feat(metasrv): support tls for etcd client (#6818)

* add TLS support for etcd client connections~ Signed-off-by: codephage2020 <tingwangyan2020@163.com> * locate correct certs Signed-off-by: codephage2020 <tingwangyan2020@163.com> * Updated certs Signed-off-by: codephage2020 <tingwangyan2020@163.com> * Updated CI Signed-off-by: codephage2020 <tingwangyan2020@163.com> * Updated CI Signed-off-by: codephage2020 <tingwangyan2020@163.com> * Update docker-compose.yml * tests for TLS client creation Signed-off-by: codephage2020 <tingwangyan2020@163.com> * modify tests Signed-off-by: codephage2020 <tingwangyan2020@163.com> --------- Signed-off-by: codephage2020 <tingwangyan2020@163.com>
2026-01-04 12:22:55 +00:00 · 2025-08-27 15:41:05 +08:00
parent 566a647ec7
commit 32a3ef36f9
19 changed files with 544 additions and 9 deletions
--- a/tests-integration/README.md
+++ b/tests-integration/README.md
@@ -54,3 +54,45 @@ cd tests-integration/fixtures

 docker compose -f docker-compose.yml up kafka
 ```
+
+## Setup tests with etcd TLS
+
+This guide explains how to set up and test TLS-enabled etcd connections in GreptimeDB integration tests.
+
+### Quick Start
+
+TLS certificates are already at `tests-integration/fixtures/etcd-tls-certs/`.
+
+1. **Start TLS-enabled etcd**:
+   ```bash
+   cd tests-integration/fixtures
+   docker compose up etcd-tls -d
+   ```
+
+2. **Start all services (including etcd-tls)**:
+   ```bash
+   cd tests-integration/fixtures
+   docker compose up -d --wait
+   ```
+
+### Certificate Details
+
+The checked-in certificates include:
+- `ca.crt` - Certificate Authority certificate
+- `server.crt` / `server-key.pem` - Server certificate for etcd-tls service
+- `client.crt` / `client-key.pem` - Client certificate for connecting to etcd-tls
+
+The server certificate includes SANs for `localhost`, `etcd-tls`, `127.0.0.1`, and `::1`.
+
+### Regenerating Certificates (Optional)
+
+If you need to regenerate the certificates:
+```bash
+# Regenerate certificates (overwrites existing ones)
+./scripts/generate-etcd-tls-certs.sh
+
+# Or generate in custom location
+./scripts/generate-etcd-tls-certs.sh /path/to/cert/directory
+```
+
+**Note**: The checked-in certificates are for testing purposes only and should never be used in production.