Previous change logs can be found at CHANGELOG-3.4.
- Fix watchserver related goroutine leakage
- Fix risk of a partial write txn being applied
- Fix panicking occurred due to improper error handling during defragmentation
- Fix close temp file(s) in case an error happens during defragmentation
- Compile binaries using go 1.22.9.
- Fix performance regression issue caused by the
ensureLeadership
in lease renew. - Keep the tombstone during compaction if it happens to be the compaction revision
- Add
etcd --experimental-compaction-sleep-interval
flag to control the sleep interval between each compaction batch.
- Compile binaries using go 1.22.7.
- Upgrade bbolt to v1.3.11.
- Fix add prometheus metric registration for metric
etcd_disk_wal_write_duration_seconds
. - Add Support multiple values for allowed client and peer TLS identities
- Fix noisy logs from simple auth token expiration by reducing log level to debug
- Differentiate the warning message for rejected client and peer connections
- Compile binaries using go 1.21.12.
- Fully address CVE-2023-45288 and fix govulncheck CI check
- Fix LeaseTimeToLive returns error if leader changed.
- Add metrics
etcd_disk_wal_write_duration_seconds
. - Fix ignore raft messages if member id mismatch.
- Update the compaction log when bootstrap.
- Fix Revision decreasing after panic during compaction
- Add
etcd --experimental-stop-grpc-service-on-defrag
to enable client failover on defrag. - Add support for
AllowedCN
andAllowedHostname
through config file
- Add requests retry when receiving ErrGPRCNotSupportedForLearner and endpoints > 1.
- Fix initialization for mu in client context.
- Compile binaries using go 1.21.10.
- Upgrade bbolt to v1.3.10.
- Fix leases wrongly revoked by the leader by ignoring old leader's leases revoking request.
- Fix no progress notification being sent for watch that doesn't get any events.
- Fix watch event loss after compaction.
- Add client backoff and retry config options.
- Ignore SetKeepAlivePeriod errors on OpenBSD.
- Support unix/unixs socket in client or peer URLs
- Add three flags (see below) for grpc-proxy
--dial-keepalive-time
--dial-keepalive-timeout
--permit-without-stream
- Upgrade bbolt to v1.3.9.
- Compile binaries using go 1.21.8.
- Upgrade google.golang.org/protobuf to v1.33.0 to address CVE-2024-24786.
- Upgrade github.com/sirupsen/logrus to v1.9.3 to address PRISMA-2023-0056.
- Fix not validating database consistent index, and panicking on nil backend
- Document
experimental-enable-lease-checkpoint-persist
flag in etcd help - Fix needlessly flocking snapshot files when deleting
- Add digest for etcd base image
- Fix delete inconsistencies in read buffer
- Add mvcc: print backend database size and size in use in compaction logs
- Compile binaries using go 1.20.13
- Upgrade golang.org/x/crypto to v0.17+ to address CVE-2023-48795
- Fix distributed tracing by ensuring
--experimental-distributed-tracing-sampling-rate
configuration option is available to set tracing sample rate. - Fix url redirects while checking peer urls during new member addition
- Add livez/readyz HTTP endpoints
- Compile binaries using go 1.20.12
- Fix CVE-2023-47108 by bumping go.opentelemetry.io/otel to 1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to 0.46.0.
- Fix
--socket-reuse-port
and--socket-reuse-address
not able to be set in configuration file. - Fix corruption check may get a
ErrCompacted
error when server has just been compacted - Improve Lease put performance for the case that auth is disabled or the user is admin
- Improve Skip getting authInfo from incoming context when auth is disabled
- Fix Hash and HashKV have duplicated RESTful API
- Fix Multiple endpoints with same prefix got mixed up
- Fix Unexpected blocking when barrier waits on a nonexistent key
- Fix Reset auth token when failing to authenticate due to auth being disabled
- Fix panic in etcd validate secure endpoints
- Compile binaries using go 1.20.10.
- Upgrade gRPC to 1.58.3 in #16625, #16781 and #16790. Note that gRPC server will reject requests with connection header (refer to grpc/grpc-go#4803).
- Upgrade bbolt to v1.3.8
- Compile binaries using go 1.19.9.
- Add
etcd --tls-min-version --tls-max-version
to enable support for TLS 1.3. - Add
etcd --listen-client-http-urls
flag to support separating http server from grpc one, thus giving full immunity to watch stream starvation under high read load. - Change http2 frame scheduler to random algorithm
- Fix Watch response traveling back in time when reconnecting member downloads snapshot from the leader
- Fix race when starting both secure & insecure gRPC servers on the same address
- Fix server/auth: disallow creating empty permission ranges
- Fix aligning zap log timestamp resolution to microseconds. Etcd now uses zap timestamp format:
2006-01-02T15:04:05.999999Z0700
(microsecond instead of milliseconds precision). - Fix wsproxy did not print log in JSON format.
- Fix CVE-2021-28235 by clearing password after authenticating the user.
- Fix etcdserver may panic when parsing a JWT token without username or revision.
- Fix Requested watcher progress notifications are not synchronised with stream.
- Recommend Go 1.19+.
- Compile binaries using go to 1.19.8
- Upgrade golang.org/x/net to v0.7.0
- Upgrade bbolt to v1.3.7.
- Fix Remove memberID from data corrupt alarm.
- Fix Allow non mutating requests pass through quotaKVServer when NOSPACE.
- Fix nil pointer panic for readonly txn due to nil response.
- Fix The last record which was partially synced to disk isn't automatically repaired.
- Fix etcdserver might promote a non-started learner.
- Reverted the fix to auth invalid token and old revision errors in watch.
- Recommend Go 1.17+.
- Compile binaries using Go 1.17.13
- Bumped some dependencies to address some HIGH Vulnerabilities.
- Use distroless base image to address critical Vulnerabilities.
- Updated base image from base-debian11 to static-debian11 and removed dependency on busybox.
- Fix auth invalid token and old revision errors in watch
- Fix avoid closing a watch with ID 0 incorrectly
- Fix auth: fix data consistency issue caused by recovery from snapshot
- Fix revision might be inconsistency between members when etcd crashes during processing defragmentation operation
- Fix timestamp in inconsistent format
- Fix Failed resolving host due to lost DNS record
- Fix Add backoff before retry when watch stream returns unavailable.
- Fix stack overflow error in double barrier
- Fix Refreshing token on CommonName based authentication causes segmentation violation in client.
- Add
etcd grpc-proxy start --listen-cipher-suites
flag to support adding configurable cipher list.
- Fix do not overwrite authTokenBundle on dial.
- Fix IsOptsWithPrefix returns false even if WithPrefix() is included.
- Build official darwin/arm64 artifacts.
- Add
etcd --max-concurrent-streams
flag to configure the max concurrent streams each client can open at a time, and defaults to math.MaxUint32. - Add
etcd --experimental-compact-hash-check-enabled --experimental-compact-hash-check-time
flags to support enabling reliable corruption detection on compacted revisions. - Fix unexpected error during txn.
- Fix lease leak issue due to tokenProvider isn't enabled when restoring auth store from a snapshot.
- Fix the race condition between goroutine and channel on the same leases to be revoked.
- Fix lessor may continue to schedule checkpoint after stepping down leader role.
- Fix Restrict the max size of each WAL entry to the remaining size of the WAL file.
- Fix Protect rangePermCache with a RW lock correctly
- Fix memberID equals zero in corruption alarm
- Fix Durability API guarantee broken in single node cluster
- Fix etcd fails to start after performing alarm list operation and then power off/on
- Fix authentication data not loaded on member startup
- Bump golang.org/x/crypto to latest version to address CVE-2022-27191.
- Bump OpenTelemetry to 1.0.1 and gRPC to 1.41.0.
- Revert the change of trimming the trailing dot from SRV.Target returned by DNS lookup
- Fix Provide a better liveness probe for when etcd runs as a Kubernetes pod
- Fix inconsistent log format
- Fix Inconsistent revision and data occurs
- Fix Etcdserver is still in progress of processing LeaseGrantRequest when it receives a LeaseKeepAliveRequest on the same leaseID
- Fix consistent_index coming from snapshot is overwritten by the old local value
- Update container base image snapshot
- Fix Defrag unsets backend options.
- Trim the suffix dot from the target in SRV records returned by DNS lookup
- Always print the raft_term in decimal when displaying member list in json.
v3.5.2 (2022-02-01)
See code changes and v3.5 upgrade guide for any breaking changes.
- Fix exclude the same alarm type activated by multiple peers.
- Add
etcd --experimental-enable-lease-checkpoint-persist
flag to enable checkpoint persisting. - Fix Lease checkpoints don't prevent to reset ttl on leader change, requires enabling checkpoint persisting.
- Fix assertion failed due to tx closed when recovering v3 backend from a snapshot db
- Fix segmentation violation(SIGSEGV) error due to premature unlocking of watchableStore
v3.5.1 (2021-10-15)
See code changes and v3.5 upgrade guide for any breaking changes.
- Fix self-signed-cert-validity parameter cannot be specified in the config file.
- Fix ensure that cluster members stored in v2store and backend are in sync
- Endpoints self identify now as
etcd-endpoints://{id}/{authority}
where authority is based on first endpoint passed, for exampleetcd-endpoints://0xc0009d8540/localhost:2079
- Updated base image from
debian:buster-v1.4.0
todebian:bullseye-20210927
to fix the following critical CVEs:- CVE-2021-3711: miscalculation of a buffer size in openssl's SM2 decryption
- CVE-2021-35942: integer overflow flaw in glibc
- CVE-2019-9893: incorrect syscall argument generation in libseccomp
- CVE-2021-36159: libfetch in apk-tools mishandles numeric strings in FTP and HTTP protocols to allow out of bound reads.
See code changes and v3.5 upgrade guide for any breaking changes.
- v3.5.0 (2021 TBD), see code changes.
- v3.5.0-rc.1 (2021-06-10), see code changes.
- v3.5.0-rc.0 (2021-06-04), see code changes.
- v3.5.0-beta.4 (2021-05-26), see code changes.
- v3.5.0-beta.3 (2021-05-18), see code changes.
- v3.5.0-beta.2 (2021-05-18), see code changes.
- v3.5.0-beta.1 (2021-05-18), see code changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.5 upgrade guide.
go.etcd.io/etcd
Go packages have moved togo.etcd.io/etcd/{api,pkg,raft,client,etcdctl,server,raft,tests}/v3
to follow the Go modules conventionsgo.etcd.io/clientv3/snapshot
SnapshotManager class have moved togo.etcd.io/clientv3/etcdctl
. The methodsnapshot.Save
to download a snapshot from the remote server was preserved in 'go.etcd.io/clientv3/snapshot`.- `go.etcd.io/client' package got migrated to 'go.etcd.io/client/v2'.
- Changed behavior of clientv3 API MemberList.
- Previously, it is directly served with server's local data, which could be stale.
- Now, it is served with linearizable guarantee. If the server is disconnected from quorum,
MemberList
call will fail.
- gRPC gateway only supports
/v3
endpoint.- Deprecated
/v3beta
. curl -L http://localhost:2379/v3beta/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
doesn't work in v3.5. Usecurl -L http://localhost:2379/v3/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
instead.
- Deprecated
etcd --experimental-enable-v2v3
flag remains experimental and to be deprecated.- v2 storage emulation feature will be deprecated in the next release.
- etcd 3.5 is the last version that supports V2 API. Flags
--enable-v2
and--experimental-enable-v2v3
are now deprecated and will be removed in etcd v3.6 release.
etcd --experimental-backend-bbolt-freelist-type
flag has been deprecated. Useetcd --backend-bbolt-freelist-type
instead. The default type is hashmap and it is stable now.etcd --debug
flag has been deprecated. Useetcd --log-level=debug
instead.- Remove
embed.Config.Debug
. etcd --log-output
flag has been deprecated. Useetcd --log-outputs
instead.etcd --logger=zap --log-outputs=stderr
is now the default.etcd --logger=capnslog
flag value has been deprecated.etcd --logger=zap --log-outputs=default
flag value is not supported..- Use
etcd --logger=zap --log-outputs=stderr
. - Or, use
etcd --logger=zap --log-outputs=systemd/journal
to send logs to the local systemd journal. - Previously, if etcd parent process ID (PPID) is 1 (e.g. run with systemd),
etcd --logger=capnslog --log-outputs=default
redirects server logs to local systemd journal. And if write to journald fails, it writes toos.Stderr
as a fallback. - However, even with PPID 1, it can fail to dial systemd journal (e.g. run embedded etcd with Docker container). Then, every single log write will fail and fall back to
os.Stderr
, which is inefficient. - To avoid this problem, systemd journal logging must be configured manually.
- Use
etcd --log-outputs=stderr
is now the default.etcd --log-package-levels
flag forcapnslog
has been deprecated. Now,etcd --logger=zap --log-outputs=stderr
is the default.[CLIENT-URL]/config/local/log
endpoint has been deprecated, as isetcd --log-package-levels
flag.curl http://127.0.0.1:2379/config/local/log -XPUT -d '{"Level":"DEBUG"}'
won't work.- Please use
etcd --logger=zap --log-outputs=stderr
instead.
- Deprecated
etcd_debugging_mvcc_db_total_size_in_bytes
Prometheus metric. Useetcd_mvcc_db_total_size_in_bytes
instead. - Deprecated
etcd_debugging_mvcc_put_total
Prometheus metric. Useetcd_mvcc_put_total
instead. - Deprecated
etcd_debugging_mvcc_delete_total
Prometheus metric. Useetcd_mvcc_delete_total
instead. - Deprecated
etcd_debugging_mvcc_txn_total
Prometheus metric. Useetcd_mvcc_txn_total
instead. - Deprecated
etcd_debugging_mvcc_range_total
Prometheus metric. Useetcd_mvcc_range_total
instead. - Main branch
/version
outputs3.5.0-pre
, instead of3.4.0+git
. - Changed
proxy
package function signature to support structured logger.- Previously,
NewClusterProxy(c *clientv3.Client, advaddr string, prefix string) (pb.ClusterServer, <-chan struct{})
, nowNewClusterProxy(lg *zap.Logger, c *clientv3.Client, advaddr string, prefix string) (pb.ClusterServer, <-chan struct{})
. - Previously,
Register(c *clientv3.Client, prefix string, addr string, ttl int)
, nowRegister(lg *zap.Logger, c *clientv3.Client, prefix string, addr string, ttl int) <-chan struct{}
. - Previously,
NewHandler(t *http.Transport, urlsFunc GetProxyURLs, failureWait time.Duration, refreshInterval time.Duration) http.Handler
, nowNewHandler(lg *zap.Logger, t *http.Transport, urlsFunc GetProxyURLs, failureWait time.Duration, refreshInterval time.Duration) http.Handler
.
- Previously,
- Changed
pkg/flags
function signature to support structured logger.- Previously,
SetFlagsFromEnv(prefix string, fs *flag.FlagSet) error
, nowSetFlagsFromEnv(lg *zap.Logger, prefix string, fs *flag.FlagSet) error
. - Previously,
SetPflagsFromEnv(prefix string, fs *pflag.FlagSet) error
, nowSetPflagsFromEnv(lg *zap.Logger, prefix string, fs *pflag.FlagSet) error
.
- Previously,
- ClientV3 supports grpc resolver API.
- Endpoints can be managed using endpoints.Manager
- Previously supported GRPCResolver was decomissioned. Use resolver instead.
- Turned on --pre-vote by default. Should prevent disrupting RAFT leader by an individual member.
- ETCD_CLIENT_DEBUG env: Now supports log levels (debug, info, warn, error, dpanic, panic, fatal). Only when set, overrides application-wide grpc logging settings.
- Embed Etcd.Close() needs to called exactly once and closes Etcd.Err() stream.
- Embed Etcd does not override global/grpc logger be default any longer. If desired, please call
embed.Config::SetupGlobalLoggers()
explicitly. - Embed Etcd custom logger should be configured using simpler builder
NewZapLoggerBuilder
. - Client errors of
context cancelled
orcontext deadline exceeded
are exposed ascodes.Canceled
andcodes.DeadlineExceeded
, instead ofcodes.Unknown
.
- WAL log's snapshots persists raftpb.ConfState
- Backend persists raftpb.ConfState in the
meta
bucketconfState
key. - Backend persists applied term in the
meta
bucket. - Backend persists
downgrade
in thecluster
bucket
- Add
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
andTLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
toetcd --cipher-suites
. - Changed the format of WAL entries related to auth for not keeping password as a plain text.
- Add third party Security Audit Report.
- A log warning is added when etcd uses any existing directory that has a permission different than 700 on Linux and 777 on Windows.
- Add optional
ClientCertFile
andClientKeyFile
options for peer and client tls configuration when split certificates are used.
See List of metrics for all metrics per release.
Note that any etcd_debugging_*
metrics are experimental and subject to change.
- Deprecated
etcd_debugging_mvcc_db_total_size_in_bytes
Prometheus metric. Useetcd_mvcc_db_total_size_in_bytes
instead. - Deprecated
etcd_debugging_mvcc_put_total
Prometheus metric. Useetcd_mvcc_put_total
instead. - Deprecated
etcd_debugging_mvcc_delete_total
Prometheus metric. Useetcd_mvcc_delete_total
instead. - Deprecated
etcd_debugging_mvcc_txn_total
Prometheus metric. Useetcd_mvcc_txn_total
instead. - Deprecated
etcd_debugging_mvcc_range_total
Prometheus metric. Useetcd_mvcc_range_total
instead. - Add
etcd_debugging_mvcc_current_revision
Prometheus metric. - Add
etcd_debugging_mvcc_compact_revision
Prometheus metric. - Change
etcd_cluster_version
Prometheus metrics to include only major and minor version. - Add
etcd_debugging_mvcc_total_put_size_in_bytes
Prometheus metric. - Add
etcd_server_client_requests_total
with"type"
and"client_api_version"
labels. - Add
etcd_wal_write_bytes_total
. - Add
etcd_debugging_auth_revision
. - Add
os_fd_used
andos_fd_limit
to monitor current OS file descriptors. - Add
etcd_disk_defrag_inflight
.
- Add don't attempt to grant nil permission to a role.
- Add don't activate alarms w/missing AlarmType.
- Add
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
andTLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
toetcd --cipher-suites
. - Automatically create parent directory if it does not exist (fix issue#9609).
- v4.0 will configure
etcd --enable-v2=true --enable-v2v3=/aaa
to enable v2 API server that is backed by v3 storage. - [
etcd --backend-bbolt-freelist-type
] flag is now stable.etcd --experimental-backend-bbolt-freelist-type
has been deprecated.
- Support downgrade API.
- Deprecate v2 apply on cluster version. Use v3 request to set cluster version and recover cluster version from v3 backend.
- Use v2 api to update cluster version to support mixed version cluster during upgrade.
- Fix corruption bug in defrag.
- Fix quorum protection logic when promoting a learner.
- Improve peer corruption checker to work when peer mTLS is enabled.
- Log
[CLIENT-PORT]/health
check in server side. - Log successful etcd server-side health check in debug level.
- Improve compaction performance when latest index is greater than 1-million.
- Refactor consistentindex.
- Add log when etcdserver failed to apply command.
- Improve count-only range performance.
- Remove redundant storage restore operation to shorten the startup time.
- With 40 million key test data,it can shorten the startup time from 5 min to 2.5 min.
- Fix deadlock bug in mvcc.
- Fix inconsistency between WAL and server snapshot.
- Previously, server restore fails if it had crashed after persisting raft hard state but before saving snapshot.
- See #10219 for more.
- Add missing CRC checksum check in WAL validate method otherwise causes panic.
- See #11918.
- Improve logging around snapshot send and receive.
- Push down RangeOptions.limit argv into index tree to reduce memory overhead.
- Add reason field for /health response.
- Add exclude alarms from health check conditionally.
- Add
etcd --unsafe-no-fsync
flag.- Setting the flag disables all uses of fsync, which is unsafe and will cause data loss. This flag makes it possible to run an etcd node for testing and development without placing lots of load on the file system.
- Add
etcd --auth-token-ttl
flag to customizesimpleTokenTTL
settings. - Improve
runtime.FDUsage
call pattern to reduce objects malloc of Memory Usage and CPU Usage. - Improve mvcc.watchResponse channel Memory Usage.
- Log expensive request info in UnaryInterceptor.
- Fix invalid Go type in etcdserverpb.
- Improve healthcheck by using v3 range request and its corresponding timeout.
- Add
etcd --experimental-watch-progress-notify-interval
flag to make watch progress notify interval configurable. - Fix server panic in slow writes warnings.
- Fixed via PR#12238.
- Fix server panic when force-new-cluster flag is enabled in a cluster which had learner node.
- Add
etcd --self-signed-cert-validity
flag to support setting certificate expiration time.- Notice, certificates generated by etcd are valid for 1 year by default when specifying the auto-tls or peer-auto-tls option.
- Add
etcd --experimental-warning-apply-duration
flag which allows apply duration threshold to be configurable. - Add
etcd --experimental-memory-mlock
flag which prevents etcd memory pages to be swapped out. - Add
etcd --socket-reuse-port
flag- Setting this flag enables
SO_REUSEPORT
which allows rebind of a port already in use. User should take caution when using this flag to ensure flock is properly enforced.
- Setting this flag enables
- Add
etcd --socket-reuse-address
flag- Setting this flag enables
SO_REUSEADDR
which allows binding to an address inTIME_WAIT
state, improving etcd restart time.
- Setting this flag enables
- Reduce around 30% memory allocation by logging range response size without marshal.
ETCD_VERIFY="all"
environment triggers additional verification of consistency of etcd data-dir files.- Add
etcd --enable-log-rotation
boolean flag which enables log rotation if true. - Add
etcd --log-rotation-config-json
flag which allows passthrough of JSON config to configure log rotation for a file output target. - Add experimental distributed tracing boolean flag
--experimental-enable-distributed-tracing
which enables tracing. - Add
etcd --experimental-distributed-tracing-address
string flag which allows configuring the OpenTelemetry collector address. - Add
etcd --experimental-distributed-tracing-service-name
string flag which allows changing the default "etcd" service name. - Add
etcd --experimental-distributed-tracing-instance-id
string flag which configures an instance ID, which must be unique per etcd instance. - Add
--experimental-bootstrap-defrag-threshold-megabytes
which configures a threshold for the unused db size and etcdserver will automatically perform defragmentation on bootstrap when it exceeds this value. The functionality is disabled if the value is 0.
- Remove
embed.Config.Debug
.- Use
embed.Config.LogLevel
instead.
- Use
- Add
embed.Config.ZapLoggerBuilder
to allow creating a custom zap logger. - Replace global
*zap.Logger
with etcd server logger object. - Add
embed.Config.EnableLogRotation
which enables log rotation if true. - Add
embed.Config.LogRotationConfigJSON
to allow passthrough of JSON config to configure log rotation for a file output target. - Add
embed.Config.ExperimentalEnableDistributedTracing
which enables experimental distributed tracing if true. - Add
embed.Config.ExperimentalDistributedTracingAddress
which allows overriding default collector address. - Add
embed.Config.ExperimentalDistributedTracingServiceName
which allows overriding default "etcd" service name. - Add
embed.Config.ExperimentalDistributedTracingServiceInstanceID
which allows configuring an instance ID, which must be uniquer per etcd instance.
- Remove excessive watch cancel logging messages.
- Add
TryLock
method toclientv3/concurrency/Mutex
. A non-blocking method onMutex
which does not wait to get lock on the Mutex, returns immediately if Mutex is locked by another session. - Fix client balancer failover against multiple endpoints.
- Fix IPv6 endpoint parsing in client.
- Fix errors caused by grpc changing balancer/resolver API. This change is compatible with grpc >= v1.26.0, but is not compatible with < v1.26.0 version.
- Use ServerName as the authority after bumping to grpc v1.26.0. Remove workaround in #11184.
- Fix
"hasleader"
metadata embedding.- Previously,
clientv3.WithRequireLeader(ctx)
was overwriting existing context keys.
- Previously,
- Fix watch leak caused by lazy cancellation. When clients cancel their watches, a cancel request will now be immediately sent to the server instead of waiting for the next watch event.
- Make sure save snapshot downloads checksum for integrity checks.
- Fix auth token invalid after watch reconnects. Get AuthToken automatically when clientConn is ready.
- Improve clientv3:get AuthToken gracefully without extra connection.
- Changed clientv3 dialing code to use grpc resolver API instead of custom balancer.
- Endpoints self identify now as
etcd-endpoints://{id}/#initially={list of endpoints}
e.g.etcd-endpoints://0xc0009d8540/#initially=[localhost:2079]
- Endpoints self identify now as
- Make sure save snapshot downloads checksum for integrity checks.
- Fix memory leak in follower nodes.
- Make sure grant/revoke won't be applied repeatedly after restarting etcd.
- Add
etcd_wal_write_bytes_total
. - Handle out-of-range slice bound in
ReadAll
and entry limit indecodeRecord
.
- Fix
etcdctl member add
command to prevent potential timeout. (PR#11194 and PR#11638) - Add
etcdctl watch --progress-notify
flag. - Add
etcdctl auth status
command to check if authentication is enabled - Add
etcdctl get --count-only
flag for output typefields
. - Add
etcdctl member list -w=json --hex
flag to print memberListResponse in hex format json. - Changed
etcdctl lock <lockname> exec-command
to return exit code of exec-command. - New tool:
etcdutl
incorporated functionality of:etcdctl snapshot status|restore
,etcdctl backup
,etcdctl defrag --data-dir ...
. - ETCDCTL_API=3
etcdctl migrate
has been decommissioned. Use etcd <=v3.4 to restore v2 storage.
- gRPC gateway only supports
/v3
endpoint.- Deprecated
/v3beta
. curl -L http://localhost:2379/v3beta/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
does work in v3.5. Usecurl -L http://localhost:2379/v3/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'
instead.
- Deprecated
- Set
enable-grpc-gateway
flag to true when using a config file to keep the defaults the same as the command line configuration.
- Fix
panic on error
for metrics handler. - Add gRPC keepalive related flags
grpc-keepalive-min-time
,grpc-keepalive-interval
andgrpc-keepalive-timeout
. - Fix grpc watch proxy hangs when failed to cancel a watcher .
- Add metrics handler for grpcproxy self.
- Add health handler for grpcproxy self.
- Fix NoPassword check when adding user through GRPC gateway (issue#11414)
- Fix bug where some auth related messages are logged at wrong level
- Fix a data corruption bug by saving consistent index.
- Improve checkPassword performance.
- Add authRevision field in AuthStatus.
- Fix a bug of not refreshing expired tokens.
- Add
/v3/auth/status
endpoint to check if authentication is enabled - Add
Linearizable
field toetcdserverpb.MemberListRequest
. - Learner support Snapshot RPC.
- Remove
netutil.DropPort/RecoverPort/SetLatency/RemoveLatency
.- These are not used anymore. They were only used for older versions of functional testing.
- Removed to adhere to best security practices, minimize arbitrary shell invocation.
- Upgrade
google.golang.org/grpc
fromv1.23.0
tov1.37.0
. - Upgrade
go.uber.org/zap
fromv1.14.1
tov1.16.0
.
- etcd now officially supports
arm64
.- See #12928 for adding automated tests with
arm64
EC2 instances (Graviton 2). - See etcd-io/website#273 for new platform support tier policies.
- See #12928 for adding automated tests with
- Require Go 1.16+.
- Compile with Go 1.16+
- etcd uses go modules (instead of vendor dir) to track dependencies.
- The etcd team has added, a well defined and openly discussed, project governance.