仅使用 CA 使用 Java 中的 gRPC 对服务器执行客户端身份验证

问题

我正在尝试使用gRPC. 我已获得访问kubernetes命名空间以测试客户端的权限。但是，我所拥有的只是集群的证书颁发机构和不记名令牌。

apiVersion: v1

clusters:

- cluster:

certificate-authority: /etc/ssl/certs/devwat-dal13-cruiser15-ca-bundle.pem

server: https://<host-ip>:<port>

name: devwat-dal13-cruiser15

contexts:

- context:

cluster: devwat-dal13-cruiser15

namespace: interns

user: devwat-dal13-cruiser15-sa-interns-editor

name: devwat-dal13-cruiser15-interns

current-context: devwat-dal13-cruiser15-interns

kind: Config

preferences: {}

users:

- name: devwat-dal13-cruiser15-sa-interns-editor

user:

token: <token>

代码

我不太了解SSL和证书，但我尝试按照在线使用Java的文档进行操作SSL/TLS，gRPC并提出以下内容：

public class TrainerClient {

private ManagedChannel channel;

private TrainerGrpc.TrainerBlockingStub stub;

//private final String OVERRIDE_AUTHORITY = "24164dfe5c7842c98de431e53b6111d9-kubernetes-ca";

private final String CERT_FILE_PATH = Paths.get("/etc", "ssl", "certs", "devwat-dal13-cruiser15-ca-bundle.pem").toString();

private static final Logger logger = Logger.getLogger(TrainerClient.class.getName());

public TrainerClient(URL serviceUrl) {

File certFile = new File(CERT_FILE_PATH);

try {

logger.info("Initializing channel using SSL...");

this.channel = NettyChannelBuilder.forAddress(serviceUrl.getHost(), serviceUrl.getPort())

//.overrideAuthority(OVERRIDE_AUTHORITY)

.sslContext(getSslContext(certFile))

.build();

logger.info("Initializing new blocking stub...");

this.stub = TrainerGrpc.newBlockingStub(channel);

} catch (Exception ex) {

logger.log(Level.SEVERE, "Channel build failed: {0}", ex.toString());

System.exit(1);

}

该吊舱类型是ClusterIP与正被端口转发到localhost与端口8443。

喵喵时光机

浏览 239回答 1

1回答

ABOUTYOU

弄清楚了。我的公司有一个客户端证书 ( client.crt)，我应该使用它而不是CA. 当我使用该证书代替适当的覆盖权限时，错误消失了。

随时随地看视频慕课网APP