)

```rust
let config = Config::new(/* ... */).with_security(
Expand All @@ -137,11 +139,32 @@ let config = Config::new(/* ... */).with_security(
);
```

Besides, the **connection URL should be changed to `https://`** instead of a plain `ip:port`.
### [Java Client](https://github.com/tikv/client-java)

```java
TiConfiguration conf = TiConfiguration.createRawDefault("127.0.0.1:2379");
conf.setTlsEnable(true);
conf.setTrustCertCollectionFile("/path/to/ca.pem");
conf.setKeyCertChainFile("/path/to/cert.pem");
conf.setKeyFile("/path/to/key.pem");
```

For more information about the TLS config of Java client, check the [Java client documentation](https://tikv.github.io/client-java/administration/configuration.html#tikvtls_enable)

### [Go Client](https://github.com/tikv/client-go)

```go
cli, err := rawkv.NewClient(context.TODO(), []string{"127.0.0.1:2379"}, config.Security{
ClusterSSLCA: "/path/to/ca.pem",
ClusterSSLCert: "/path/to/cert.pem",
ClusterSSLKey: "/path/to/key.pem",
})
if err != nil {
panic(err)
}
```

{{< warning >}}
Currently, TiKV Java Client does not support TLS.
{{< /warning >}}
For more information about the TLS config of Go client, check the [Go client documentation](https://pkg.go.dev/github.com/tikv/client-go/[email protected]/config#Security)

## Step 4. Connect TiKV using `tikv-ctl` and `pd-ctl`

Expand Down
33 changes: 28 additions & 5 deletions content/docs/dev/deploy/configure/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,9 @@ For the information about all TLS configuration parameters of PD, see [PD securi

## Step 3. Configure the TiKV client

You need to set TLS options for the TiKV client to connect to TiKV. Taking [Rust Client](https://github.com/tikv/client-rust) as an example, the TLS options are set as follows:
You need to set TLS options for the TiKV client to connect to TiKV.

### [Rust Client](https://github.com/tikv/client-rust)

```rust
let config = Config::new(/* ... */).with_security(
Expand All @@ -137,11 +139,32 @@ let config = Config::new(/* ... */).with_security(
);
```

Besides, the **connection URL should be changed to `https://`** instead of a plain `ip:port`.
### [Java Client](https://github.com/tikv/client-java)

```java
TiConfiguration conf = TiConfiguration.createRawDefault("127.0.0.1:2379");
conf.setTlsEnable(true);
conf.setTrustCertCollectionFile("/path/to/ca.pem");
conf.setKeyCertChainFile("/path/to/cert.pem");
conf.setKeyFile("/path/to/key.pem");
```

For more information about the TLS config of Java client, check the [Java client documentation](https://tikv.github.io/client-java/administration/configuration.html#tikvtls_enable)

### [Go Client](https://github.com/tikv/client-go)

```go
cli, err := rawkv.NewClient(context.TODO(), []string{"127.0.0.1:2379"}, config.Security{
ClusterSSLCA: "/path/to/ca.pem",
ClusterSSLCert: "/path/to/cert.pem",
ClusterSSLKey: "/path/to/key.pem",
})
if err != nil {
panic(err)
}
```

{{< warning >}}
Currently, TiKV Java Client does not support TLS.
{{< /warning >}}
For more information about the TLS config of Go client, check the [Go client documentation](https://pkg.go.dev/github.com/tikv/client-go/[email protected]/config#Security)

## Step 4. Connect TiKV using `tikv-ctl` and `pd-ctl`

Expand Down

0 comments on commit c8363a0

Please sign in to comment.