概述
【ETCD】通过 docker 快速搭建集群 etcd 环境
一、准备
1.下载镜像
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24
2.修改镜像为自己的镜像
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 镜像名:版本
docker push 镜像名:版本
二、安装简单版本
1.创建文件夹
mkdir -p /opt/etcd
2.运行
docker run --name etcd1
--restart=always
--net host -d
--restart always
--privileged=true
-m 4g
-v /opt/etcd:/var/etcd
-v /etc/localtime:/etc/localtime
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24
etcd --name etcd-mscm1
--auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592
--data-dir=/var/etcd/etcd-data
--listen-client-urls http://0.0.0.0:2379
--listen-peer-urls http://0.0.0.0:2380
--initial-advertise-peer-urls http://172.16.46.214:2380
--advertise-client-urls http://172.16.46.214:2379,http://172.16.46.214:2380
-initial-cluster-token mscm-etcd-cluster
-initial-cluster "etcd-mscm1=http://172.16.46.214:2380,etcd-mscm2=http://172.16.46.213:2380"
-initial-cluster-state new
docker run --name etcd2
--restart=always
--net host -d
--restart always
--privileged=true
-m 4g
-v /opt/etcd:/var/etcd
-v /etc/localtime:/etc/localtime
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24
etcd --name etcd-mscm2
--auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592
--data-dir=/var/etcd/etcd-data
--listen-client-urls http://0.0.0.0:2379
--listen-peer-urls http://0.0.0.0:2380
--initial-advertise-peer-urls http://172.16.46.213:2380
--advertise-client-urls http://172.16.46.213:2379,http://172.16.46.213:2380
-initial-cluster-token mscm-etcd-cluster
-initial-cluster "etcd-mscm1=http://172.16.46.214:2380,etcd-mscm2=http://172.16.46.213:2380"
-initial-cluster-state new
参数:
-
–auto-compaction-retention
- 由于ETCD数据存储多版本数据,随着写入的主键增加历史版本需要定时清理,默认的历史数据是不会清理的,数据达到2G就不能写入,必须要清理压缩历史数据才能继续写入;所以根据业务需求,在上生产环境之前就提前确定,历史数据多长时间压缩一次;推荐一小时压缩一次数据这样可以极大的保证集群稳定,减少内存和磁盘占用
-
–max-request-bytes
- etcd Raft消息最大字节数,ETCD默认该值为1.5M; 但是很多业务场景发现同步数据的时候1.5M完全没法满足要求,所以提前确定初始值很重要;由于1.5M导致我们线上的业务无法写入元数据的问题,我们紧急升级之后把该值修改为默认32M,但是官方推荐的是10M,大家可以根据业务情况自己调整
-
–quota-backend-bytes
- ETCD db数据大小,默认是2G,当数据达到2G的时候就不允许写入,必须对历史数据进行压缩才能继续写入;参加1里面说的,我们启动的时候就应该提前确定大小,官方推荐是8G,这里我们也使用8G的配置
-
–data-dir
- 数据存储目录
-
–listen-client-urls
- 本节点访问地址,地址写法是 scheme://IP:port,可以多个并用逗号隔开,如果配置是http://0.0.0.0:2379,将不限制node访问地址
-
–listen-peer-urls
- 本节点与其他节点进行数据交换(选举,数据同步)的监听地址,地址写法是 scheme://IP:port,可以多个并用逗号隔开,如果配置是http://0.0.0.0:2379,将不限制node访问地址
-
–initial-advertise-peer-urls
-
通知其他节点与本节点进行数据交换(选举,同步)的地址,URL可以使用domain地址。
与–listener-peer-urls不同在于listener-peer-urls用于请求客户端的接入控制,initial-advertise-peer-urls是告知其他集群节点访问哪个URL,一般来说,initial-advertise-peer-urlsl将是istener-peer-urls的子集
-
-
–advertise-client-urls
- 用于通知其他ETCD节点,客户端接入本节点的监听地址,一般来说advertise-client-urls是listen-client-urls子集
-
–initial-cluster-token
- 集群唯一标识,相同标识的节点将视为在一个集群内
-
–initial-cluster
- 集群所有节点配置,多个用逗号隔开。
-
–initial-cluster-state
- 节点初始化方式,new 表示如果没有集群不存在,创建新集群,existing表示如果集群不存在,节点将处于加入集群失败状态。
3.验证
#进入容器
docker exec -it 容器 /bin/sh
#输入
etcdctl member list
etcdctl cluster-health
三、TLS证书安装
1.安装证书生成工具cfssl
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
2.验证
cfssl --hellp
3.生成一个配置模板
cfssl print-defaults config > ca-config.json
#修改成下面
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"mscmssl": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
4.生成一个csr
cfssl print-defaults csr > ca-csr.json
{
"CN": "mscmssl",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "HangZhou",
"ST": "HangZhou",
"O": "mscm",
"OU":"System"
}
]
}
5.生成ca证书
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ZD8kFufX-1603246454241)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915151953140.png)]
6.生成server-csr.json
cat > server-csr.json <<EOF
{
"CN": "mscmssl",
"hosts": [
"127.0.0.1",
"172.16.46.214",
"172.16.46.213"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "HangZhou",
"ST": "HangZhou",
"O":"mscm",
"OU": "System"
}
]
}
EOF
7.生成server证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json
-profile=mscmssl server-csr.json | cfssljson -bare server
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-AKNLtpYF-1603246454242)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915153415753.png)]
8.生成admin-csr.json
cat > admin-csr.json <<EOF
{
"CN": "admin",
"hosts": [ ],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "HangZhou",
"ST": "HangZhou",
"O":"system:masters",
"OU": "System"
}
]
}
EOF
9.生成admin证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json
-profile=mscmssl admin-csr.json | cfssljson -bare admin
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-9BlLvJ3T-1603246454243)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915153842455.png)]
10.删除其他文件,保存.pem文件
ls | grep -v pem | xargs -i rm {}
11.把证书放入相应的文件夹
mkdir /opt/etcd/ssl
cp -rf ca-key.pem ca.pem server-key.pem server.pem /opt/etcd/ssl/
11.运行
docker run --name etcd-213
--restart=always
--net host -d
--restart always
--privileged=true
-m 4g
-v /opt/etcd:/var/etcd
-v /etc/localtime:/etc/localtime
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24
etcd --name etcd-mscm-213
--auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592
--enable-v2='true'
--client-cert-auth='true'
--trusted-ca-file=/var/etcd/ssl/ca.pem
--cert-file=/var/etcd/ssl/server.pem
--key-file=/var/etcd/ssl/server-key.pem
--peer-client-cert-auth='true'
--peer-trusted-ca-file=/var/etcd/ssl/ca.pem
--peer-cert-file=/var/etcd/ssl/server.pem
--peer-key-file=/var/etcd/ssl/server-key.pem
--trusted-ca-file=/var/etcd/ssl/ca.pem
--peer-trusted-ca-file=/var/etcd/ssl/ca.pem
--data-dir=/var/etcd/etcd-data
--listen-client-urls http://0.0.0.0:2379
--listen-peer-urls http://0.0.0.0:2380
--initial-advertise-peer-urls http://172.16.46.213:2380
--advertise-client-urls http://172.16.46.213:2379,http://172.16.46.213:2380
-initial-cluster-token mscm-etcd-cluster
-initial-cluster "etcd-mscm-214=http://172.16.46.214:2380,etcd-mscm-213=http://172.16.46.213:2380"
-initial-cluster-state new
docker run --name etcd-214
--restart=always
--net host -d
--restart always
--privileged=true
-m 4g
-v /opt/etcd:/var/etcd
-v /etc/localtime:/etc/localtime
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24
etcd --name etcd-mscm-214
--auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592
--enable-v2='true'
--client-cert-auth='true'
--ca-file=/var/etcd/ssl/ca.pem
--cert-file=/var/etcd/ssl/server.pem
--key-file=/var/etcd/ssl/server-key.pem
--peer-client-cert-auth='true'
--peer-trusted-ca-file=/var/etcd/ssl/ca.pem
--peer-cert-file=/var/etcd/ssl/server.pem
--peer-key-file=/var/etcd/ssl/server-key.pem
--trusted-ca-file=/var/etcd/ssl/ca.pem
--peer-trusted-ca-file=/var/etcd/ssl/ca.pem
--data-dir=/var/etcd/etcd-data
--listen-client-urls http://0.0.0.0:2379
--listen-peer-urls http://0.0.0.0:2380
--initial-advertise-peer-urls http://172.16.46.214:2380
--advertise-client-urls http://172.16.46.214:2379,http://172.16.46.214:2380
-initial-cluster-token mscm-etcd-cluster
-initial-cluster "etcd-mscm-214=http://172.16.46.214:2380,etcd-mscm-213=http://172.16.46.213:2380"
-initial-cluster-state new
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-UkVZCQ6w-1603246454245)(/Users/hbsky/Library/Application Support/typora-user-images/image-20200915165739599.png)]
注意:docker安装的etcd有问题,集群一会好一会坏,推荐使用二进制
四、二进制安装
1.下载二进制文件
wget https://github.com/etcd-io/etcd/releases/download/v3.2.12/etcd-v3.2.12-linux-amd64.tar.gz
2.创建文件夹
mkdir -p /opt/etcd/bin cfg ssl
3.解压后文件迁移
tar -zxvf etcd-v3.2.12-linux-amd64.tar.gz
cd etcd-v3.2.12-linux-amd64
mv etcd /opt/etcd/bin/
mv etcdctl /opt/etcd/bin/
4.创建配置文件
cat > /opt/etcd/cfg/etcd <<EOF
#[Member]
ETCD_NAME="etcd214"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://172.16.46.214:2380" ETCD_LISTEN_CLIENT_URLS="https://172.16.46.214:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.46.214:2380" ETCD_ADVERTISE_CLIENT_URLS="https://172.16.46.214:2379" ETCD_INITIAL_CLUSTER="etcd214=https://172.16.46.214:2380,etcd213=https://172.16.46.213:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF
5.启动文件
vim /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=-/opt/etcd/cfg/etcd
ExecStart=/opt/etcd/bin/etcd
--name=${ETCD_NAME}
--data-dir=${ETCD_DATA_DIR}
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS}
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS}
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS}
--initial-cluster=${ETCD_INITIAL_CLUSTER}
--initial-cluster-token=${ETCD_INITIAL_CLUSTER}
--initial-cluster-state=new
--cert-file=/opt/etcd/ssl/server.pem
--key-file=/opt/etcd/ssl/server-key.pem
--peer-cert-file=/opt/etcd/ssl/server.pem
--peer-key-file=/opt/etcd/ssl/server-key.pem
--trusted-ca-file=/opt/etcd/ssl/ca.pem
--peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
6.设置互信
cd /root
ssh-keygen #注意:一直回车
#设置通讯
ssh-copy-id root@172.16.46.213
#分别在节点创建文件夹,文件传递
mkdir /opt/etcd/{bin,cfg,ssl} -p
scp -r /opt/etcd/bin/ root@172.16.46.213:/opt/etcd
scp -r /opt/etcd/cfg/ root@172.16.46.213:/opt/etcd
scp -r /opt/etcd/ssl/ root@172.16.46.213:/opt/etcd
scp /usr/lib/systemd/system/etcd.service root@172.16.46.213:/usr/lib/systemd/system
注意:记得修改其他节点配置文件信息
7.启动
#启动服务
systemctl start etcd
#开机自启
systemctl enable etcd
#有问题查看日志
tail /var/log/messages
8.配置环境变量,让etcdctl命令任何地方都可以调用类似于配置jdk的环境变量一样
vim /etc/profile
#后面追加
PATH=$PATH:/opt/etcd/bin
#重置环境变量
source /etc/profile
9.验证 客户端访问查看集群因为我们的etcd是加密的.需要加密key
etcdctl --ca-file=/opt/etcd/ssl/ca.pem
--cert-file=/opt/etcd/ssl/server.pem
--key-file=/opt/etcd/ssl/server-key.pem
--endpoints="https://172.16.46.213:2379,https://172.16.46.214:2379" cluster-health
五、flannel网路集群
1.写入分配的子网段到etcd,供flanneld使用
#设置
etcdctl --ca-file=/opt/etcd/ssl/ca.pem
--cert-file=/opt/etcd/ssl/server.pem
--key-file=/opt/etcd/ssl/server-key.pem
--endpoints="https://172.16.46.213:2379,https://172.16.46.214:2379"
set /coreos.com/network/config '{"Network":"100.10.0.0/16","Backend":{"Type":"vxlan"}}'
#查看
etcdctl --ca-file=/opt/etcd/ssl/ca.pem
--cert-file=/opt/etcd/ssl/server.pem
--key-file=/opt/etcd/ssl/server-key.pem
--endpoints="https://172.16.46.213:2379,https://172.16.46.214:2379"
get /coreos.com/network/config
2.下载二进制包
wget https://github.com/coreos/flannel/releases/download/v0.9.1/flannel-v0.9.1-linux-amd64.tar.gz
3.解压
tar -zxvf flannel-v0.9.1-linux-amd64.tar.gz
mv flanneld mk-docker-opts.sh /opt/etcd/bin/
#复制到另一个节点
scp -r /opt/etcd/bin/flanneld root@172.16.46.213:/opt/etcd/bin
scp -r /opt/etcd/bin/mk-docker-opts.sh root@172.16.46.213:/opt/etcd/bin
4.创建配置文件
vim /opt/etcd/cfg/flanneld
FLANNEL_ETCD="-etcd-endpoints=https://172.16.46.213:2379,https://172.16.46.214:2379"
FLANNEL_ETCD_CAFILE="--etcd-cafile=/opt/etcd/ssl/ca.pem"
FLANNEL_ETCD_CERTFILE="--etcd-certfile=/opt/etcd/ssl/server.pem"
FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/opt/etcd/ssl/server-key.pem"
5.systemd管理flannel
vim /usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
Before=docker.service
[Service]
Type=notify
EnvironmentFile=-/opt/etcd/cfg/flanneld
ExecStart=/opt/etcd/bin/flanneld --ip-masq ${FLANNEL_ETCD} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE}
ExecStartPost=/opt/etcd/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure
[Install]
WantedBy=multi-user.target
6.启动
systemctl start flanneld
systemctl enable flanneld
7.配置docker启动指定子网段
vim /run/flannel/subnet.env
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-IXGyJ8EV-1603246454246)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915192508251.png)]
#设置docker启动类
vim /usr/lib/systemd/system/docker.service
#添加
EnvironmentFile=-/run/flannel/subnet.env
$DOCKER_NETWORK_OPTIONS
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-MRduTGMc-1603246454247)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915193216757.png)]
8.重启docker
systemctl daemon-reload
systemctl restart docker
9.验证
ifconfig #docker与flannel的ip在一个网段就正确
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-31lYZVMl-1603246454248)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915193640996.png)]
etcd配置参数详解
针对ETCD版本 3.2.17
--name 节点名称
default: "default"
env variable: ETCD_NAME
这个值和--initial-cluster flag (e.g., default=http://localhost:2380)中的key值一一对应,如果在集群环境中,name必须是唯一的,建议用主机名称或者机器ID。
--data-dir 数据存储目录
default: "${name}.etcd"
env variable: ETCD_DATA_DIR
--wal-dir
default: ""
env variable: ETCD_WAL_DIR
存放预写式日志,最大的作用是记录了整个数据变化的全部历程。未设置,共用--data-dir文件所在目录。
--snapshot-count
default: "100000"
env variable: ETCD_SNAPSHOT_COUNT
数据快照触发数量,etcd处理指定的次数的事务提交后,生产数据快照
--heartbeat-interval 客户端连接后的心跳间隔(毫秒)
default: "100"
env variable: ETCD_HEARTBEAT_INTERVAL
--election-timeout 集群选举的超时时间
default: "1000"
env variable: ETCD_ELECTION_TIMEOUT
--listen-peer-urls
本节点与其他节点进行数据交换(选举,数据同步)的监听地址,地址写法是 scheme://IP:port,可以多个并用逗号隔开,如果配置是http://0.0.0.0:2379,将不限制node访问地址
default: "http://localhost:2380"
env variable: ETCD_LISTEN_PEER_URLS
example: "http://10.0.0.1:2380"
invalid example: "http://example.com:2380" (domain name is invalid for binding)
--listen-client-urls
本节点访问地址,地址写法是 scheme://IP:port,可以多个并用逗号隔开,如果配置是http://0.0.0.0:2379,将不限制node访问地址
default: "http://localhost:2379"
env variable: ETCD_LISTEN_CLIENT_URLS
example: "http://10.0.0.1:2379"
invalid example: "http://example.com:2379" (domain name is invalid for binding)
--max-snapshots
最大快照数量 0表示不限制,在window平台设置无效。
default: 5
env variable: ETCD_MAX_SNAPSHOTS
--max-wals
最大预写日志数量 0表示不限制,在window平台设置无效。
default: 5
env variable: ETCD_MAX_WALS
--cors
Comma-separated white list of origins for CORS (cross-origin resource sharing).
default: none
env variable: ETCD_CORS
集群配置
--initial-advertise-peer-urls
通知其他节点与本节点进行数据交换(选举,同步)的地址,URL可以使用domain地址。
与--listener-peer-urls不同在于listener-peer-urls用于请求客户端的接入控制,initial-advertise-peer-urls是告知其他集群节点访问哪个URL,一般来说,initial-advertise-peer-urlsl将是istener-peer-urls的子集
default: "http://localhost:2380"
env variable: ETCD_INITIAL_ADVERTISE_PEER_URLS
example: "http://example.com:2380, http://10.0.0.1:2380"
--initial-cluster
集群所有节点配置,多个用逗号隔开。
default: "default=http://localhost:2380"
env variable: ETCD_INITIAL_CLUSTER
The key is the value of the --name flag for each node provided. The default uses default for the key because this is the default for the --name flag.
--initial-cluster-state
节点初始化方式,new 表示如果没有集群不存在,创建新集群,existing表示如果集群不存在,节点将处于加入集群失败状态。
default: "new"
env variable: ETCD_INITIAL_CLUSTER_STATE
--initial-cluster-token
集群唯一标识,相同标识的节点将视为在一个集群内。
default: "etcd-cluster"
env variable: ETCD_INITIAL_CLUSTER_TOKEN
--advertise-client-urls
用于通知其他ETCD节点,客户端接入本节点的监听地址,一般来说advertise-client-urls是listen-client-urls子集
default: "http://localhost:2379"
env variable: ETCD_ADVERTISE_CLIENT_URLS
example: "http://example.com:2379, http://10.0.0.1:2379"
注意,不能写http://localhost:237,这样就是通知其他节点,可以用localhost访问,将导致ectd的客户端用localhost访问本地,导致访问不通。还有一个更可怕情况,ectd布置了代理层,代理层将一直通过locahost访问自己的代理接口,导致无限循环。
--discovery
集群发现服务地址
default: none
env variable: ETCD_DISCOVERY
--discovery-srv
DNS发现服务地址
default: none
env variable: ETCD_DISCOVERY_SRV
--discovery-fallback
Expected behavior ("exit" or "proxy") when discovery services fails. "proxy" supports v2 API only.
default: "proxy"
env variable: ETCD_DISCOVERY_FALLBACK
--discovery-proxy
HTTP proxy to use for traffic to discovery service.
default: none
env variable: ETCD_DISCOVERY_PROXY
--strict-reconfig-check
Reject reconfiguration requests that would cause quorum loss.
default: false
env variable: ETCD_STRICT_RECONFIG_CHECK
--auto-compaction-retention
Auto compaction retention for mvcc key value store in hour. 0 means disable auto compaction.
default: 0
env variable: ETCD_AUTO_COMPACTION_RETENTION
--enable-v2 是否接受V2的API访问
default: true
env variable: ETCD_ENABLE_V2
代理
--proxy
Proxy mode setting ("off", "readonly" or "on").
default: "off"
env variable: ETCD_PROXY
--proxy-failure-wait
Time (in milliseconds) an endpoint will be held in a failed state before being reconsidered for proxied requests.
default: 5000
env variable: ETCD_PROXY_FAILURE_WAIT
--proxy-refresh-interval
代理节点刷新时间间隔(毫秒)
Time (in milliseconds) of the endpoints refresh interval.
default: 30000
env variable: ETCD_PROXY_REFRESH_INTERVAL
--proxy-dial-timeout
Time (in milliseconds) for a dial to timeout or 0 to disable the timeout
default: 1000
env variable: ETCD_PROXY_DIAL_TIMEOUT
--proxy-write-timeout
Time (in milliseconds) for a write to timeout or 0 to disable the timeout.
default: 5000
env variable: ETCD_PROXY_WRITE_TIMEOUT
--proxy-read-timeout
Time (in milliseconds) for a read to timeout or 0 to disable the timeout.
Don't change this value if using watches because use long polling requests.
default: 0
env variable: ETCD_PROXY_READ_TIMEOUT
安全
--cert-file
Path to the client server TLS cert file.
default: none
env variable: ETCD_CERT_FILE
--key-file
Path to the client server TLS key file.
default: none
env variable: ETCD_KEY_FILE
--client-cert-auth
Enable client cert authentication.
default: false
env variable: ETCD_CLIENT_CERT_AUTH
--trusted-ca-file
Path to the client server TLS trusted CA key file.
default: none
env variable: ETCD_TRUSTED_CA_FILE
--auto-tls
Client TLS using generated certificates
default: false
env variable: ETCD_AUTO_TLS
--peer-cert-file
Path to the peer server TLS cert file.
default: none
env variable: ETCD_PEER_CERT_FILE
--peer-key-file
Path to the peer server TLS key file.
default: none
env variable: ETCD_PEER_KEY_FILE
--peer-client-cert-auth
启用对等客户端证书认证。
default: false
env variable: ETCD_PEER_CLIENT_CERT_AUTH
--peer-trusted-ca-file
Path to the peer server TLS trusted CA file.
default: none
env variable: ETCD_PEER_TRUSTED_CA_FILE
--peer-auto-tls
Peer TLS using generated certificates
default: false
env variable: ETCD_PEER_AUTO_TLS
日志
--debug
Drop the default log level to DEBUG for all subpackages.
default: false (INFO for all packages)
env variable: ETCD_DEBUG
--log-package-levels
Set individual etcd subpackages to specific log levels. An example being etcdserver=WARNING,security=DEBUG
default: none (INFO for all packages)
env variable: ETCD_LOG_PACKAGE_LEVELS
不安全配置
--force-new-cluster
Force to create a new one-member cluster. It commits configuration changes forcing to remove all existing members in the cluster and add itself. It needs to be set to restore a backup.
default: false
env variable: ETCD_FORCE_NEW_CLUSTER
其他配置
--version
Print the version and exit.
default: false
--config-file
Load server configuration from a file.
default: none
Profiling flags
--enable-pprof
Enable runtime profiling data via HTTP server. Address is at client URL + "/debug/pprof/"
default: false
--metrics
Set level of detail for exported metrics, specify 'extensive' to include histogram metrics.
default: basic
认证
--auth-token
Specify a token type and token specific options, especially for JWT. Its format is "type,var1=val1,var2=val2,…". Possible type is 'simple' or 'jwt'. Possible variables are 'sign-method' for specifying a sign method of jwt (its possible values are 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'PS256', 'PS384', or 'PS512'), 'pub-key' for specifying a path to a public key for verifying jwt, and 'priv-key' for specifying a path to a private key for signing jwt.
最后
以上就是虚幻棉花糖为你收集整理的【ETCD】通过 docker 快速搭建集群 etcd 环境的全部内容,希望文章能够帮你解决【ETCD】通过 docker 快速搭建集群 etcd 环境所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复