Service registry bridge for Docker
Registrator automatically register/deregisters services for Docker containers based on published ports and metadata from the container environment. Registrator supports pluggable service registries, which currently includes Consul, etcd and SkyDNS 2.
By default, it can register services without any user-defined metadata. This means it works with any container, but allows the container author or Docker operator to override/customize the service definitions.
Registrator assumes the default Docker socket at file:///var/run/docker.sock
or you can override it with DOCKER_HOST
. The only mandatory argument is a registry URI, which specifies and configures the registry backend to use.
$ registrator <registry-uri>
By default, when registering a service, registrator will assign the service address by attempting to resolve the current hostname. If you would like to force the service address to be a specific address, you can specify the -ip
argument.
If the argument -internal
is passed, registrator will register the docker0 internal ip and port instead of the host mapped ones. (etcd only for now)
The consul backend does not support automatic expiry of stale registrations after some TTL. Instead, TTL checks must be configured (see below). For backends that do support TTL expiry, registrator can be started with the -ttl
and -ttl-refresh
arguments (both disabled by default).
Registrator was designed to just be run as a container. You must pass the Docker socket file as a mount to /tmp/docker.sock
, and it's a good idea to set the hostname to the machine host:
$ docker run -d \
-v /var/run/docker.sock:/tmp/docker.sock \
-h $HOSTNAME progrium/registrator <registry-uri>
The registry backend to use is defined by a URI. The scheme is the supported registry name, and an address. Registries based on key-value stores like etcd and Zookeeper (not yet supported) can specify a key path to use to prefix service definitions. Registries may also use query params for other options. See also Adding support for other service registries.
To use the Consul service catalog, specify a Consul URI without a path. If no host is provided, 127.0.0.1:8500
is used. Examples:
$ registrator consul://10.0.0.1:8500
$ registrator consul:
This backend comes with support for specifying service health checks. See backend specific features.
The Consul backend also lets you just use the key-value store. This mode is enabled by specifying a path. Consul key-value support does not currently use service attributes/tags. Example URIs:
$ registrator consul:///path/to/services
$ registrator consul://192.168.1.100/services
Service definitions are stored as:
<registry-uri-path>/<service-name>/<service-id> = <ip>:<port>
Etcd support works similar to Consul key-value. It also currently doesn't support service attributes/tags. If no host is provided, 127.0.0.1:4001
is used. Example URIs:
$ registrator etcd:///path/to/services
$ registrator etcd://192.168.1.100:4001/services
Service definitions are stored as:
<registry-uri-path>/<service-name>/<service-id> = <ip>:<port>
SkyDNS 2 support uses an etcd key-value store, writing service definitions in a format compatible with SkyDNS 2. The URI provides an etcd host and a DNS domain name. If no host is provided, 127.0.0.1:4001
is used. The DNS domain name may not be omitted. Example URIs:
$ registrator skydns2:///skydns.local
$ registrator skydns2://192.168.1.100:4001/staging.skydns.local
Using the second example, a service definition for a container with service-name
"redis" and service-id
"redis-1" would be stored in the etcd service at 192.168.1.100:4001 as follows:
/skydns/local/skydns/staging/<service-name>/<service-id> = {"host":"<ip>","port":<port>}
Note that the default service-id
includes more than the container name (see below). For legal per-container DNS hostnames, specify the SERVICE_ID
in the environment of the container, e.g.:
docker run -d --name redis-1 -e SERVICE_ID=redis-1 -p 6379:6379 redis
Services are registered and deregistered based on container start and die events from Docker. The service definitions are created with information from the container, including user-defined metadata in the container environment.
For each published port of a container, a Service
object is created and passed to the ServiceRegistry
to register. A Service
object looks like this with defaults explained in the comments:
type Service struct {
ID string // <hostname>:<container-name>:<internal-port>[:udp if udp]
Name string // <basename(container-image)>[-<internal-port> if >1 published ports]
Port int // <host-port>
IP string // <host-ip> || <resolve(hostname)> if 0.0.0.0
Tags []string // empty, or includes 'udp' if udp
Attrs map[string]string // any remaining service metadata from environment
}
Most of these (except IP
and Port
) can be overridden by container environment metadata variables prefixed with SERVICE_
or SERVICE_<internal-port>_
. You use a port in the key name to refer to a particular port's service. Metadata variables without a port in the name are used as the default for all services or can be used to conveniently refer to the single exposed service.
Additional supported metadata in the same format SERVICE_<metadata>
.
IGNORE: Any value for ignore tells registrator to ignore this entire container and all associated ports.
Since metadata is stored as environment variables, the container author can include their own metadata defined in the Dockerfile. The operator will still be able to override these author-defined defaults.
$ docker run -d --name redis.0 -p 10000:6379 dockerfile/redis
Results in Service
:
{
"ID": "hostname:redis.0:6379",
"Name": "redis",
"Port": 10000,
"IP": "192.168.1.102",
"Tags": [],
"Attrs": {}
}
$ docker run -d --name redis.0 -p 10000:6379 \
-e "SERVICE_NAME=db" \
-e "SERVICE_TAGS=master,backups" \
-e "SERVICE_REGION=us2" dockerfile/redis
Results in Service
:
{
"ID": "hostname:redis.0:6379",
"Name": "db",
"Port": 10000,
"IP": "192.168.1.102",
"Tags": ["master", "backups"],
"Attrs": {"region": "us2"}
}
Keep in mind not all of the Service
object may be used by the registry backend. For example, currently none of them support registering arbitrary attributes. This field is there for future use.
$ docker run -d --name nginx.0 -p 4443:443 -p 8000:80 progrium/nginx
Results in two Service
objects:
[
{
"ID": "hostname:nginx.0:443",
"Name": "nginx-443",
"Port": 4443,
"IP": "192.168.1.102",
"Tags": [],
"Attrs": {},
},
{
"ID": "hostname:nginx.0:80",
"Name": "nginx-80",
"Port": 8000,
"IP": "192.168.1.102",
"Tags": [],
"Attrs": {}
}
]
$ docker run -d --name nginx.0 -p 4443:443 -p 8000:80 \
-e "SERVICE_443_NAME=https" \
-e "SERVICE_443_ID=https.12345" \
-e "SERVICE_443_SNI=enabled" \
-e "SERVICE_80_NAME=http" \
-e "SERVICE_TAGS=www" progrium/nginx
Results in two Service
objects:
[
{
"ID": "https.12345",
"Name": "https",
"Port": 4443,
"IP": "192.168.1.102",
"Tags": ["www"],
"Attrs": {"sni": "enabled"},
},
{
"ID": "hostname:nginx.0:80",
"Name": "http",
"Port": 8000,
"IP": "192.168.1.102",
"Tags": ["www"],
"Attrs": {}
}
]
As you can see by either the Consul or etcd source files, writing a new registry backend is easy. Just follow the example set by those two. It boils down to writing an object that implements this interface:
type ServiceRegistry interface {
Register(service *Service) error
Deregister(service *Service) error
Refresh(service *Service) error
}
Then add your constructor (for example NewZookeeperRegistry
) to the factory function NewServiceRegistry
in registrator.go
.
When using the Consul's service catalog backend, you can specify a health check associated with a service. Registrator can pull this from your container environment data if provided. Here are some examples:
This feature is only available when using the check-http
script that comes with the progrium/consul container for Consul.
SERVICE_80_CHECK_HTTP=/health/endpoint/path
SERVICE_80_CHECK_INTERVAL=15s
It works for an HTTP service on any port, not just 80. If its the only service, you can also use SERVICE_CHECK_HTTP
.
This feature is only available when using the check-cmd
script that comes with the progrium/consul container for Consul.
SERVICE_9000_CHECK_CMD=/path/to/check/script
This runs the command using this service's container image as a separate container attached to the service's network namespace.
SERVICE_CHECK_SCRIPT=curl --silent --fail example.com
The default interval for any non-TTL check is 10s, but you can set it with _CHECK_INTERVAL
.
SERVICE_CHECK_TTL=30s
Remember, this means Consul will be expecting a heartbeat ping within that 30 seconds to keep the service marked as healthy.
- Zookeeper backend
- discoverd backend
- Netflix Eureka backend
- etc...
This project was made possible by DigitalOcean. Big thanks to Michael Crosby for skydock and the Consul mailing list for inspiration.
BSD