-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
client java/rust/go should support TLS (#352)
* client java/rust/go should support TLS Signed-off-by: iosmanthus <[email protected]> * add code snippets for tls config Signed-off-by: iosmanthus <[email protected]> --------- Signed-off-by: iosmanthus <[email protected]>
- Loading branch information
1 parent
c061417
commit c8363a0
Showing
2 changed files
with
56 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -124,7 +124,9 @@ For the information about all TLS configuration parameters of PD, see [PD securi | |
|
||
## Step 3. Configure the TiKV client | ||
|
||
You need to set TLS options for the TiKV client to connect to TiKV. Taking [Rust Client](https://github.com/tikv/client-rust) as an example, the TLS options are set as follows: | ||
You need to set TLS options for the TiKV client to connect to TiKV. | ||
|
||
### [Rust Client](https://github.com/tikv/client-rust) | ||
|
||
```rust | ||
let config = Config::new(/* ... */).with_security( | ||
|
@@ -137,11 +139,32 @@ let config = Config::new(/* ... */).with_security( | |
); | ||
``` | ||
|
||
Besides, the **connection URL should be changed to `https://`** instead of a plain `ip:port`. | ||
### [Java Client](https://github.com/tikv/client-java) | ||
|
||
```java | ||
TiConfiguration conf = TiConfiguration.createRawDefault("127.0.0.1:2379"); | ||
conf.setTlsEnable(true); | ||
conf.setTrustCertCollectionFile("/path/to/ca.pem"); | ||
conf.setKeyCertChainFile("/path/to/cert.pem"); | ||
conf.setKeyFile("/path/to/key.pem"); | ||
``` | ||
|
||
For more information about the TLS config of Java client, check the [Java client documentation](https://tikv.github.io/client-java/administration/configuration.html#tikvtls_enable) | ||
|
||
### [Go Client](https://github.com/tikv/client-go) | ||
|
||
```go | ||
cli, err := rawkv.NewClient(context.TODO(), []string{"127.0.0.1:2379"}, config.Security{ | ||
ClusterSSLCA: "/path/to/ca.pem", | ||
ClusterSSLCert: "/path/to/cert.pem", | ||
ClusterSSLKey: "/path/to/key.pem", | ||
}) | ||
if err != nil { | ||
panic(err) | ||
} | ||
``` | ||
|
||
{{< warning >}} | ||
Currently, TiKV Java Client does not support TLS. | ||
{{< /warning >}} | ||
For more information about the TLS config of Go client, check the [Go client documentation](https://pkg.go.dev/github.com/tikv/client-go/[email protected]/config#Security) | ||
|
||
## Step 4. Connect TiKV using `tikv-ctl` and `pd-ctl` | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -124,7 +124,9 @@ For the information about all TLS configuration parameters of PD, see [PD securi | |
|
||
## Step 3. Configure the TiKV client | ||
|
||
You need to set TLS options for the TiKV client to connect to TiKV. Taking [Rust Client](https://github.com/tikv/client-rust) as an example, the TLS options are set as follows: | ||
You need to set TLS options for the TiKV client to connect to TiKV. | ||
|
||
### [Rust Client](https://github.com/tikv/client-rust) | ||
|
||
```rust | ||
let config = Config::new(/* ... */).with_security( | ||
|
@@ -137,11 +139,32 @@ let config = Config::new(/* ... */).with_security( | |
); | ||
``` | ||
|
||
Besides, the **connection URL should be changed to `https://`** instead of a plain `ip:port`. | ||
### [Java Client](https://github.com/tikv/client-java) | ||
|
||
```java | ||
TiConfiguration conf = TiConfiguration.createRawDefault("127.0.0.1:2379"); | ||
conf.setTlsEnable(true); | ||
conf.setTrustCertCollectionFile("/path/to/ca.pem"); | ||
conf.setKeyCertChainFile("/path/to/cert.pem"); | ||
conf.setKeyFile("/path/to/key.pem"); | ||
``` | ||
|
||
For more information about the TLS config of Java client, check the [Java client documentation](https://tikv.github.io/client-java/administration/configuration.html#tikvtls_enable) | ||
|
||
### [Go Client](https://github.com/tikv/client-go) | ||
|
||
```go | ||
cli, err := rawkv.NewClient(context.TODO(), []string{"127.0.0.1:2379"}, config.Security{ | ||
ClusterSSLCA: "/path/to/ca.pem", | ||
ClusterSSLCert: "/path/to/cert.pem", | ||
ClusterSSLKey: "/path/to/key.pem", | ||
}) | ||
if err != nil { | ||
panic(err) | ||
} | ||
``` | ||
|
||
{{< warning >}} | ||
Currently, TiKV Java Client does not support TLS. | ||
{{< /warning >}} | ||
For more information about the TLS config of Go client, check the [Go client documentation](https://pkg.go.dev/github.com/tikv/client-go/[email protected]/config#Security) | ||
|
||
## Step 4. Connect TiKV using `tikv-ctl` and `pd-ctl` | ||
|
||
|