The gateway supports multiple etcd server endpoints and works on a simple round-robin policy. It only routes to available endpoints and hides failures from its clients. Other retry policies, such as weighted round-robin, may be supported in the future.

Every application that accesses etcd must first have the address of an etcd cluster client endpoint. If multiple applications on the same server access the same etcd cluster, every application still needs to know the advertised client endpoints of the etcd cluster. If the etcd cluster is reconfigured to have different endpoints, every application may also need to update its endpoint list. This wide-scale reconfiguration is both tedious and error prone.

In summary, to automatically propagate cluster endpoint changes, the etcd gateway runs on every machine serving multiple applications accessing the same etcd cluster.

  • Improving performance

The gateway is not designed for improving etcd cluster performance. It does not provide caching, watch coalescing or batching. The etcd team is developing a caching proxy designed for improving cluster scalability.

  • Running on a cluster management system

Consider an etcd cluster with the following static endpoints:

Start the etcd gateway to use these static endpoints with the command:

Start the etcd gateway to fetch the endpoints from the DNS SRV entries with the command:

–endpoints

  • Comma-separated list of etcd server targets for forwarding client connections.
  • Default:
  • Invalid example: (gateway does not terminate TLS)

–discovery-srv

  • DNS domain used to bootstrap cluster endpoints through SRV recrods.

–listen-addr

  • Interface and port to bind for accepting client requests.
  • Default:

–retry-delay

  • Duration of delay before retrying to connect to failed endpoints.
  • Default: 1m0s
  • Invalid example: “123” (expects time unit in format)

–insecure-discovery

  • Accept SRV records that are insecure or susceptible to man-in-the-middle attacks.
  • Default:

–trusted-ca-file

  • Path to the client TLS CA file for the etcd cluster. Used to authenticate endpoints.
  • Default: (not set)