我的书签
添加书签
移除书签Run etcd clusters inside containers
The following guide shows how to run etcd with rkt and Docker using the .
The following rkt run command will expose the etcd client API on port 2379 and expose the peer API on port 2380.
Use the host IP address when configuring etcd.
Trust the CoreOS App Signing Key.
# gpg key fingerprint is: 18AD 5014 C99E F7E3 BA5F 6CE9 50BD D3E0 FC8A 365E
Run the v3.2 version of etcd or specify another release version.
sudo rkt run --net=default:IP=${NODE1} quay.io/coreos/etcd:v3.2 -- -name=node1 -advertise-client-urls=http://${NODE1}:2379 -initial-advertise-peer-urls=http://${NODE1}:2380 -listen-client-urls=http://0.0.0.0:2379 -listen-peer-urls=http://${NODE1}:2380 -initial-cluster=node1=http://${NODE1}:2380
etcdctl --endpoints=http://192.168.1.21:2379 member list
Setup a 3 node cluster with rkt locally, using the -initial-cluster flag.
export NODE1=172.16.28.21export NODE2=172.16.28.22export NODE3=172.16.28.23
Verify the cluster is healthy and can be reached.
ETCDCTL_API=3 etcdctl --endpoints=http://172.16.28.21:2379,http://172.16.28.22:2379,http://172.16.28.23:2379 endpoint health
Production clusters which refer to peers by DNS name known to the local resolver must mount the .
In order to expose the etcd API to clients outside of Docker host, use the host IP address of the container. Please see docker inspect for more detail on how to get the IP address. Alternatively, specify --net=host flag to docker run command to skip placing the container inside of a separate network stack.
Use the host IP address when configuring etcd:
export NODE1=192.168.1.21
docker volume create --name etcd-dataexport DATA_DIR="etcd-data"
Run the latest version of etcd:
REGISTRY=quay.io/coreos/etcd# available from v3.2.5REGISTRY=gcr.io/etcd-development/etcddocker run \-p 2379:2379 \-p 2380:2380 \--volume=${DATA_DIR}:/etcd-data \--name etcd ${REGISTRY}:latest \/usr/local/bin/etcd \--data-dir=/etcd-data --name node1 \--initial-advertise-peer-urls http://${NODE1}:2380 --listen-peer-urls http://0.0.0.0:2380 \--advertise-client-urls http://${NODE1}:2379 --listen-client-urls http://0.0.0.0:2379 \--initial-cluster node1=http://${NODE1}:2380
List the cluster member:
REGISTRY=quay.io/coreos/etcd# available from v3.2.5REGISTRY=gcr.io/etcd-development/etcd# For each machineTOKEN=my-etcd-tokenCLUSTER_STATE=newNAME_1=etcd-node-0NAME_3=etcd-node-2HOST_1=10.20.30.1HOST_2=10.20.30.2HOST_3=10.20.30.3CLUSTER=${NAME_1}=http://${HOST_1}:2380,${NAME_2}=http://${HOST_2}:2380,${NAME_3}=http://${HOST_3}:2380DATA_DIR=/var/lib/etcd# For node 1THIS_NAME=${NAME_1}THIS_IP=${HOST_1}docker run \-p 2379:2379 \-p 2380:2380 \--volume=${DATA_DIR}:/etcd-data \--name etcd ${REGISTRY}:${ETCD_VERSION} \/usr/local/bin/etcd \--data-dir=/etcd-data --name ${THIS_NAME} \--initial-advertise-peer-urls http://${THIS_IP}:2380 --listen-peer-urls http://0.0.0.0:2380 \--advertise-client-urls http://${THIS_IP}:2379 --listen-client-urls http://0.0.0.0:2379 \--initial-cluster ${CLUSTER} \--initial-cluster-state ${CLUSTER_STATE} --initial-cluster-token ${TOKEN}# For node 2THIS_NAME=${NAME_2}THIS_IP=${HOST_2}docker run \-p 2379:2379 \-p 2380:2380 \--volume=${DATA_DIR}:/etcd-data \--name etcd ${REGISTRY}:${ETCD_VERSION} \/usr/local/bin/etcd \--data-dir=/etcd-data --name ${THIS_NAME} \--initial-advertise-peer-urls http://${THIS_IP}:2380 --listen-peer-urls http://0.0.0.0:2380 \--advertise-client-urls http://${THIS_IP}:2379 --listen-client-urls http://0.0.0.0:2379 \--initial-cluster ${CLUSTER} \# For node 3THIS_IP=${HOST_3}docker run \-p 2379:2379 \-p 2380:2380 \--volume=${DATA_DIR}:/etcd-data \--name etcd ${REGISTRY}:${ETCD_VERSION} \/usr/local/bin/etcd \--data-dir=/etcd-data --name ${THIS_NAME} \--initial-advertise-peer-urls http://${THIS_IP}:2380 --listen-peer-urls http://0.0.0.0:2380 \--advertise-client-urls http://${THIS_IP}:2379 --listen-client-urls http://0.0.0.0:2379 \--initial-cluster ${CLUSTER} \--initial-cluster-state ${CLUSTER_STATE} --initial-cluster-token ${TOKEN}
To run etcdctl using API version 3:
docker exec etcd /bin/sh -c "export ETCDCTL_API=3 && /usr/local/bin/etcdctl put foo bar"
To provision a 3 node etcd cluster on bare-metal, the examples in the may be useful.
The etcd release container does not include default root certificates. To use HTTPS with certificates trusted by a root authority (e.g., for discovery), mount a certificate directory into the etcd container:
REGISTRY=quay.io/coreos/etcd# available from v3.2.5REGISTRY=docker://gcr.io/etcd-development/etcdrkt run \--insecure-options=image \--volume etcd-ssl-certs-bundle,kind=host,source=/etc/ssl/certs/ca-certificates.crt \--mount volume=etcd-ssl-certs-bundle,target=/etc/ssl/certs/ca-certificates.crt \${REGISTRY}:latest -- --name my-name \--initial-advertise-peer-urls http://localhost:2380 --listen-peer-urls http://localhost:2380 \--advertise-client-urls http://localhost:2379 --listen-client-urls http://localhost:2379 \--discovery https://discovery.etcd.io/c11fbcdc16972e45253491a24fcf45e1
REGISTRY=quay.io/coreos/etcd# available from v3.2.5REGISTRY=gcr.io/etcd-development/etcddocker run \-p 2379:2379 \-p 2380:2380 \--volume=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt \${REGISTRY}:latest \/usr/local/bin/etcd --name my-name \--initial-advertise-peer-urls http://localhost:2380 --listen-peer-urls http://localhost:2380 \
