docker 单容器启动
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
docker run \
-p 2379:2379 \
-p 2380:2380 \
--name etcd-gcr-v3.4.0 \
quay.io/coreos/etcd:v3.4.0 \
/usr/local/bin/etcd \
--name etcd-node-1 \
--data-dir /etcd-data \
--listen-client-urls http://0.0.0.0:2379 \
--advertise-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://0.0.0.0:2380 \
--initial-cluster etcd-node-1=http://0.0.0.0:2380 \
--initial-cluster-token tkn \
--initial-cluster-state new \
--log-level info \
--logger zap \
--log-outputs stderr
创建用户
1
2
3
4
5
6
7
8
9
10
11
# 创建root用户
etcdctl user add root

# 创建admin用户
etcdctl user add admin

# 创建reader用户
etcdctl user add reader

# 查询用户列表
etcdctl --endpoints=http://127.0.0.1:2379 --user=root:123456 user list
权限操作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 开启etcd权限认证
etcdctl auth enable

# 添加角色
etcdctl --endpoints http://127.0.0.1:2379 --user=root:123456 role add normal
etcdctl --endpoints http://127.0.0.1:2379 --user=root:123456 role add admin

# 用户绑定
etcdctl --endpoints http://127.0.0.1:2379 --user=root:123456 user grant-role reader normal
etcdctl --endpoints http://127.0.0.1:2379 --user=root:123456 user grant-role admin admin

# 角色授权
etcdctl --endpoints http://127.0.0.1:2379 --user=root:123456 role grant-permission normal read /config --prefix=true
etcdctl --endpoints http://127.0.0.1:2379 --user=root:123456 role grant-permission admin readwrite /config --prefix=true