2. it技术
  3. 【ETCD】通过 docker 快速搭建集群 etcd 环境

【ETCD】通过 docker 快速搭建集群 etcd 环境

it2024-01-25  69

【ETCD】通过 docker 快速搭建集群 etcd 环境

一、准备

1.下载镜像

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24

2.修改镜像为自己的镜像

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 镜像名:版本 docker push 镜像名:版本

二、安装简单版本

1.创建文件夹

mkdir -p /opt/etcd

2.运行

docker run --name etcd1 \ --restart=always \ --net host -d \ --restart always \ --privileged=true \ -m 4g \ -v /opt/etcd:/var/etcd \ -v /etc/localtime:/etc/localtime \ registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 \ etcd --name etcd-mscm1 \ --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 \ --data-dir=/var/etcd/etcd-data \ --listen-client-urls http://0.0.0.0:2379 \ --listen-peer-urls http://0.0.0.0:2380 \ --initial-advertise-peer-urls http://172.16.46.214:2380 \ --advertise-client-urls http://172.16.46.214:2379,http://172.16.46.214:2380 \ -initial-cluster-token mscm-etcd-cluster \ -initial-cluster "etcd-mscm1=http://172.16.46.214:2380,etcd-mscm2=http://172.16.46.213:2380" \ -initial-cluster-state new docker run --name etcd2 \ --restart=always \ --net host -d \ --restart always \ --privileged=true \ -m 4g \ -v /opt/etcd:/var/etcd \ -v /etc/localtime:/etc/localtime \ registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 \ etcd --name etcd-mscm2 \ --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 \ --data-dir=/var/etcd/etcd-data \ --listen-client-urls http://0.0.0.0:2379 \ --listen-peer-urls http://0.0.0.0:2380 \ --initial-advertise-peer-urls http://172.16.46.213:2380 \ --advertise-client-urls http://172.16.46.213:2379,http://172.16.46.213:2380 \ -initial-cluster-token mscm-etcd-cluster \ -initial-cluster "etcd-mscm1=http://172.16.46.214:2380,etcd-mscm2=http://172.16.46.213:2380" \ -initial-cluster-state new

参数:

–auto-compaction-retention

由于ETCD数据存储多版本数据,随着写入的主键增加历史版本需要定时清理,默认的历史数据是不会清理的,数据达到2G就不能写入,必须要清理压缩历史数据才能继续写入;所以根据业务需求,在上生产环境之前就提前确定,历史数据多长时间压缩一次;推荐一小时压缩一次数据这样可以极大的保证集群稳定,减少内存和磁盘占用

–max-request-bytes

etcd Raft消息最大字节数,ETCD默认该值为1.5M; 但是很多业务场景发现同步数据的时候1.5M完全没法满足要求,所以提前确定初始值很重要;由于1.5M导致我们线上的业务无法写入元数据的问题,我们紧急升级之后把该值修改为默认32M,但是官方推荐的是10M,大家可以根据业务情况自己调整

–quota-backend-bytes

ETCD db数据大小,默认是2G,当数据达到2G的时候就不允许写入,必须对历史数据进行压缩才能继续写入;参加1里面说的,我们启动的时候就应该提前确定大小,官方推荐是8G,这里我们也使用8G的配置

–data-dir

数据存储目录

–listen-client-urls

本节点访问地址,地址写法是 scheme://IP:port,可以多个并用逗号隔开,如果配置是http://0.0.0.0:2379,将不限制node访问地址

–listen-peer-urls

本节点与其他节点进行数据交换(选举,数据同步)的监听地址,地址写法是 scheme://IP:port,可以多个并用逗号隔开,如果配置是http://0.0.0.0:2379,将不限制node访问地址

–initial-advertise-peer-urls

通知其他节点与本节点进行数据交换(选举,同步)的地址,URL可以使用domain地址。

与–listener-peer-urls不同在于listener-peer-urls用于请求客户端的接入控制,initial-advertise-peer-urls是告知其他集群节点访问哪个URL,一般来说,initial-advertise-peer-urlsl将是istener-peer-urls的子集

–advertise-client-urls

用于通知其他ETCD节点,客户端接入本节点的监听地址,一般来说advertise-client-urls是listen-client-urls子集

–initial-cluster-token

集群唯一标识,相同标识的节点将视为在一个集群内

–initial-cluster

集群所有节点配置,多个用逗号隔开。

–initial-cluster-state

节点初始化方式,new 表示如果没有集群不存在,创建新集群,existing表示如果集群不存在,节点将处于加入集群失败状态。

3.验证

#进入容器 docker exec -it 容器 /bin/sh #输入 etcdctl member list etcdctl cluster-health

三、TLS证书安装

1.安装证书生成工具cfssl

wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64 mv cfssl_linux-amd64 /usr/local/bin/cfssl mv cfssljson_linux-amd64 /usr/local/bin/cfssljson mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo

2.验证

cfssl --hellp

3.生成一个配置模板

cfssl print-defaults config > ca-config.json #修改成下面 { "signing": { "default": { "expiry": "87600h" }, "profiles": { "mscmssl": { "expiry": "87600h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } }

4.生成一个csr

cfssl print-defaults csr > ca-csr.json { "CN": "mscmssl", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "HangZhou", "ST": "HangZhou", "O": "mscm", "OU":"System" } ] }

5.生成ca证书

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ZD8kFufX-1603246454241)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915151953140.png)]

6.生成server-csr.json

cat > server-csr.json <<EOF { "CN": "mscmssl", "hosts": [ "127.0.0.1", "172.16.46.214", "172.16.46.213" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "HangZhou", "ST": "HangZhou", "O":"mscm", "OU": "System" } ] } EOF

7.生成server证书

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json \ -profile=mscmssl server-csr.json | cfssljson -bare server

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-AKNLtpYF-1603246454242)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915153415753.png)]

8.生成admin-csr.json

cat > admin-csr.json <<EOF { "CN": "admin", "hosts": [ ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "HangZhou", "ST": "HangZhou", "O":"system:masters", "OU": "System" } ] } EOF

9.生成admin证书

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json \ -profile=mscmssl admin-csr.json | cfssljson -bare admin

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-9BlLvJ3T-1603246454243)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915153842455.png)]

10.删除其他文件,保存.pem文件

ls | grep -v pem | xargs -i rm {}

11.把证书放入相应的文件夹

mkdir /opt/etcd/ssl cp -rf ca-key.pem ca.pem server-key.pem server.pem /opt/etcd/ssl/

11.运行

docker run --name etcd-213 \ --restart=always \ --net host -d \ --restart always \ --privileged=true \ -m 4g \ -v /opt/etcd:/var/etcd \ -v /etc/localtime:/etc/localtime \ registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 \ etcd --name etcd-mscm-213 \ --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 \ --enable-v2='true' \ --client-cert-auth='true' \ --trusted-ca-file=/var/etcd/ssl/ca.pem \ --cert-file=/var/etcd/ssl/server.pem \ --key-file=/var/etcd/ssl/server-key.pem \ --peer-client-cert-auth='true' \ --peer-trusted-ca-file=/var/etcd/ssl/ca.pem \ --peer-cert-file=/var/etcd/ssl/server.pem \ --peer-key-file=/var/etcd/ssl/server-key.pem \ --trusted-ca-file=/var/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/var/etcd/ssl/ca.pem \ --data-dir=/var/etcd/etcd-data \ --listen-client-urls http://0.0.0.0:2379 \ --listen-peer-urls http://0.0.0.0:2380 \ --initial-advertise-peer-urls http://172.16.46.213:2380 \ --advertise-client-urls http://172.16.46.213:2379,http://172.16.46.213:2380 \ -initial-cluster-token mscm-etcd-cluster \ -initial-cluster "etcd-mscm-214=http://172.16.46.214:2380,etcd-mscm-213=http://172.16.46.213:2380" \ -initial-cluster-state new docker run --name etcd-214 \ --restart=always \ --net host -d \ --restart always \ --privileged=true \ -m 4g \ -v /opt/etcd:/var/etcd \ -v /etc/localtime:/etc/localtime \ registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 \ etcd --name etcd-mscm-214 \ --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 \ --enable-v2='true' \ --client-cert-auth='true' \ --ca-file=/var/etcd/ssl/ca.pem \ --cert-file=/var/etcd/ssl/server.pem \ --key-file=/var/etcd/ssl/server-key.pem \ --peer-client-cert-auth='true' \ --peer-trusted-ca-file=/var/etcd/ssl/ca.pem \ --peer-cert-file=/var/etcd/ssl/server.pem \ --peer-key-file=/var/etcd/ssl/server-key.pem \ --trusted-ca-file=/var/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/var/etcd/ssl/ca.pem \ --data-dir=/var/etcd/etcd-data \ --listen-client-urls http://0.0.0.0:2379 \ --listen-peer-urls http://0.0.0.0:2380 \ --initial-advertise-peer-urls http://172.16.46.214:2380 \ --advertise-client-urls http://172.16.46.214:2379,http://172.16.46.214:2380 \ -initial-cluster-token mscm-etcd-cluster \ -initial-cluster "etcd-mscm-214=http://172.16.46.214:2380,etcd-mscm-213=http://172.16.46.213:2380" \ -initial-cluster-state new

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-UkVZCQ6w-1603246454245)(/Users/hbsky/Library/Application Support/typora-user-images/image-20200915165739599.png)]

注意:docker安装的etcd有问题,集群一会好一会坏,推荐使用二进制

四、二进制安装

1.下载二进制文件

wget https://github.com/etcd-io/etcd/releases/download/v3.2.12/etcd-v3.2.12-linux-amd64.tar.gz

2.创建文件夹

mkdir -p /opt/etcd/bin cfg ssl

3.解压后文件迁移

tar -zxvf etcd-v3.2.12-linux-amd64.tar.gz cd etcd-v3.2.12-linux-amd64 mv etcd /opt/etcd/bin/ mv etcdctl /opt/etcd/bin/

4.创建配置文件

cat > /opt/etcd/cfg/etcd <<EOF #[Member] ETCD_NAME="etcd214" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://172.16.46.214:2380" ETCD_LISTEN_CLIENT_URLS="https://172.16.46.214:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.46.214:2380" ETCD_ADVERTISE_CLIENT_URLS="https://172.16.46.214:2379" ETCD_INITIAL_CLUSTER="etcd214=https://172.16.46.214:2380,etcd213=https://172.16.46.213:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" EOF

5.启动文件

vim /usr/lib/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target [Service] Type=notify EnvironmentFile=-/opt/etcd/cfg/etcd ExecStart=/opt/etcd/bin/etcd \ --name=${ETCD_NAME} \ --data-dir=${ETCD_DATA_DIR} \ --listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \ --listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \ --advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \ --initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \ --initial-cluster=${ETCD_INITIAL_CLUSTER} \ --initial-cluster-token=${ETCD_INITIAL_CLUSTER} \ --initial-cluster-state=new \ --cert-file=/opt/etcd/ssl/server.pem \ --key-file=/opt/etcd/ssl/server-key.pem \ --peer-cert-file=/opt/etcd/ssl/server.pem \ --peer-key-file=/opt/etcd/ssl/server-key.pem \ --trusted-ca-file=/opt/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target

6.设置互信

cd /root ssh-keygen #注意:一直回车 #设置通讯 ssh-copy-id root@172.16.46.213 #分别在节点创建文件夹,文件传递 mkdir /opt/etcd/{bin,cfg,ssl} -p scp -r /opt/etcd/bin/ root@172.16.46.213:/opt/etcd scp -r /opt/etcd/cfg/ root@172.16.46.213:/opt/etcd scp -r /opt/etcd/ssl/ root@172.16.46.213:/opt/etcd scp /usr/lib/systemd/system/etcd.service root@172.16.46.213:/usr/lib/systemd/system

注意:记得修改其他节点配置文件信息

7.启动

#启动服务 systemctl start etcd #开机自启 systemctl enable etcd #有问题查看日志 tail /var/log/messages

8.配置环境变量,让etcdctl命令任何地方都可以调用类似于配置jdk的环境变量一样

vim /etc/profile #后面追加 PATH=$PATH:/opt/etcd/bin #重置环境变量 source /etc/profile

9.验证 客户端访问查看集群因为我们的etcd是加密的.需要加密key

etcdctl --ca-file=/opt/etcd/ssl/ca.pem \ --cert-file=/opt/etcd/ssl/server.pem \ --key-file=/opt/etcd/ssl/server-key.pem \ --endpoints="https://172.16.46.213:2379,https://172.16.46.214:2379" cluster-health

五、flannel网路集群

1.写入分配的子网段到etcd,供flanneld使用

#设置 etcdctl --ca-file=/opt/etcd/ssl/ca.pem \ --cert-file=/opt/etcd/ssl/server.pem \ --key-file=/opt/etcd/ssl/server-key.pem \ --endpoints="https://172.16.46.213:2379,https://172.16.46.214:2379" \ set /coreos.com/network/config '{"Network":"100.10.0.0/16","Backend":{"Type":"vxlan"}}' #查看 etcdctl --ca-file=/opt/etcd/ssl/ca.pem \ --cert-file=/opt/etcd/ssl/server.pem \ --key-file=/opt/etcd/ssl/server-key.pem \ --endpoints="https://172.16.46.213:2379,https://172.16.46.214:2379" \ get /coreos.com/network/config

2.下载二进制包

wget https://github.com/coreos/flannel/releases/download/v0.9.1/flannel-v0.9.1-linux-amd64.tar.gz

3.解压

tar -zxvf flannel-v0.9.1-linux-amd64.tar.gz mv flanneld mk-docker-opts.sh /opt/etcd/bin/ #复制到另一个节点 scp -r /opt/etcd/bin/flanneld root@172.16.46.213:/opt/etcd/bin scp -r /opt/etcd/bin/mk-docker-opts.sh root@172.16.46.213:/opt/etcd/bin

4.创建配置文件

vim /opt/etcd/cfg/flanneld FLANNEL_ETCD="-etcd-endpoints=https://172.16.46.213:2379,https://172.16.46.214:2379" FLANNEL_ETCD_CAFILE="--etcd-cafile=/opt/etcd/ssl/ca.pem" FLANNEL_ETCD_CERTFILE="--etcd-certfile=/opt/etcd/ssl/server.pem" FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/opt/etcd/ssl/server-key.pem"

5.systemd管理flannel

vim /usr/lib/systemd/system/flanneld.service [Unit] Description=Flanneld overlay address etcd agent After=network.target Before=docker.service [Service] Type=notify EnvironmentFile=-/opt/etcd/cfg/flanneld ExecStart=/opt/etcd/bin/flanneld --ip-masq ${FLANNEL_ETCD} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE} ExecStartPost=/opt/etcd/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env Restart=on-failure [Install] WantedBy=multi-user.target

6.启动

systemctl start flanneld systemctl enable flanneld

7.配置docker启动指定子网段

vim /run/flannel/subnet.env

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-IXGyJ8EV-1603246454246)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915192508251.png)]

#设置docker启动类 vim /usr/lib/systemd/system/docker.service #添加 EnvironmentFile=-/run/flannel/subnet.env $DOCKER_NETWORK_OPTIONS

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-MRduTGMc-1603246454247)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915193216757.png)]

8.重启docker

systemctl daemon-reload systemctl restart docker

9.验证

ifconfig #docker与flannel的ip在一个网段就正确

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-31lYZVMl-1603246454248)( https://typora-hb.oss-cn-shanghai.aliyuncs.com/typera/image-20200915193640996.png)]

etcd配置参数详解

针对ETCD版本 3.2.17 --name 节点名称 default: "default" env variable: ETCD_NAME 这个值和--initial-cluster flag (e.g., default=http://localhost:2380)中的key值一一对应,如果在集群环境中,name必须是唯一的,建议用主机名称或者机器ID。 --data-dir 数据存储目录 default: "${name}.etcd" env variable: ETCD_DATA_DIR --wal-dir default: "" env variable: ETCD_WAL_DIR 存放预写式日志,最大的作用是记录了整个数据变化的全部历程。未设置,共用--data-dir文件所在目录。 --snapshot-count default: "100000" env variable: ETCD_SNAPSHOT_COUNT 数据快照触发数量,etcd处理指定的次数的事务提交后,生产数据快照 --heartbeat-interval 客户端连接后的心跳间隔(毫秒) default: "100" env variable: ETCD_HEARTBEAT_INTERVAL --election-timeout 集群选举的超时时间 default: "1000" env variable: ETCD_ELECTION_TIMEOUT --listen-peer-urls 本节点与其他节点进行数据交换(选举,数据同步)的监听地址,地址写法是 scheme://IP:port,可以多个并用逗号隔开,如果配置是http://0.0.0.0:2379,将不限制node访问地址 default: "http://localhost:2380" env variable: ETCD_LISTEN_PEER_URLS example: "http://10.0.0.1:2380" invalid example: "http://example.com:2380" (domain name is invalid for binding) --listen-client-urls 本节点访问地址,地址写法是 scheme://IP:port,可以多个并用逗号隔开,如果配置是http://0.0.0.0:2379,将不限制node访问地址 default: "http://localhost:2379" env variable: ETCD_LISTEN_CLIENT_URLS example: "http://10.0.0.1:2379" invalid example: "http://example.com:2379" (domain name is invalid for binding) --max-snapshots 最大快照数量 0表示不限制,在window平台设置无效。 default: 5 env variable: ETCD_MAX_SNAPSHOTS --max-wals 最大预写日志数量 0表示不限制,在window平台设置无效。 default: 5 env variable: ETCD_MAX_WALS --cors Comma-separated white list of origins for CORS (cross-origin resource sharing). default: none env variable: ETCD_CORS 集群配置 --initial-advertise-peer-urls 通知其他节点与本节点进行数据交换(选举,同步)的地址,URL可以使用domain地址。 与--listener-peer-urls不同在于listener-peer-urls用于请求客户端的接入控制,initial-advertise-peer-urls是告知其他集群节点访问哪个URL,一般来说,initial-advertise-peer-urlsl将是istener-peer-urls的子集 default: "http://localhost:2380" env variable: ETCD_INITIAL_ADVERTISE_PEER_URLS example: "http://example.com:2380, http://10.0.0.1:2380" --initial-cluster 集群所有节点配置,多个用逗号隔开。 default: "default=http://localhost:2380" env variable: ETCD_INITIAL_CLUSTER The key is the value of the --name flag for each node provided. The default uses default for the key because this is the default for the --name flag. --initial-cluster-state 节点初始化方式,new 表示如果没有集群不存在,创建新集群,existing表示如果集群不存在,节点将处于加入集群失败状态。 default: "new" env variable: ETCD_INITIAL_CLUSTER_STATE --initial-cluster-token 集群唯一标识,相同标识的节点将视为在一个集群内。 default: "etcd-cluster" env variable: ETCD_INITIAL_CLUSTER_TOKEN --advertise-client-urls 用于通知其他ETCD节点,客户端接入本节点的监听地址,一般来说advertise-client-urls是listen-client-urls子集 default: "http://localhost:2379" env variable: ETCD_ADVERTISE_CLIENT_URLS example: "http://example.com:2379, http://10.0.0.1:2379" 注意,不能写http://localhost:237,这样就是通知其他节点,可以用localhost访问,将导致ectd的客户端用localhost访问本地,导致访问不通。还有一个更可怕情况,ectd布置了代理层,代理层将一直通过locahost访问自己的代理接口,导致无限循环。 --discovery 集群发现服务地址 default: none env variable: ETCD_DISCOVERY --discovery-srv DNS发现服务地址 default: none env variable: ETCD_DISCOVERY_SRV --discovery-fallback Expected behavior ("exit" or "proxy") when discovery services fails. "proxy" supports v2 API only. default: "proxy" env variable: ETCD_DISCOVERY_FALLBACK --discovery-proxy HTTP proxy to use for traffic to discovery service. default: none env variable: ETCD_DISCOVERY_PROXY --strict-reconfig-check Reject reconfiguration requests that would cause quorum loss. default: false env variable: ETCD_STRICT_RECONFIG_CHECK --auto-compaction-retention Auto compaction retention for mvcc key value store in hour. 0 means disable auto compaction. default: 0 env variable: ETCD_AUTO_COMPACTION_RETENTION --enable-v2 是否接受V2的API访问 default: true env variable: ETCD_ENABLE_V2 代理 --proxy Proxy mode setting ("off", "readonly" or "on"). default: "off" env variable: ETCD_PROXY --proxy-failure-wait Time (in milliseconds) an endpoint will be held in a failed state before being reconsidered for proxied requests. default: 5000 env variable: ETCD_PROXY_FAILURE_WAIT --proxy-refresh-interval 代理节点刷新时间间隔(毫秒) Time (in milliseconds) of the endpoints refresh interval. default: 30000 env variable: ETCD_PROXY_REFRESH_INTERVAL --proxy-dial-timeout Time (in milliseconds) for a dial to timeout or 0 to disable the timeout default: 1000 env variable: ETCD_PROXY_DIAL_TIMEOUT --proxy-write-timeout Time (in milliseconds) for a write to timeout or 0 to disable the timeout. default: 5000 env variable: ETCD_PROXY_WRITE_TIMEOUT --proxy-read-timeout Time (in milliseconds) for a read to timeout or 0 to disable the timeout. Don't change this value if using watches because use long polling requests. default: 0 env variable: ETCD_PROXY_READ_TIMEOUT 安全 --cert-file Path to the client server TLS cert file. default: none env variable: ETCD_CERT_FILE --key-file Path to the client server TLS key file. default: none env variable: ETCD_KEY_FILE --client-cert-auth Enable client cert authentication. default: false env variable: ETCD_CLIENT_CERT_AUTH --trusted-ca-file Path to the client server TLS trusted CA key file. default: none env variable: ETCD_TRUSTED_CA_FILE --auto-tls Client TLS using generated certificates default: false env variable: ETCD_AUTO_TLS --peer-cert-file Path to the peer server TLS cert file. default: none env variable: ETCD_PEER_CERT_FILE --peer-key-file Path to the peer server TLS key file. default: none env variable: ETCD_PEER_KEY_FILE --peer-client-cert-auth 启用对等客户端证书认证。 default: false env variable: ETCD_PEER_CLIENT_CERT_AUTH --peer-trusted-ca-file Path to the peer server TLS trusted CA file. default: none env variable: ETCD_PEER_TRUSTED_CA_FILE --peer-auto-tls Peer TLS using generated certificates default: false env variable: ETCD_PEER_AUTO_TLS 日志 --debug Drop the default log level to DEBUG for all subpackages. default: false (INFO for all packages) env variable: ETCD_DEBUG --log-package-levels Set individual etcd subpackages to specific log levels. An example being etcdserver=WARNING,security=DEBUG default: none (INFO for all packages) env variable: ETCD_LOG_PACKAGE_LEVELS 不安全配置 --force-new-cluster Force to create a new one-member cluster. It commits configuration changes forcing to remove all existing members in the cluster and add itself. It needs to be set to restore a backup. default: false env variable: ETCD_FORCE_NEW_CLUSTER 其他配置 --version Print the version and exit. default: false --config-file Load server configuration from a file. default: none Profiling flags --enable-pprof Enable runtime profiling data via HTTP server. Address is at client URL + "/debug/pprof/" default: false --metrics Set level of detail for exported metrics, specify 'extensive' to include histogram metrics. default: basic 认证 --auth-token Specify a token type and token specific options, especially for JWT. Its format is "type,var1=val1,var2=val2,…". Possible type is 'simple' or 'jwt'. Possible variables are 'sign-method' for specifying a sign method of jwt (its possible values are 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'PS256', 'PS384', or 'PS512'), 'pub-key' for specifying a path to a public key for verifying jwt, and 'priv-key' for specifying a path to a private key for signing jwt.
最新回复(0)