首頁猿問僅使用 CA 使用 Java 中的...

僅使用 CA 使用 Java 中的 gRPC 對服務(wù)器執(zhí)行客戶端身份驗證

Java

喵喵時光機 2021-06-07 14:35:06

問題我正在嘗試使用gRPC. 我已獲得訪問kubernetes命名空間以測試客戶端的權(quán)限。但是，我所擁有的只是集群的證書頒發(fā)機構(gòu)和不記名令牌。apiVersion: v1clusters:- cluster: certificate-authority: /etc/ssl/certs/devwat-dal13-cruiser15-ca-bundle.pem server: https://<host-ip>:<port> name: devwat-dal13-cruiser15contexts:- context: cluster: devwat-dal13-cruiser15 namespace: interns user: devwat-dal13-cruiser15-sa-interns-editor name: devwat-dal13-cruiser15-internscurrent-context: devwat-dal13-cruiser15-internskind: Configpreferences: {}users:- name: devwat-dal13-cruiser15-sa-interns-editor user: token: <token>代碼我不太了解SSL和證書，但我嘗試按照在線使用Java的文檔進行操作SSL/TLS，gRPC并提出以下內(nèi)容：public class TrainerClient { private ManagedChannel channel; private TrainerGrpc.TrainerBlockingStub stub; //private final String OVERRIDE_AUTHORITY = "24164dfe5c7842c98de431e53b6111d9-kubernetes-ca"; private final String CERT_FILE_PATH = Paths.get("/etc", "ssl", "certs", "devwat-dal13-cruiser15-ca-bundle.pem").toString(); private static final Logger logger = Logger.getLogger(TrainerClient.class.getName()); public TrainerClient(URL serviceUrl) { File certFile = new File(CERT_FILE_PATH); try { logger.info("Initializing channel using SSL..."); this.channel = NettyChannelBuilder.forAddress(serviceUrl.getHost(), serviceUrl.getPort()) //.overrideAuthority(OVERRIDE_AUTHORITY) .sslContext(getSslContext(certFile)) .build(); logger.info("Initializing new blocking stub..."); this.stub = TrainerGrpc.newBlockingStub(channel); } catch (Exception ex) { logger.log(Level.SEVERE, "Channel build failed: {0}", ex.toString()); System.exit(1); } }該吊艙類型是ClusterIP與正被端口轉(zhuǎn)發(fā)到localhost與端口8443。

查看完整描述