Docker 部署 Consul

▶ 部署 Consul

执行命令

docker run -d --name consul -p 8500:8500 consul

端口说明

https://www.consul.io/docs/install/ports.html

挂载说明

/consul/data：持久化数据存储
/consul/config：配置文件

Consul 配置

https://www.consul.io/docs/agent/options.html

▶ Deploy Single Consul With ACL In Production

1、生成 UUID，用于 Master Token

# Mac OS
$ uuidgen
29F747C5-F4F3-426B-805D-0ABF3109D7CB

2、创建配置文件 consul/config/basic_config.json，示例：

{
    "datacenter": "anoyi",
    "data_dir": "/consul/data",
    "log_level": "INFO",
    "node_name": "config-server",
    "server": true,
    "ui": true,
    "bootstrap_expect": 1,
    "addresses": {
        "https": "0.0.0.0"
    },
    "ports": {
        "http": 8500
    },
    "primary_datacenter": "anoyi",
    "acl": {
        "enabled": true,
        "default_policy": "deny",
        "enable_token_persistence": true,
        "tokens": {
            "master": "29F747C5-F4F3-426B-805D-0ABF3109D7CB",
            "default": "29F747C5-F4F3-426B-805D-0ABF3109D7CB"
        }
    }
}

3、运行 Consul

docker run -it --rm --name consul -v `pwd`/config:/consul/config -p 8500:8500 consul agent

4、创建 Policy

docker exec -it consul \
consul acl policy create -name default-policy \
-rules "node \"config-server\" { policy = \"write\" }" \
-token 29F747C5-F4F3-426B-805D-0ABF3109D7CB

output example:

ID:           1e94edab-c8f1-e805-a7ed-7cfd90b72e11
Name:         default-policy
Description:
Datacenters:
Rules:
node "config-server" { policy = "write" }

5、创建 Agent Access Token

docker exec -it consul \
consul acl token create -description "config-server agent token" \
-policy-name default-policy \
-token 29F747C5-F4F3-426B-805D-0ABF3109D7CB

output example:

AccessorID:       194a55d1-e992-7416-9548-3a81a36335aa
SecretID:         49fe7889-8611-bd52-01b8-d34c8aff6b25
Description:      config-server agent token
Local:            false
Create Time:      2019-05-10 06:33:08.6721898 +0000 UTC
Policies:
   1e94edab-c8f1-e805-a7ed-7cfd90b72e11 - default-policy

此处 SecretID 即为 Agent Token

6、为 Agent 添加 Token

docker exec -it consul \
consul acl set-agent-token \
-token 29F747C5-F4F3-426B-805D-0ABF3109D7CB \
agent 49fe7889-8611-bd52-01b8-d34c8aff6b25

▶ 部署 Consul 集群

待补充。。。

▶ 相关地址

官方镜像：https://hub.docker.com/_/consul
Consul 官网：https://www.consul.io/
Github 地址：https://github.com/hashicorp/consul
安全配置：https://learn.hashicorp.com/consul/security-networking/production-acls

Docker 部署 Consul

▶ 部署 Consul

▶ Deploy Single Consul With ACL In Production

▶ 部署 Consul 集群

▶ 相关地址

你可能感兴趣的:(Docker 部署 Consul)