kelseyhightower · October 2, 2014 18:39
diff --git a/gistfile1.txt b/gistfile1.txt
 [09:21:40]  <claytonc>	kelseyhightower: do you know if anyone has done http proxying of a subset of the etcd keyspace for clients?  I.e. something like `goetcd.NewClient("<host>/path/prefix"); client.Get("/foo/bar")` makes a call to <host>/path/prefix/v2/keys/<someotherprefix>/foo/bar
 [09:22:07]  <claytonc>	use case is to proxy only a subset of the keyspace (for tenants) as well as to host that at a non root url
 [09:22:51]  <kelseyhightower>	claytonc No. I see why you would want to do this, but the main use case I've seen for etcd is single tenant setups
 [09:23:21] 	rmdashfstar (d81ff0e3@gateway/web/freenode/ip.216.31.240.227) left IRC. (Quit: Page closed)
 [09:23:30]  <claytonc>	kelseyhightower: are there any gotchas besides client URL generation and then ensuring the responses are somewhat sane?   first problem I could imagine would be that the paths in responses would be wrong
 [09:23:40]  <kelseyhightower>	claytonc my little confd tools does something like this using a prefix, but it's only to generate a template file for service such as nginx that don't talk to etcd
 [09:24:12]  <kelseyhightower>	claytonc Depends on what the client is expecting as a result
 [09:24:21] 	[kubot] (~kubot]@192.30.252.38) joined the channel.
 [09:24:22]  <[kubot]>	[kubernetes] thockin pushed 2 new commits to master: http://git.io/zBJ2gA
 [09:24:22]  <[kubot]>	kubernetes/master 707e6ac Eric Paris: To support Macs which have a 5 year old bash, don't use associative arrays
 [09:24:22]  <[kubot]>	kubernetes/master 9caecc6 Tim Hockin: Merge pull request #1539 from eparis/bash_completions_mac...
 [09:24:22] 	[kubot] (~kubot]@192.30.252.38) left the channel.
 [09:24:35]  <kelseyhightower>	claytonc Key/Value? or a vanity url
 [09:24:48] 	jkingyens ([email protected]) joined the channel.
 [09:25:11] 	briangrant ([email protected]) joined the channel.
 [09:25:30]  <kelseyhightower>	claytonc Also, will you support read/write in that setup?
 [09:25:43] 	calavera ([email protected]) left IRC. (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
 [09:26:08]  <claytonc>	kelseyhightower: the thought was to both offer short term authn/z support as well as to subdivide a singel server into lots of little etcds
 [09:26:28] 	calavera ([email protected]) joined the channel.
 [09:26:35]  <claytonc>	for use cases where you want to have a multi-tenant deployment at scale and not force people to run 3 etcds each on stable storage
 [09:26:52]  <claytonc>	so ideally it would behave *exactly* like a standalone from the client's perspective
 [09:27:30] 	csanchez ([email protected]) left IRC.
 [09:28:39]  <kelseyhightower>	claytonc It should work just fine as long as all calls go through the proxy. The proxy will need a lot of logic to send back a valid etcd response including all the nodes if the client wants to walk them recursively
 [09:29:25] 	briangrant1 ([email protected]) joined the channel.
 [09:29:25] 	briangrant ([email protected]) left IRC. (Read error: Connection reset by peer)
 [09:29:57] 	briangrant ([email protected]) joined the channel.
 [09:29:57] 	briangrant1 ([email protected]) left IRC. (Read error: Connection reset by peer)
 [09:30:08]  <kelseyhightower>	claytonc While you won't have to implament all the raft stuff, you'll still need some complex logic to handle writes
 [09:32:00]  <kelseyhightower>	claytonc But seems like just a simple matter of fixes up the path in responses from etcd
 [09:32:20]  <kelseyhightower>	to strip the prefix used for multi-tenant stuff
	[09:21:40] <claytonc> kelseyhightower: do you know if anyone has done http proxying of a subset of the etcd keyspace for clients? I.e. something like `goetcd.NewClient("<host>/path/prefix"); client.Get("/foo/bar")` makes a call to <host>/path/prefix/v2/keys/<someotherprefix>/foo/bar
	[09:22:07] <claytonc> use case is to proxy only a subset of the keyspace (for tenants) as well as to host that at a non root url
	[09:22:51] <kelseyhightower> claytonc No. I see why you would want to do this, but the main use case I've seen for etcd is single tenant setups
	[09:23:21] rmdashfstar (d81ff0e3@gateway/web/freenode/ip.216.31.240.227) left IRC. (Quit: Page closed)
	[09:23:30] <claytonc> kelseyhightower: are there any gotchas besides client URL generation and then ensuring the responses are somewhat sane? first problem I could imagine would be that the paths in responses would be wrong
	[09:23:40] <kelseyhightower> claytonc my little confd tools does something like this using a prefix, but it's only to generate a template file for service such as nginx that don't talk to etcd
	[09:24:12] <kelseyhightower> claytonc Depends on what the client is expecting as a result
	[09:24:21] [kubot] (~kubot]@192.30.252.38) joined the channel.
	[09:24:22] <[kubot]> [kubernetes] thockin pushed 2 new commits to master: http://git.io/zBJ2gA
	[09:24:22] <[kubot]> kubernetes/master 707e6ac Eric Paris: To support Macs which have a 5 year old bash, don't use associative arrays
	[09:24:22] <[kubot]> kubernetes/master 9caecc6 Tim Hockin: Merge pull request #1539 from eparis/bash_completions_mac...
	[09:24:22] [kubot] (~kubot]@192.30.252.38) left the channel.
	[09:24:35] <kelseyhightower> claytonc Key/Value? or a vanity url
	[09:24:48] jkingyens ([email protected]) joined the channel.
	[09:25:11] briangrant ([email protected]) joined the channel.
	[09:25:30] <kelseyhightower> claytonc Also, will you support read/write in that setup?
	[09:25:43] calavera ([email protected]) left IRC. (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
	[09:26:08] <claytonc> kelseyhightower: the thought was to both offer short term authn/z support as well as to subdivide a singel server into lots of little etcds
	[09:26:28] calavera ([email protected]) joined the channel.
	[09:26:35] <claytonc> for use cases where you want to have a multi-tenant deployment at scale and not force people to run 3 etcds each on stable storage
	[09:26:52] <claytonc> so ideally it would behave exactly like a standalone from the client's perspective
	[09:27:30] csanchez ([email protected]) left IRC.
	[09:28:39] <kelseyhightower> claytonc It should work just fine as long as all calls go through the proxy. The proxy will need a lot of logic to send back a valid etcd response including all the nodes if the client wants to walk them recursively
	[09:29:25] briangrant1 ([email protected]) joined the channel.
	[09:29:25] briangrant ([email protected]) left IRC. (Read error: Connection reset by peer)
	[09:29:57] briangrant ([email protected]) joined the channel.
	[09:29:57] briangrant1 ([email protected]) left IRC. (Read error: Connection reset by peer)
	[09:30:08] <kelseyhightower> claytonc While you won't have to implament all the raft stuff, you'll still need some complex logic to handle writes
	[09:32:00] <kelseyhightower> claytonc But seems like just a simple matter of fixes up the path in responses from etcd
	[09:32:20] <kelseyhightower> to strip the prefix used for multi-tenant stuff