milvus-io/milvus

[Feat]: Milvus cannot connect to kafka&minio with ssl

Open

#27,461 opened on 2023年10月2日

GitHub で見る
 (19 comments) (0 reactions) (1 assignee)Go (44,298 stars) (4,000 forks)batch import
help wantedkind/feature

説明

Is there an existing issue for this?

  • I have searched the existing issues

Environment

- Milvus version: latest
- Deployment mode(standalone or cluster): standalone
- MQ type(rocksmq, pulsar or kafka): kafka with ssl
- Metadata storage: etcd with ssl
- S3: minio with ssl

Current Behavior

milvus cannot connect external services kafka & minio which configued with ssl

Expected Behavior

milvus could connect kafka & minio with ssl

Steps To Reproduce

1. Startup external services etcd, minio and kafka with ssl 
2. Configure milvus

.yaml
etcd:
  endpoints: [external-etcd-address]
  ......
  ssl:
    enabled: false # Whether to support ETCD secure connection mode
    tlsCert: /path/to/etcd-client.pem # path to your cert file
    tlsKey: /path/to/etcd-client-key.pem # path to your key file
    tlsCACert: /path/to/ca.pem # path to your CACert file
    # TLS min version
    # Optional values: 1.0, 1.1, 1.2, 1.3。
    # We recommend using version 1.2 and above
    tlsMinVersion: 1.3
  ......
......
minio:
  address: external-minio-address
  ......
  useSSL: true
  ......
......
kafka:
  brokerList: [external-kafka-brokers-address]
  ......
  securityProtocol: SSL
  ......
......
3. startup milvus, cannot connect to kafka & minio, ssl handshake will fail

Milvus Log

No response

Anything else?

should handle kafka & minio ssl just like etcd

コントリビューターガイド

技術スタック
gokafka
領域
databaseinfrastructuresecurity
Issue 種別
feature
難度新しい貢献者にとっての実装難度です。1 は非常に小さな変更、5 は専門的な作業です。
4
推定時間経験ある貢献者が調査、実装、テスト、pull request 準備にかけるおおよその時間範囲です。
3-5 days
活動状況Issue が今どれだけ取り組みやすいかを示します。新しい、活発、古い、ブロック中、またはメンテナー入力待ちなどです。
blocked
明確さ期待される変更、受け入れ条件、次の手順がどれだけ明確かを示します。
clear
前提条件
Go programmingSSL/TLS fundamentalsMilvus configuration
初心者向け度初回貢献者にどれだけ取り組みやすいかを 1-100 で推定したスコアです。
25
調査方針
Investigate how etcd SSL connection is implemented in the Milvus codebase (e.g., in internal/kv/etcd or similar). Then apply the same pattern to Kafka and Minio connection setup. Review the configuration handling for etcd's ssl section in the YAML and replicate for kafka and minio. Check the issue comments for any progress or suggestions from the assignee. The goal is to implement TLS/SSL support for Kafka and Minio clients, ensuring the configuration options are exposed similarly.