From c8363a0fa72fa7d82e5ae99999a0810c2465cd63 Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Tue, 5 Mar 2024 14:55:23 +0800 Subject: [PATCH] client java/rust/go should support TLS (#352) * client java/rust/go should support TLS Signed-off-by: iosmanthus * add code snippets for tls config Signed-off-by: iosmanthus --------- Signed-off-by: iosmanthus --- content/docs/7.1/deploy/configure/security.md | 33 ++++++++++++++++--- content/docs/dev/deploy/configure/security.md | 33 ++++++++++++++++--- 2 files changed, 56 insertions(+), 10 deletions(-) diff --git a/content/docs/7.1/deploy/configure/security.md b/content/docs/7.1/deploy/configure/security.md index fa02ae01..c72b2b59 100644 --- a/content/docs/7.1/deploy/configure/security.md +++ b/content/docs/7.1/deploy/configure/security.md @@ -124,7 +124,9 @@ For the information about all TLS configuration parameters of PD, see [PD securi ## Step 3. Configure the TiKV client -You need to set TLS options for the TiKV client to connect to TiKV. Taking [Rust Client](https://github.com/tikv/client-rust) as an example, the TLS options are set as follows: +You need to set TLS options for the TiKV client to connect to TiKV. + +### [Rust Client](https://github.com/tikv/client-rust) ```rust let config = Config::new(/* ... */).with_security( @@ -137,11 +139,32 @@ let config = Config::new(/* ... */).with_security( ); ``` -Besides, the **connection URL should be changed to `https://`** instead of a plain `ip:port`. +### [Java Client](https://github.com/tikv/client-java) + +```java +TiConfiguration conf = TiConfiguration.createRawDefault("127.0.0.1:2379"); +conf.setTlsEnable(true); +conf.setTrustCertCollectionFile("/path/to/ca.pem"); +conf.setKeyCertChainFile("/path/to/cert.pem"); +conf.setKeyFile("/path/to/key.pem"); +``` + +For more information about the TLS config of Java client, check the [Java client documentation](https://tikv.github.io/client-java/administration/configuration.html#tikvtls_enable) + +### [Go Client](https://github.com/tikv/client-go) + +```go +cli, err := rawkv.NewClient(context.TODO(), []string{"127.0.0.1:2379"}, config.Security{ + ClusterSSLCA: "/path/to/ca.pem", + ClusterSSLCert: "/path/to/cert.pem", + ClusterSSLKey: "/path/to/key.pem", +}) +if err != nil { + panic(err) +} +``` -{{< warning >}} -Currently, TiKV Java Client does not support TLS. -{{< /warning >}} +For more information about the TLS config of Go client, check the [Go client documentation](https://pkg.go.dev/github.com/tikv/client-go/v2@v2.0.7/config#Security) ## Step 4. Connect TiKV using `tikv-ctl` and `pd-ctl` diff --git a/content/docs/dev/deploy/configure/security.md b/content/docs/dev/deploy/configure/security.md index 1f71f126..5fadf7db 100644 --- a/content/docs/dev/deploy/configure/security.md +++ b/content/docs/dev/deploy/configure/security.md @@ -124,7 +124,9 @@ For the information about all TLS configuration parameters of PD, see [PD securi ## Step 3. Configure the TiKV client -You need to set TLS options for the TiKV client to connect to TiKV. Taking [Rust Client](https://github.com/tikv/client-rust) as an example, the TLS options are set as follows: +You need to set TLS options for the TiKV client to connect to TiKV. + +### [Rust Client](https://github.com/tikv/client-rust) ```rust let config = Config::new(/* ... */).with_security( @@ -137,11 +139,32 @@ let config = Config::new(/* ... */).with_security( ); ``` -Besides, the **connection URL should be changed to `https://`** instead of a plain `ip:port`. +### [Java Client](https://github.com/tikv/client-java) + +```java +TiConfiguration conf = TiConfiguration.createRawDefault("127.0.0.1:2379"); +conf.setTlsEnable(true); +conf.setTrustCertCollectionFile("/path/to/ca.pem"); +conf.setKeyCertChainFile("/path/to/cert.pem"); +conf.setKeyFile("/path/to/key.pem"); +``` + +For more information about the TLS config of Java client, check the [Java client documentation](https://tikv.github.io/client-java/administration/configuration.html#tikvtls_enable) + +### [Go Client](https://github.com/tikv/client-go) + +```go +cli, err := rawkv.NewClient(context.TODO(), []string{"127.0.0.1:2379"}, config.Security{ + ClusterSSLCA: "/path/to/ca.pem", + ClusterSSLCert: "/path/to/cert.pem", + ClusterSSLKey: "/path/to/key.pem", +}) +if err != nil { + panic(err) +} +``` -{{< warning >}} -Currently, TiKV Java Client does not support TLS. -{{< /warning >}} +For more information about the TLS config of Go client, check the [Go client documentation](https://pkg.go.dev/github.com/tikv/client-go/v2@v2.0.7/config#Security) ## Step 4. Connect TiKV using `tikv-ctl` and `pd-ctl`