From 81c9f7850297d16aeea389f90755c7d1d116fc70 Mon Sep 17 00:00:00 2001 From: Tavish Armstrong Date: Wed, 24 Jan 2018 22:30:23 +0000 Subject: [PATCH] Documentation: document the -discovery-srv-name flag for configuring service name in DNS discovery. --- Documentation/op-guide/clustering.md | 7 +++++++ Documentation/op-guide/configuration.md | 5 +++++ Documentation/v2/clustering.md | 7 +++++++ Documentation/v2/configuration.md | 5 +++++ 4 files changed, 24 insertions(+) diff --git a/Documentation/op-guide/clustering.md b/Documentation/op-guide/clustering.md index 2e205beef11..eccc2e43a36 100644 --- a/Documentation/op-guide/clustering.md +++ b/Documentation/op-guide/clustering.md @@ -359,6 +359,13 @@ If `_etcd-client-ssl._tcp.example.com` is found, clients will attempt to communi If etcd is using TLS without a custom certificate authority, the discovery domain (e.g., example.com) must match the SRV record domain (e.g., infra1.example.com). This is to mitigate attacks that forge SRV records to point to a different domain; the domain would have a valid certificate under PKI but be controlled by an unknown third party. +The `-discovery-srv-name` flag additionally configures a suffix to the SRV name that is queried during discovery. +Use this flag to differentiate between multiple etcd clusters under the same domain. +For example, if `discovery-srv=example.com` and `-discovery-srv-name=foo` are set, the following DNS SRV queries are made: + +* _etcd-server-ssl-foo._tcp.example.com +* _etcd-server-foo._tcp.example.com + #### Create DNS SRV records ``` diff --git a/Documentation/op-guide/configuration.md b/Documentation/op-guide/configuration.md index ef91845f24a..7745bf49006 100644 --- a/Documentation/op-guide/configuration.md +++ b/Documentation/op-guide/configuration.md @@ -155,6 +155,11 @@ To start etcd automatically using custom settings at startup in Linux, using a [ + default: "" + env variable: ETCD_DISCOVERY_SRV +### --discovery-srv-name ++ Suffix to the DNS srv name queried when bootstrapping using DNS. ++ default: "" ++ env variable: ETCD_DISCOVERY_SRV_NAME + ### --discovery-fallback + Expected behavior ("exit" or "proxy") when discovery services fails. "proxy" supports v2 API only. + default: "proxy" diff --git a/Documentation/v2/clustering.md b/Documentation/v2/clustering.md index f9c3e08f73d..4e33de80f5a 100644 --- a/Documentation/v2/clustering.md +++ b/Documentation/v2/clustering.md @@ -292,6 +292,13 @@ To help clients discover the etcd cluster, the following DNS SRV records are loo If `_etcd-client-ssl._tcp.example.com` is found, clients will attempt to communicate with the etcd cluster over SSL. +The `-discovery-srv-name` flag additionally configures a suffix to the SRV name that is queried during discovery. +Use this flag to differentiate between multiple etcd clusters under the same domain. +For example, if `discovery-srv=example.com` and `-discovery-srv-name=foo` are set, the following DNS SRV queries are made: + +* _etcd-server-ssl-foo._tcp.example.com +* _etcd-server-foo._tcp.example.com + #### Create DNS SRV records ``` diff --git a/Documentation/v2/configuration.md b/Documentation/v2/configuration.md index 655fced2bb0..c6381acb254 100644 --- a/Documentation/v2/configuration.md +++ b/Documentation/v2/configuration.md @@ -127,6 +127,11 @@ To start etcd automatically using custom settings at startup in Linux, using a [ + default: none + env variable: ETCD_DISCOVERY_SRV +### --discovery-srv-name ++ Suffix to the DNS srv name queried when bootstrapping using DNS. ++ default: none ++ env variable: ETCD_DISCOVERY_SRV_NAME + ### --discovery-fallback + Expected behavior ("exit" or "proxy") when discovery services fails. + default: "proxy"