etcd 3 Distributed Key-Value Store Ubuntu 24.04

etcd 3 on Ubuntu 24.04 by cloudimg

etcd is the CNCF-graduated, strongly consistent, distributed key-value store that powers Kubernetes, CoreOS, OpenStack, Rook, and most modern cloud-native control planes. Built around the Raft consensus algorithm, etcd guarantees that every write is durably committed to a quorum of replicas before acknowledgement, making it the canonical choice for the parts of distributed systems that absolutely cannot lose data — service discovery, leader election, distributed locking, feature flags, and shared application configuration.

The cloudimg image installs etcd 3.6.11 OSS (Apache 2.0) directly from the official etcd-io GitHub release tarball — Ubuntu noble main only ships etcd-server 3.4.x which is too old to be useful. The `etcd` and `etcdctl` binaries are placed in /usr/local/bin so they are on every customer's PATH out of the box. The cloudimg image runs in single-node mode by design (one etcd process, one Raft leader, one VM); customers who want a 3-node or 5-node Raft cluster can join additional cloudimg etcd VMs as peers using the steps documented in the user guide.

Why Choose cloudimg?

• 24/7 Expert Support with guaranteed 24 hour response. support@cloudimg.co.uk
• Production Ready from Launch Pre-configured, security-patched, validated
• Azure Native Integration Azure Linux Agent, cloud-init, Gen2 Hyper-V, TrustedLaunch
• RBAC enabled at first boot every customer VM rotates a unique root password and a unique cloudimg user password, then runs `etcdctl auth enable` before the validate stage exits. No two VMs ever share an etcd password, and port 2379 is never an unauthenticated remote key-value store.
• Peer port stays loopback --listen-peer-urls is hard-coded to http://127.0.0.1:2380. Single-node deployments never need peer traffic on the network and exposing 2380 to the internet is a CVE-class mistake.
• Bundled etcdkeeper web UI every cloudimg etcd VM ships with the open-source etcdkeeper browser UI (evildecay/etcdkeeper, MIT) sitting behind nginx HTTP basic-auth on port 80. Customers point a browser at http://<vm-ip>/, log in as cloudimg with the per-VM ETCD_PASSWORD, and get a live tree view of every key, watch channel, and lease without ever installing etcdctl locally.

What is Included

• etcd 3.6.11 OSS from the official etcd-io GitHub release (Apache 2.0, CNCF graduated)
• etcd and etcdctl binaries at /usr/local/bin (on PATH for every user)
• etcd.service systemd unit running as the etcd system user with EnvironmentFile=/etc/etcd/etcd.conf
• etcd-firstboot.service oneshot resolving Azure IMDS for advertise URL + rotating per-VM passwords
• etcd-postboot.service oneshot enabling RBAC, creating the cloudimg user/role, and self-disabling
• etcdkeeper.service running the etcdkeeper web UI on 127.0.0.1:8080 (-auth flag enabled)
• nginx.service reverse-proxy on :80 with HTTP basic-auth (auth_basic_user_file /etc/nginx/etcdkeeper.htpasswd) — htpasswd is regenerated at firstboot from ETCD_PASSWORD so the customer logs in as cloudimg / <ETCD_PASSWORD>
• /var/lib/etcd as the data directory (mnesia-equivalent for etcd)
• Pre-wired cloudimg user with the cloudimg-rw role granting readwrite on the / prefix — customers `etcdctl --user=cloudimg:$ETCD_PASSWORD put /key value` from launch
• /health endpoint anonymous on /health (Kubernetes liveness/readiness probe surface) — every authenticated KV op needs --user
• Ubuntu 24.04 LTS base with latest security patches applied at build time
• 24/7 cloudimg support with guaranteed 24 hour response SLA

Use Cases

• Service discovery — every service registers its host:port on a known prefix and watches for changes
• Distributed configuration — applications watch /config/<env>/* and hot-reload on writes (no restart)
• Leader election — the canonical Raft-backed primitive for picking one active replica out of N
• Feature flags — a centralised flag store with watch semantics for instant fan-out to every consumer
• Distributed locks — short-lived leases on a key act as fencing tokens for critical sections
• Kubernetes control-plane backing store — the canonical etcd use case (cloudimg is the right choice for self-hosted K8s, kops clusters, kubeadm bootstraps, and air-gapped K8s)
• Shared coordination state for CoreOS, OpenStack, Rook, Calico, Cilium, and other cloud-native control planes

Support

cloudimg provides 24/7/365 expert technical support. Contact support@cloudimg.co.uk or visit www.cloudimg.co.uk for documentation and deployment guides.