Etcd clientV3 使用TLS证书存取KV

麦穗儿 · · 119 次点击 · · 开始浏览    

为了保证数据传输的安全行Etcd clientV3提供了通过tls,https通讯。
通过tls.Config可以轻松实现。具体看如下示例代码就能理解

package main

import (
    "fmt"
    "io/ioutil"
    "log"
    "time"

    "crypto/tls"
    "crypto/x509"

    "go.etcd.io/etcd/clientv3"
    "golang.org/x/net/context"
)

var (
    dialTimeout    = 5 * time.Second
    requestTimeout = 4 * time.Second
    endpoints      = []string{"https://172.17.84.204:2379", "https://172.17.84.205:2379", "https://172.17.84.206:2379"}
)

func main() {

    var etcdCert = "./ca/etcd-client.pem"
    var etcdCertKey = "./ca/etcd-client-key.pem"
    var etcdCa = "./ca/ca.pem"

    cert, err := tls.LoadX509KeyPair(etcdCert, etcdCertKey)
    if err != nil {
        return
    }

    caData, err := ioutil.ReadFile(etcdCa)
    if err != nil {
        return
    }

    pool := x509.NewCertPool()
    pool.AppendCertsFromPEM(caData)

    _tlsConfig := &tls.Config{
        Certificates: []tls.Certificate{cert},
        RootCAs:      pool,
    }

    cfg := clientv3.Config{
        Endpoints: endpoints,
        TLS:       _tlsConfig,
    }

    cli, err := clientv3.New(cfg)

    if err != nil {
        log.Fatal(err)
    }

    defer cli.Close()

    key1, value1 := "testkey1", "value"

    ctx, cancel := context.WithTimeout(context.Background(), requestTimeout)
    _, err = cli.Put(ctx, key1, value1)
    cancel()
    if err != nil {
        log.Println("Put failed. ", err)
    } else {
        log.Printf("Put {%s:%s} succeed\n", key1, value1)
    }

    ctx, cancel = context.WithTimeout(context.Background(), requestTimeout)
    resp, err := cli.Get(ctx, key1)
    cancel()
    if err != nil {
        log.Println("Get failed. ", err)
        return
    }

    for _, kv := range resp.Kvs {
        log.Printf("Get {%s:%s} \n", kv.Key, kv.Value)
    }

    done := make(chan bool)

    go func() {
        wch := cli.Watch(context.Background(), key1)

        for item := range wch {
            for _, ev := range item.Events {
                log.Printf("Type:%s, key:%s, value:%s\n", ev.Type, ev.Kv.Key, ev.Kv.Value)
            }
        }
    }()

    go func() {
        for cnt := 0; cnt < 10; cnt++ {
            value := fmt.Sprintf("%s%d", "value", cnt)
            _, err = cli.Put(context.Background(), key1, value)
            if err != nil {
                log.Println("Put failed. ", err)
            } else {
                log.Printf("Put {%s:%s} succeed\n", key1, value)
            }
        }
    }()

    <-done

    log.Println("Done!")
}

- 注意事项

  • etcd主机使用https

    endpoints      = []string{"https://172.17.84.204:2379", "https://172.17.84.205:2379", "https://172.17.84.206:2379"}
  • 公私钥文件

    var etcdCert = "./ca/etcd-client.pem"
    var etcdCertKey = "./ca/etcd-client-key.pem"
    var etcdCa = "./ca/ca.pem"
  • requestTimeout时间不要设得太短

    之前requestTimeout设置为2秒,在put时一直失败,查了半天找不出原因,改成4秒就好了。

  • export ETCDCTL_API=3

本文来自:Segmentfault

感谢作者:麦穗儿

查看原文:Etcd clientV3 使用TLS证书存取KV

入群交流(和以上内容无关):Go中文网 QQ 交流群:798786647 或加微信入微信群:274768166 备注:入群;关注公众号:Go语言中文网

119 次点击  
加入收藏 微博
上一篇:一.go安装
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传