freelizhun/etcd-manage

By freelizhun

Updated about 3 years ago

A web-based arm64 image for etcd web management

Image

21

说明

该镜像通过项目编译后生成etcd-manage后制作,Dockerfile,为arm64版本,用于etcd的web界面,x86版本请用 shiguanghuxian/etcd-manage:latest镜像。

使用

重点在于镜像内的/app/config/cfg.toml配置文件,以及/etc/etcd/etcdSSL目录下的证书文件,需通过docker run挂载进入容器镜像。其中cfg.toml文件内容如下:

# debug模式
debug = true
# 日志文件路径
log_path = ""

# http 监听端口
[http]
# 监听地址
address = "0.0.0.0"
# 监听端口
port = 10280

# 使用 Let's Encrypt 证书 - tls_enable为true优先使用本地证书模式
tls_encrypt_enable = false
# 域名列表
tls_encrypt_domain_names = ["shiguanghuxian.com"]

# 是否启用tls
tls_enable = false
# tls证书文件
[http.tls_config]
cert_file = "cert_file"
key_file = "key_file"


## 一下每一个server为一个etcd服务 ##
[[server]]
# 显示名称
title = "k8s_ha_etcd_cluster"
# 标识名 - 只能是字母数字或下划线
name = "k8s_ha_etcd_cluster"
# etcd连接地址 如果为集群请填写全部地址
address = ["123.0.1.23:2379","123.0.1.13:2379","123.0.1.12:2379"]
#address = ["123.0.1.23:2379"]
# 查看的key前缀
key_prefix = "/"
# 简述信息
desc = "这是k8s 的高可用etcd集群"
# 可访问服务器角色列表 - 不写则为所有用户可访问
roles = ["admin"]
# 是否启用tls连接
tls_enable = true
# tls证书配置,对应etcd集群的证书配置,对于高可用部署的k8s集群可以通过/etc/etcd.env文件获取,ETCD_CERT_FILE,ETCD_KEY_FILE,ETCD_TRUSTED_CA_FILE文件与下述对应,将其拷贝到/etc/etcd/etcdSSL/即可
[server.tls_config]
cert_file = "/etc/etcd/etcdSSL/etcd.pem"
key_file = "/etc/etcd/etcdSSL/etcd-key.pem"
ca_file = "/etc/etcd/etcdSSL/etcd-root-ca.pem"

#[[server]]
#title = "make docker_run"
#name = "docker_run"
#address = ["etcd:2379"]
#key_prefix = "/"
#desc = "docker方式etcd非集群方式"
#roles = ["admin","dev"]

#[[server]]
#title = "本地etcd"
#name = "local"
#address = ["127.0.0.1:2379"]
#key_prefix = "/"
#desc = "本机环境"
#roles = ["admin","dev"]

## 以下为用户列表 ##
[[user]]
username = "admin"
password = "123456"
role = "admin"

[[user]]
username = "dev_user"
password = "123456"
role = "dev"
运行
ls config/
cfg.toml

cp /etc/ssl/etcd/ssl/ca.pem /etc/etcd/etcdSSL/etcd-root-ca.pem
cp /etc/ssl/etcd/ssl/member-master1.pem /etc/etcd/etcdSSL/etcd.pem
cp /etc/ssl/etcd/ssl/member-master1-key.pem /etc/etcd/etcdSSL/etcd-key.pem

ls /etc/etcd/etcdSSL/
etcd-key.pem  etcd.pem  etcd-root-ca.pem

docker run --name etcd-manage -d -v /home/lz/etcd-manager/config:/app/config -v /home/lz/etcd-manager/logs:/app/logs -v /etc/etcd/etcdSSL:/etc/etcd/etcdSSL -p 10280:10280 freelizhun/etcd-manage:v1

运行单个etcd节点并监控

直接用docker容器运行

docker run -d --name Etcd-server-kylin-shop --restart always --publish 23790:2379  --publish 23800:2380 -v /home/lz/etcd:/var/lib/etcd:rw -e ETCD_DATA_DIR=/var/lib/etcd --env ALLOW_NONE_AUTHENTICATION=yes --env ETCD_ADVERTISE_CLIENT_URLS=http://0.0.0.0:2379 -e ETCD_UNSUPPORTED_ARCH=arm64 -e ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 registryserver:4000/arm64/proxy/quay/coreos/etcd:v3.4.13-arm64

或者用docker-compose

[root@node2 lz]# ls
default.etcd  docker-compose.yml  test

[root@node2 lz]# tree test/
test/
├── config
│   └── cfg.toml
└── logs

2 directories, 1 file

docker-compose.yml如下:

version: '3'

services:
  etcd:
    image: "registryserver:4000/arm64/proxy/quay/coreos/etcd:v3.4.13-arm64"
    container_name: "etcdv3.4.13"
    environment:
      ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379"
      ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
      ETCD_UNSUPPORTED_ARCH: "arm64"
      ETCDCTL_API: "3"
    volumes: 
      - ./default.etcd:/default.etcd
    ports:
    - 2379:2379
    - 2380:2380
    - 4001:4001
  etcd-manage:
    # build: .
    image: "freelizhun/etcd-manage:v1"
    volumes:
      - ./test/config/cfg.toml:/app/config/cfg.toml
      - ./test/logs:/app/logs
    ports:
      - "10280:10280"
    depends_on:
      - etcd

cfg.toml内容如下:

# debug模式
debug = true
# 日志文件路径
log_path = ""

# http 监听端口
[http]
# 监听地址
address = "0.0.0.0"
# 监听端口
port = 10280

# 使用 Let's Encrypt 证书 - tls_enable为true优先使用本地证书模式
tls_encrypt_enable = false
# 域名列表
tls_encrypt_domain_names = ["shiguanghuxian.com"]

# 是否启用tls
tls_enable = false
# tls证书文件
[http.tls_config]
cert_file = "cert_file"
key_file = "key_file"


## 一下每一个server为一个etcd服务 ##
[[server]]
# 显示名称
title = "k8s_single_etcd_cluster"
# 标识名 - 只能是字母数字或下划线
name = "k8s_single_etcd_cluster"
# etcd连接地址 如果为集群请填写全部地址
#address = ["123.0.1.23:2379","123.0.1.13:2379","123.0.1.12:2379"]
address = ["123.0.1.15:2379"]
# 查看的key前缀
key_prefix = "/"
# 简述信息
desc = "这是单节点etcd数据库"
# 可访问服务器角色列表 - 不写则为所有用户可访问
roles = ["admin"]
# 是否启用tls连接
tls_enable = false
# tls证书配置
[server.tls_config]
cert_file = "/etc/etcd/etcdSSL/member-master1.pem"
key_file = "/etc/etcd/etcdSSL/member-master1-key.pem"
ca_file = "/etc/etcd/etcdSSL/ca.pem"

#[[server]]
#title = "make docker_run"
#name = "docker_run"
#address = ["etcd:2379"]
#key_prefix = "/"
#desc = "docker方式etcd非集群方式"
#roles = ["admin","dev"]

#[[server]]
#title = "本地etcd"
#name = "local"
#address = ["127.0.0.1:2379"]
#key_prefix = "/"
#desc = "本机环境"
#roles = ["admin","dev"]

## 以下为用户列表 ##
[[user]]
username = "admin"
password = "123456"
role = "admin"

[[user]]
username = "dev_user"
password = "123456"
role = "dev"

启动:

docker-compose up

Docker Pull Command

docker pull freelizhun/etcd-manage