Previous change logs can be found at CHANGELOG-3.2.
The minimum recommended etcd versions to run in production are 3.2.28+, 3.3.18+, and 3.4.2+.
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Add
etcd_cluster_version
Prometheus metric. - Add
etcd_debugging_mvcc_total_put_size_in_bytes
Prometheus metric.
- Fix
wait purge file loop during shutdown
.- Previously, during shutdown etcd could accidentally remove needed wal files, resulting in catastrophic error
etcdserver: open wal error: wal: file not found.
during startup. - Now, etcd makes sure the purge file loop exits before server signals stop of the raft node.
- Previously, during shutdown etcd could accidentally remove needed wal files, resulting in catastrophic error
v3.3.17 (2019-10-11)
See code changes and v3.3 upgrade guide for any breaking changes.
This release replaces 3.3.16.
Due to the etcd 3.3.16 release being incorrectly released (see details below), please use this release instead.
v3.3.16 (2019-10-10)
WARNING: This is a bad release! Please use etcd 3.3.17 instead. See etcd-io#11241 for details.
- go mod for 'v3.3.16' may return a different hash if retrieved from a go mod proxy than if retrieved directly from github. Depending on this version is unsafe. See etcd-io#11241 for details.
- The binaries and docker image for this release have been published and will be left as-is, but will not be signed since this is a bad release.
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Add
etcd --experimental-peer-skip-client-san-verification
to skip verification of peer client address.
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Add
etcd_debugging_mvcc_current_revision
Prometheus metric. - Add
etcd_debugging_mvcc_compact_revision
Prometheus metric.
- Upgrade
github.com/coreos/bbolt
fromv1.3.1-coreos.6
tov1.3.3
.
- Fix
etcdctl member add
command to prevent potential timeout.
v3.3.15 (2019-08-19)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
NOTE: This patch release had to include some new features from 3.4, while trying to minimize the difference between client balancer implementation. This release fixes "kube-apiserver 1.13.x refuses to work when first etcd-server is not available" (kubernetes#72102).
- Revert "Migrate dependency management tool from
glide
to Go module".- Now, etcd >= v3.3.15 uses
glide
for dependency management. - See kubernetes#81434 for more contexts.
- Now, etcd >= v3.3.15 uses
v3.3.14 (2019-08-16)
See code changes and v3.3 upgrade guide for any breaking changes.
- v3.3.14-rc.0 (2019-08-15), see code changes.
- v3.3.14-beta.0 (2019-08-14), see code changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
NOTE: This patch release had to include some new features from 3.4, while trying to minimize the difference between client balancer implementation. This release fixes "kube-apiserver 1.13.x refuses to work when first etcd-server is not available" (kubernetes#72102).
- Rewrite client balancer with new gRPC balancer interface.
- Upgrade gRPC to v1.23.0.
- Improve client balancer failover against secure endpoints.
- The new client balancer uses an asynchronous resolver to pass endpoints to the gRPC dial function. to block until the underlying connection is up, pass
grpc.WithBlock()
toclientv3.Config.DialOptions
.
- Require Go 1.12+.
- Compile with Go 1.12.9 including Go 1.12.8 security fixes.
- Migrate dependency management tool from
glide
to Go module.- <= 3.3 puts
vendor
directory undercmd/vendor
directory to prevent conflicting transitive dependencies. - 3.4 moves
cmd/vendor
directory tovendor
at repository root. - Remove recursive symlinks in
cmd
directory. - Now
go get/install/build
onetcd
packages (e.g.clientv3
,tools/benchmark
) enforce builds with etcdvendor
directory.
- <= 3.3 puts
- Deprecated
latest
release container tag.docker pull gcr.io/etcd-development/etcd:latest
would not be up-to-date.
- Deprecated minor version release container tags.
docker pull gcr.io/etcd-development/etcd:v3.3
would still work but may be stale.docker pull gcr.io/etcd-development/etcd:v3.4
would not work.- Use
docker pull gcr.io/etcd-development/etcd:v3.3.14
instead, with the exact patch version.
- Deprecated ACIs from official release.
- AppC was officially suspended, as of late 2016.
acbuild
is not maintained anymore.*.aci
files are not available fromv3.4
release.
- Add
rpctypes.ErrLeaderChanged
.- Now linearizable requests with read index would fail fast when there is a leadership change, instead of waiting until context timeout.
- Fix race condition in
rafthttp
transport pause/resume.
- Add
watch_id
field toetcdserverpb.WatchCreateRequest
to allow user-provided watch ID tomvcc
.- Corresponding
watch_id
is returned viaetcdserverpb.WatchResponse
, if any.
- Corresponding
- Add
fragment
field toetcdserverpb.WatchCreateRequest
to request etcd server to split watch events when the total size of events exceedsetcd --max-request-bytes
flag value plus gRPC-overhead 512 bytes.- The default server-side request bytes limit is
embed.DefaultMaxRequestBytes
which is 1.5 MiB plus gRPC-overhead 512 bytes. - If watch response events exceed this server-side request limit and watch request is created with
fragment
fieldtrue
, the server will split watch events into a set of chunks, each of which is a subset of watch events below server-side request limit. - Useful when client-side has limited bandwidths.
- For example, watch response contains 10 events, where each event is 1 MiB. And server
etcd --max-request-bytes
flag value is 1 MiB. Then, server will send 10 separate fragmented events to the client. - For example, watch response contains 5 events, where each event is 2 MiB. And server
etcd --max-request-bytes
flag value is 1 MiB andclientv3.Config.MaxCallRecvMsgSize
is 1 MiB. Then, server will try to send 5 separate fragmented events to the client, and the client will error with"code = ResourceExhausted desc = grpc: received message larger than max (...)"
. - Client must implement fragmented watch event merge (which
clientv3
does in etcd v3.4).
- The default server-side request bytes limit is
- Add
WatchRequest.WatchProgressRequest
.- To manually trigger broadcasting watch progress event (empty watch response with latest header) to all associated watch streams.
- Think of it as
WithProgressNotify
that can be triggered manually.
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Add
etcd_network_snapshot_send_inflights_total
Prometheus metric. - Add
etcd_network_snapshot_receive_inflights_total
Prometheus metric. - Add
etcd_server_snapshot_apply_in_progress_total
Prometheus metric.
- Fix gRPC panic "send on closed channel by upgrading
google.golang.org/grpc
fromv1.7.5
tov1.23.0
. - Rewrite client balancer with new gRPC balancer interface.
- Upgrade gRPC to v1.23.0.
- Improve client balancer failover against secure endpoints.
- The new client balancer uses an asynchronous resolver to pass endpoints to the gRPC dial function. to block until the underlying connection is up, pass
grpc.WithBlock()
toclientv3.Config.DialOptions
.
- Add
etcdctl endpoint health --write-out
support.- Previously,
etcdctl endpoint health --write-out json
did not work. - The command output is changed. Previously, if endpoint is unreachable, the command output is "<endpoint> is unhealthy: failed to connect: <error message>". This change unified the error message, all error types now have the same output "<endpoint> is unhealthy: failed to commit proposal: <error message>".
- Previously,
- Add missing newline in
etcdctl endpoint health
.
- Change
pkg/adt.IntervalTree
fromstruct
tointerface
.- See
pkg/adt
README andpkg/adt
godoc.
- See
- Improve
pkg/adt.IntervalTree
test coverage.- See
pkg/adt
README andpkg/adt
godoc.
- See
- Fix Red-Black tree to maintain black-height property.
- Previously, delete operation violates black-height property.
v3.3.13 (2019-05-02)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Improve heartbeat send failure logging.
- Add
Verify
function to perform corruption check on WAL contents.
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Migrate
github.com/ugorji/go/codec
github.com/json-iterator/go
(See #10667 for more). - Migrate
github.com/ghodss/yaml
tosigs.k8s.io/yaml
(See #10718 for more).
- Compile with Go 1.10.8.
v3.3.12 (2019-02-07)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Compile with Go 1.10.8.
v3.3.11 (2019-01-11)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Disable CommonName authentication for gRPC-gateway gRPC-gateway proxy requests to etcd server use the etcd client server TLS certificate. If that certificate contains CommonName we do not want to use that for authentication as it could lead to permission escalation.
- Compile with Go 1.10.7.
v3.3.10 (2018-10-10)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Improve "became inactive" warning log, which indicates message send to a peer failed.
- Improve read index wait timeout warning log, which indicates that local node might have slow network.
- Add gRPC interceptor for debugging logs; enable
etcd --debug
flag to see per-request debug information. - Add consistency check in snapshot status. If consistency check on snapshot file fails,
snapshot status
returns"snapshot file integrity check failed..."
error.
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Improve
etcd_network_peer_round_trip_time_seconds
Prometheus metric to track leader heartbeats.- Previously, it only samples the TCP connection for snapshot messages.
- Add
etcd_snap_db_fsync_duration_seconds_count
Prometheus metric. - Add
etcd_snap_db_save_total_duration_seconds_bucket
Prometheus metric. - Add
etcd_network_snapshot_send_success
Prometheus metric. - Add
etcd_network_snapshot_send_failures
Prometheus metric. - Add
etcd_network_snapshot_send_total_duration_seconds
Prometheus metric. - Add
etcd_network_snapshot_receive_success
Prometheus metric. - Add
etcd_network_snapshot_receive_failures
Prometheus metric. - Add
etcd_network_snapshot_receive_total_duration_seconds
Prometheus metric. - Add
etcd_server_id
Prometheus metric. - Add
etcd_server_health_success
Prometheus metric. - Add
etcd_server_health_failures
Prometheus metric. - Add
etcd_server_read_indexes_failed_total
Prometheus metric.
- Fix logic on release lock key if cancelled in
clientv3/concurrency
package.
- Compile with Go 1.10.4.
v3.3.9 (2018-07-24)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Compile with Go 1.10.3 to support crypto/x509 "Name Constraints".
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Add
etcd_server_go_version
Prometheus metric. - Add
etcd_server_heartbeat_send_failures_total
Prometheus metric. - Add
etcd_server_slow_apply_total
Prometheus metric. - Add
etcd_disk_backend_defrag_duration_seconds
Prometheus metric. - Add
etcd_mvcc_hash_duration_seconds
Prometheus metric. - Add
etcd_mvcc_hash_rev_duration_seconds
Prometheus metric. - Add
etcd_server_slow_read_indexes_total
Prometheus metric. - Add
etcd_server_quota_backend_bytes
Prometheus metric.- Use it with
etcd_mvcc_db_total_size_in_bytes
andetcd_mvcc_db_total_size_in_use_in_bytes
. etcd_server_quota_backend_bytes 2.147483648e+09
means current quota size is 2 GB.etcd_mvcc_db_total_size_in_bytes 20480
means current physically allocated DB size is 20 KB.etcd_mvcc_db_total_size_in_use_in_bytes 16384
means future DB size if defragment operation is complete.etcd_mvcc_db_total_size_in_bytes - etcd_mvcc_db_total_size_in_use_in_bytes
is the number of bytes that can be saved on disk with defragment operation.
- Use it with
- Add
etcd_mvcc_db_total_size_in_bytes
Prometheus metric.- In addition to
etcd_debugging_mvcc_db_total_size_in_bytes
.
- In addition to
- Add
etcd_mvcc_db_total_size_in_use_in_bytes
Prometheus metric.- Use it with
etcd_mvcc_db_total_size_in_bytes
andetcd_mvcc_db_total_size_in_use_in_bytes
. etcd_server_quota_backend_bytes 2.147483648e+09
means current quota size is 2 GB.etcd_mvcc_db_total_size_in_bytes 20480
means current physically allocated DB size is 20 KB.etcd_mvcc_db_total_size_in_use_in_bytes 16384
means future DB size if defragment operation is complete.etcd_mvcc_db_total_size_in_bytes - etcd_mvcc_db_total_size_in_use_in_bytes
is the number of bytes that can be saved on disk with defragment operation.
- Use it with
- Fix lease keepalive interval updates when response queue is full.
- If
<-chan *clientv3LeaseKeepAliveResponse
fromclientv3.Lease.KeepAlive
was never consumed or channel is full, client was sending keepalive request every 500ms instead of expected rate of every "TTL / 3" duration.
- If
- Compile with Go 1.10.3.
v3.3.8 (2018-06-15)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Improve slow request apply warning log.
- e.g.
read-only range request "key:\"/a\" range_end:\"/b\" " with result "range_response_count:3 size:96" took too long (97.966µs) to execute
. - Redact request value field.
- Provide response size.
- e.g.
- Add backoff on watch retries on transient errors.
- Compile with Go 1.9.7.
v3.3.7 (2018-06-06)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Support TLS cipher suite whitelisting.
- To block weak cipher suites.
- TLS handshake fails when client hello is requested with invalid cipher suites.
- Add
etcd --cipher-suites
flag. - If empty, Go auto-populates the list.
- Compile with Go 1.9.6.
v3.3.6 (2018-05-31)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Allow empty auth token.
- Previously, when auth token is an empty string, it returns
failed to initialize the etcd server: auth: invalid auth options
error.
- Previously, when auth token is an empty string, it returns
- Fix auth storage panic on server lease revoke routine with JWT token.
- Fix
mvcc
server panic from restore operation.- Let's assume that a watcher had been requested with a future revision X and sent to node A that became network-partitioned thereafter. Meanwhile, cluster makes progress. Then when the partition gets removed, the leader sends a snapshot to node A. Previously if the snapshot's latest revision is still lower than the watch revision X, etcd server panicked during snapshot restore operation.
- Now, this server-side panic has been fixed.
- Compile with Go 1.9.6.
v3.3.5 (2018-05-09)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Fix
etcdctl watch [key] [range_end] -- [exec-command…]
parsing.- Previously,
ETCDCTL_API=3 ./bin/etcdctl watch foo -- echo watch event received
panicked.
- Previously,
- Compile with Go 1.9.6.
v3.3.4 (2018-04-24)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Add
etcd_server_is_leader
Prometheus metric. - Fix
etcd_debugging_server_lease_expired_total
Prometheus metric. - Fix race conditions in v2 server stat collecting.
- Fix TLS reload when certificate SAN field only includes IP addresses but no domain names.
- In Go, server calls
(*tls.Config).GetCertificate
for TLS reload if and only if server's(*tls.Config).Certificates
field is not empty, or(*tls.ClientHelloInfo).ServerName
is not empty with a valid SNI from the client. Previously, etcd always populates(*tls.Config).Certificates
on the initial client TLS handshake, as non-empty. Thus, client was always expected to supply a matching SNI in order to pass the TLS verification and to trigger(*tls.Config).GetCertificate
to reload TLS assets. - However, a certificate whose SAN field does not include any domain names but only IP addresses would request
*tls.ClientHelloInfo
with an emptyServerName
field, thus failing to trigger the TLS reload on initial TLS handshake; this becomes a problem when expired certificates need to be replaced online. - Now,
(*tls.Config).Certificates
is created empty on initial TLS client handshake, first to trigger(*tls.Config).GetCertificate
, and then to populate rest of the certificates on every new TLS connection, even when client SNI is empty (e.g. cert only includes IPs).
- In Go, server calls
- Add
etcd --initial-election-tick-advance
flag to configure initial election tick fast-forward.- By default,
etcd --initial-election-tick-advance=true
, then local member fast-forwards election ticks to speed up "initial" leader election trigger. - This benefits the case of larger election ticks. For instance, cross datacenter deployment may require longer election timeout of 10-second. If true, local node does not need wait up to 10-second. Instead, forwards its election ticks to 8-second, and have only 2-second left before leader election.
- Major assumptions are that: cluster has no active leader thus advancing ticks enables faster leader election. Or cluster already has an established leader, and rejoining follower is likely to receive heartbeats from the leader after tick advance and before election timeout.
- However, when network from leader to rejoining follower is congested, and the follower does not receive leader heartbeat within left election ticks, disruptive election has to happen thus affecting cluster availabilities.
- Now, this can be disabled by setting
--initial-election-tick-advance=false
. - Disabling this would slow down initial bootstrap process for cross datacenter deployments. Make tradeoffs by configuring
etcd --initial-election-tick-advance
at the cost of slow initial bootstrap. - If single-node, it advances ticks regardless.
- Address disruptive rejoining follower node.
- By default,
- Add
embed.Config.InitialElectionTickAdvance
to enable/disable initial election tick fast-forward.embed.NewConfig()
would return*embed.Config
withInitialElectionTickAdvance
as true by default.
- Compile with Go 1.9.5.
v3.3.3 (2018-03-29)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Adjust election timeout on server restart to reduce disruptive rejoining servers.
- Previously, etcd fast-forwards election ticks on server start, with only one tick left for leader election. This is to speed up start phase, without having to wait until all election ticks elapse. Advancing election ticks is useful for cross datacenter deployments with larger election timeouts. However, it was affecting cluster availability if the last tick elapses before leader contacts the restarted node.
- Now, when etcd restarts, it adjusts election ticks with more than one tick left, thus more time for leader to prevent disruptive restart.
- Adjust periodic compaction retention window.
- e.g.
etcd --auto-compaction-mode=revision --auto-compaction-retention=1000
automaticallyCompact
on"latest revision" - 1000
every 5-minute (when latest revision is 30000, compact on revision 29000). - e.g. Previously,
etcd --auto-compaction-mode=periodic --auto-compaction-retention=72h
automaticallyCompact
with 72-hour retention windown for every 7.2-hour. Now,Compact
happens, for every 1-hour but still with 72-hour retention window. - e.g. Previously,
etcd --auto-compaction-mode=periodic --auto-compaction-retention=30m
automaticallyCompact
with 30-minute retention windown for every 3-minute. Now,Compact
happens, for every 30-minute but still with 30-minute retention window. - Periodic compactor keeps recording latest revisions for every compaction period when given period is less than 1-hour, or for every 1-hour when given compaction period is greater than 1-hour (e.g. 1-hour when
etcd --auto-compaction-mode=periodic --auto-compaction-retention=24h
). - For every compaction period or 1-hour, compactor uses the last revision that was fetched before compaction period, to discard historical data.
- The retention window of compaction period moves for every given compaction period or hour.
- For instance, when hourly writes are 100 and
etcd --auto-compaction-mode=periodic --auto-compaction-retention=24h
,v3.2.x
,v3.3.0
,v3.3.1
, andv3.3.2
compact revision 2400, 2640, and 2880 for every 2.4-hour, whilev3.3.3
or later compacts revision 2400, 2500, 2600 for every 1-hour. - Futhermore, when
etcd --auto-compaction-mode=periodic --auto-compaction-retention=30m
and writes per minute are about 1000,v3.3.0
,v3.3.1
, andv3.3.2
compact revision 30000, 33000, and 36000, for every 3-minute, whilev3.3.3
or later compacts revision 30000, 60000, and 90000, for every 30-minute.
- e.g.
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Add missing
etcd_network_peer_sent_failures_total
count.
- Compile with Go 1.9.5.
v3.3.2 (2018-03-08)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Fix server panic on invalid Election Proclaim/Resign HTTP(S) requests.
- Previously, wrong-formatted HTTP requests to Election API could trigger panic in etcd server.
- e.g.
curl -L http://localhost:2379/v3/election/proclaim -X POST -d '{"value":""}'
,curl -L http://localhost:2379/v3/election/resign -X POST -d '{"value":""}'
.
- Fix revision-based compaction retention parsing.
- Previously,
etcd --auto-compaction-mode revision --auto-compaction-retention 1
was translated to revision retention 3600000000000. - Now,
etcd --auto-compaction-mode revision --auto-compaction-retention 1
is correctly parsed as revision retention 1.
- Previously,
- Prevent overflow by large
TTL
values forLease
Grant
.TTL
parameter toGrant
request is unit of second.- Leases with too large
TTL
values exceedingmath.MaxInt64
expire in unexpected ways. - Server now returns
rpctypes.ErrLeaseTTLTooLarge
to client, when the requestedTTL
is larger than 9,000,000,000 seconds (which is >285 years). - Again, etcd
Lease
is meant for short-periodic keepalives or sessions, in the range of seconds or minutes. Not for hours or days!
- Enable etcd server
raft.Config.CheckQuorum
when starting withForceNewCluster
.
- Compile with Go 1.9.4.
v3.3.1 (2018-02-12)
See code changes and v3.3 upgrade guide for any breaking changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Add warnings on requests taking too long.
- e.g.
etcdserver: read-only range request "key:\"\\000\" range_end:\"\\000\" " took too long [3.389041388s] to execute
- e.g.
- Fix
mvcc
"unsynced" watcher restore operation.- "unsynced" watcher is watcher that needs to be in sync with events that have happened.
- That is, "unsynced" watcher is the slow watcher that was requested on old revision.
- "unsynced" watcher restore operation was not correctly populating its underlying watcher group.
- Which possibly causes missing events from "unsynced" watchers.
- A node gets network partitioned with a watcher on a future revision, and falls behind receiving a leader snapshot after partition gets removed. When applying this snapshot, etcd watch storage moves current synced watchers to unsynced since sync watchers might have become stale during network partition. And reset synced watcher group to restart watcher routines. Previously, there was a bug when moving from synced watcher group to unsynced, thus client would miss events when the watcher was requested to the network-partitioned node.
- Compile with Go 1.9.4.
v3.3.0 (2018-02-01)
See code changes and v3.3 upgrade guide for any breaking changes.
- v3.3.0 (2018-02-01), see code changes.
- v3.3.0-rc.4 (2018-01-22), see code changes.
- v3.3.0-rc.3 (2018-01-17), see code changes.
- v3.3.0-rc.2 (2018-01-11), see code changes.
- v3.3.0-rc.1 (2018-01-02), see code changes.
- v3.3.0-rc.0 (2017-12-20), see code changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.3 upgrade guide.
- Use
coreos/bbolt
to replaceboltdb/bolt
. - Support database size larger than 8GiB (8GiB is now a suggested maximum size for normal environments)
- Reduce memory allocation on Range operations.
- Rate limit and randomize lease revoke on restart or leader elections.
- Prevent spikes in Raft proposal rate.
- Support
clientv3
balancer failover under network faults/partitions. - Better warning on mismatched
etcd --initial-cluster
flag.- etcd compares
etcd --initial-advertise-peer-urls
against correspondingetcd --initial-cluster
URLs with forward-lookup. - If resolved IP addresses of
etcd --initial-advertise-peer-urls
andetcd --initial-cluster
do not match (e.g. due to DNS error), etcd will exit with errors.- v3.2 error:
etcd --initial-cluster must include s1=https://s1.test:2380 given --initial-advertise-peer-urls=https://s1.test:2380
. - v3.3 error:
failed to resolve https://s1.test:2380 to match --initial-cluster=s1=https://s1.test:2380 (failed to resolve "https://s1.test:2380" (error ...))
.
- v3.2 error:
- etcd compares
- Require
google.golang.org/grpc
v1.7.4
orv1.7.5
.- Deprecate
metadata.Incoming/OutgoingContext
. - Deprecate
grpclog.Logger
, upgrade togrpclog.LoggerV2
. - Deprecate
grpc.ErrClientConnTimeout
errors inclientv3
. - Use
MaxRecvMsgSize
andMaxSendMsgSize
to limit message size, in etcd server.
- Deprecate
- Translate gRPC status error in v3 client
Snapshot
API. - v3
etcdctl
lease timetolive LEASE_ID
on expired lease now prints"lease LEASE_ID already expired"
.- <=3.2 prints
"lease LEASE_ID granted with TTL(0s), remaining(-1s)"
.
- <=3.2 prints
- Replace gRPC gateway endpoint
/v3alpha
with/v3beta
.- To deprecate
/v3alpha
in v3.4. - In v3.3,
curl -L http://localhost:2379/v3alpha/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
still works as a fallback tocurl -L http://localhost:2379/v3beta/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
, butcurl -L http://localhost:2379/v3alpha/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
won't work in v3.4. Usecurl -L http://localhost:2379/v3beta/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
instead.
- To deprecate
- Change
etcd --auto-compaction-retention
flag to accept string values with finer granularity.- Now that
etcd --auto-compaction-retention
accepts string values, etcd configuration YAML fileauto-compaction-retention
field must be changed tostring
type. - Previously,
--config-file etcd.config.yaml
can haveauto-compaction-retention: 24
field, now must beauto-compaction-retention: "24"
orauto-compaction-retention: "24h"
. - If configured as
etcd --auto-compaction-mode periodic --auto-compaction-retention "24h"
, the time duration value foretcd --auto-compaction-retention
flag must be valid fortime.ParseDuration
function in Go.
- Now that
- Upgrade
boltdb/bolt
fromv1.3.0
tocoreos/bbolt
v1.3.1-coreos.6
. - Upgrade
google.golang.org/grpc
fromv1.2.1
tov1.7.5
. - Upgrade
github.com/ugorji/go/codec
tov1.1
, and regenerate v2client
. - Upgrade
github.com/ugorji/go/codec
tougorji/go@54210f4e0
, and regenerate v2client
. - Upgrade
github.com/grpc-ecosystem/grpc-gateway
fromv1.2.2
tov1.3.0
. - Upgrade
golang.org/x/crypto/bcrypt
togolang/crypto@6c586e17d
.
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Add
etcd --listen-metrics-urls
flag for additional/metrics
and/health
endpoints.- Useful for bypassing critical APIs when monitoring etcd.
- Add
etcd_server_version
Prometheus metric.- To replace Kubernetes
etcd-version-monitor
.
- To replace Kubernetes
- Add
etcd_debugging_mvcc_db_compaction_keys_total
Prometheus metric. - Add
etcd_debugging_server_lease_expired_total
Prometheus metric.- To improve lease revoke monitoring.
- Document Prometheus 2.0 rules.
- Initialize gRPC server metrics with zero values.
- Fix range/put/delete operation metrics with transaction.
etcd_debugging_mvcc_range_total
etcd_debugging_mvcc_put_total
etcd_debugging_mvcc_delete_total
etcd_debugging_mvcc_txn_total
- Fix
etcd_debugging_mvcc_keys_total
on restore. - Fix
etcd_debugging_mvcc_db_total_size_in_bytes
on restore.- Also change to
prometheus.NewGaugeFunc
.
- Also change to
See security doc for more details.
- Add CRL based connection rejection to manage revoked certs.
- Document TLS authentication changes.
- Server accepts connections if IP matches, without checking DNS entries. For instance, if peer cert contains IP addresses and DNS names in Subject Alternative Name (SAN) field, and the remote IP address matches one of those IP addresses, server just accepts connection without further checking the DNS names.
- Server supports reverse-lookup on wildcard DNS
SAN
. For instance, if peer cert contains only DNS names (no IP addresses) in Subject Alternative Name (SAN) field, server first reverse-lookups the remote IP address to get a list of names mapping to that address (e.g.nslookup IPADDR
). Then accepts the connection if those names have a matching name with peer cert's DNS names (either by exact or wildcard match). If none is matched, server forward-lookups each DNS entry in peer cert (e.g. look upexample.default.svc
when the entry is*.example.default.svc
), and accepts connection only when the host's resolved addresses have the matching IP address with the peer's remote IP address.
- Add
etcd --peer-cert-allowed-cn
flag.- To support CommonName(CN) based auth for inter peer connection.
- Swap priority of cert CommonName(CN) and username + password.
- Protect lease revoke with auth.
- Provide user's role on auth permission error.
- Fix auth store panic with disabled token.
- Add
etcd --experimental-initial-corrupt-check
flag to check cluster database hashes before serving client/peer traffic.etcd --experimental-initial-corrupt-check=false
by default.- v3.4 will enable
--initial-corrupt-check=true
by default.
- Add
etcd --experimental-corrupt-check-time
flag to raise corrupt alarm monitoring.etcd --experimental-corrupt-check-time=0s
disabled by default.
- Add
etcd --experimental-enable-v2v3
flag to emulate v2 API with v3.etcd --experimental-enable-v2v3=false
by default.
- Add
etcd --max-txn-ops
flag to configure maximum number operations in transaction. - Add
etcd --max-request-bytes
flag to configure maximum client request size.- If not configured, it defaults to 1.5 MiB.
- Add
etcd --client-crl-file
,--peer-crl-file
flags for Certificate revocation list. - Add
etcd --peer-cert-allowed-cn
flag to support CN-based auth for inter-peer connection. - Add
etcd --listen-metrics-urls
flag for additional/metrics
and/health
endpoints.- Support additional (non) TLS
/metrics
endpoints for a TLS-enabled cluster. - e.g.
etcd --listen-metrics-urls=https://localhost:2378,http://localhost:9379
to serve/metrics
and/health
on secure port 2378 and insecure port 9379. - Useful for bypassing critical APIs when monitoring etcd.
- Support additional (non) TLS
- Add
etcd --auto-compaction-mode
flag to support revision-based compaction. - Change
etcd --auto-compaction-retention
flag to accept string values with finer granularity.- Now that
etcd --auto-compaction-retention
accepts string values, etcd configuration YAML fileauto-compaction-retention
field must be changed tostring
type. - Previously,
etcd --config-file etcd.config.yaml
can haveauto-compaction-retention: 24
field, now must beauto-compaction-retention: "24"
orauto-compaction-retention: "24h"
. - If configured as
--auto-compaction-mode periodic --auto-compaction-retention "24h"
, the time duration value foretcd --auto-compaction-retention
flag must be valid fortime.ParseDuration
function in Go. - e.g.
etcd --auto-compaction-mode=revision --auto-compaction-retention=1000
automaticallyCompact
on"latest revision" - 1000
every 5-minute (when latest revision is 30000, compact on revision 29000). - e.g.
etcd --auto-compaction-mode=periodic --auto-compaction-retention=72h
automaticallyCompact
with 72-hour retention windown, for every 7.2-hour. - e.g.
etcd --auto-compaction-mode=periodic --auto-compaction-retention=30m
automaticallyCompact
with 30-minute retention windown, for every 3-minute. - Periodic compactor continues to record latest revisions for every 1/10 of given compaction period (e.g. 1-hour when
etcd --auto-compaction-mode=periodic --auto-compaction-retention=10h
). - For every 1/10 of given compaction period, compactor uses the last revision that was fetched before compaction period, to discard historical data.
- The retention window of compaction period moves for every 1/10 of given compaction period.
- For instance, when hourly writes are 100 and
--auto-compaction-retention=10
, v3.1 compacts revision 1000, 2000, and 3000 for every 10-hour, while v3.2.x, v3.3.0, v3.3.1, and v3.3.2 compact revision 1000, 1100, and 1200 for every 1-hour. Futhermore, when writes per minute are 1000, v3.3.0, v3.3.1, and v3.3.2 with--auto-compaction-mode=periodic --auto-compaction-retention=30m
compact revision 30000, 33000, and 36000, for every 3-minute with more finer granularity. - Whether compaction succeeds or not, this process repeats for every 1/10 of given compaction period. If compaction succeeds, it just removes compacted revision from historical revision records.
- Now that
- Add
etcd --grpc-keepalive-min-time
,etcd --grpc-keepalive-interval
,etcd --grpc-keepalive-timeout
flags to configure server-side keepalive policies. - Serve
/health
endpoint as unhealthy when alarm (e.g.NOSPACE
) is raised or there's no leader.- Define
etcdhttp.Health
struct with JSON encoder. - Note that
"health"
field isstring
type, notbool
.- e.g.
{"health":"false"}
,{"health":"true"}
- e.g.
- Remove
"errors"
field sincev3.3.0-rc.3
(did exist only inv3.3.0-rc.0
,v3.3.0-rc.1
,v3.3.0-rc.2
).
- Define
- Move logging setup to embed package
- Disable gRPC server info-level logs by default (can be enabled with
etcd --debug
flag).
- Disable gRPC server info-level logs by default (can be enabled with
- Use monotonic time in Go 1.9 for
lease
package. - Warn on empty hosts in advertise URLs.
- Address advertise client URLs accepts empty hosts.
- etcd v3.4 will exit on this error.
- e.g.
etcd --advertise-client-urls=http://:2379
.
- e.g.
- Warn on shadowed environment variables.
- Address error on shadowed environment variables.
- etcd v3.4 will exit on this error.
- Support ranges in transaction comparisons for disconnected linearized reads.
- Add nested transactions to extend proxy use cases.
- Add lease comparison target in transaction.
- Add lease list.
- Add hash by revision for better corruption checking against boltdb.
- Add health balancer to fix watch API hangs, improve endpoint switch under network faults.
- Refactor balancer and add client-side keepalive pings to handle network partitions.
- Add
MaxCallSendMsgSize
andMaxCallRecvMsgSize
fields toclientv3.Config
.- Fix exceeded response size limit error in client-side.
- Address kubernetes#51099.
- In previous versions(v3.2.10, v3.2.11), client response size was limited to only 4 MiB.
MaxCallSendMsgSize
default value is 2 MiB, if not configured.MaxCallRecvMsgSize
default value ismath.MaxInt32
, if not configured.
- Accept
Compare_LEASE
inclientv3.Compare
. - Add
LeaseValue
helper toCmp
LeaseID
values inTxn
. - Add
MoveLeader
toMaintenance
. - Add
HashKV
toMaintenance
. - Add
Leases
toLease
. - Add
clientv3/ordering
for enforce ordering in serialized requests. - Fix "put at-most-once" violation.
- Fix
WatchResponse.Canceled
on compacted watch request. - Fix
concurrency/stm
Put
with serializable snapshot.- Use store revision from first fetch to resolve write conflicts instead of modified revision.
- Add
etcdctl --discovery-srv
flag. - Add
etcdctl --keepalive-time
,--keepalive-timeout
flags. - Add
etcdctl lease list
command. - Add
etcdctl lease keep-alive --once
flag. - Make
lease timetolive LEASE_ID
on expired lease printlease LEASE_ID already expired
.- <=3.2 prints
lease LEASE_ID granted with TTL(0s), remaining(-1s)
.
- <=3.2 prints
- Add
etcdctl snapshot restore --wal-dir
flag. - Add
etcdctl defrag --data-dir
flag. - Add
etcdctl move-leader
command. - Add
etcdctl endpoint hashkv
command. - Add
etcdctl endpoint --cluster
flag, equivalent to v2etcdctl cluster-health
. - Make
etcdctl endpoint health
command terminate with non-zero exit code on unhealthy status. - Add
etcdctl lock --ttl
flag. - Support
etcdctl watch [key] [range_end] -- [exec-command…]
, equivalent to v2etcdctl exec-watch
.- Make
etcdctl watch -- [exec-command]
set environmental variablesETCD_WATCH_REVISION
,ETCD_WATCH_EVENT_TYPE
,ETCD_WATCH_KEY
,ETCD_WATCH_VALUE
for each event.
- Make
- Support
etcdctl watch
with environmental variablesETCDCTL_WATCH_KEY
andETCDCTL_WATCH_RANGE_END
. - Enable
clientv3.WithRequireLeader(context.Context)
forwatch
command. - Print
"del"
instead of"delete"
intxn
interactive mode. - Print
ETCD_INITIAL_ADVERTISE_PEER_URLS
inmember add
. - Fix
etcdctl snapshot status
to not modify snapshot file.- For example, start etcd
v3.3.10
- Write some data
- Use etcdctl
v3.3.10
to save snapshot - Somehow, upgrading Kubernetes fails, thus rolling back to previous version etcd
v3.2.24
- Run etcdctl
v3.2.24
snapshot status
against the snapshot file saved fromv3.3.10
server - Run etcdctl
v3.2.24
snapshot restore
fails with"expected sha256 [12..."
- For example, start etcd
- Handle empty key permission in
etcdctl
.
- Add
etcdctl backup --with-v3
flag.
- Add
grpc-proxy start --experimental-leasing-prefix
flag.- For disconnected linearized reads.
- Based on V system leasing.
- See "Disconnected consistent reads with etcd" blog post.
- Add
grpc-proxy start --experimental-serializable-ordering
flag.- To ensure serializable reads have monotonically increasing store revisions across endpoints.
- Add
grpc-proxy start --metrics-addr
flag for an additional/metrics
endpoint.- Set
--metrics-addr=http://[HOST]:9379
to serve/metrics
in insecure port 9379.
- Set
- Serve
/health
endpoint in grpc-proxy. - Add
grpc-proxy start --debug
flag. - Add
grpc-proxy start --max-send-bytes
flag to configure maximum client request size. - Add
grpc-proxy start --max-recv-bytes
flag to configure maximum client request size. - Fix Snapshot API error handling.
- Fix KV API
PrevKv
flag handling. - Fix KV API
KeysOnly
flag handling.
- Replace gRPC gateway endpoint
/v3alpha
with/v3beta
.- To deprecate
/v3alpha
in v3.4. - In v3.3,
curl -L http://localhost:2379/v3alpha/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
still works as a fallback tocurl -L http://localhost:2379/v3beta/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
, butcurl -L http://localhost:2379/v3alpha/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
won't work in v3.4. Usecurl -L http://localhost:2379/v3beta/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
instead.
- To deprecate
- Support "authorization" token.
- Support websocket for bi-directional streams.
- Upgrade gRPC gateway to v1.3.0.
- Fix backend database in-memory index corruption issue on restore (only 3.2.0 is affected).
- Fix watch restore from snapshot.
- Fix
mvcc/backend.defragdb
nil-pointer dereference on create bucket failure. - Fix server crash on invalid transaction request from gRPC gateway.
- Prevent server panic from member update/add with wrong scheme URLs.
- Make peer dial timeout longer.
- See coreos/etcd-operator#1300 for more detail.
- Make server wait up to request time-out with pending RPCs.
- Fix
grpc.Server
panic onGracefulStop
with TLS-enabled server. - Fix "multiple peer URLs cannot start" issue.
- Fix server-side auth so concurrent auth operations do not return old revision error.
- Handle WAL renaming failure on Windows.
- Upgrade
coreos/go-systemd
tov15
(see https://github.com/coreos/go-systemd/releases/tag/v15). - Put back
/v2/machines
endpoint for python-etcd wrapper.
- Fail-over v2 client to next endpoint on oneshot failure.
- Add non-voting member.
- To implement Raft thesis 4.2.1 Catching up new servers.
Learner
node does not vote or promote itself.
- Support previous two minor versions (see our new release policy).
v3.3.x
is the last release cycle that supportsACI
.- AppC was officially suspended, as of late 2016.
acbuild
is not maintained anymore.*.aci
files won't be available from etcd v3.4 release.
- Add container registry
gcr.io/etcd-development/etcd
.- quay.io/coreos/etcd is still supported as secondary.
- Require Go 1.9+.
- Compile with Go 1.9.3.
- Deprecate
golang.org/x/net/context
.