Documentation: Create a data inconsistency postmortem

[serathius]

cc @ahrtr @spzala @ptabor
Very drafty, if there are no obvious mistakes we can merge and iterate on it.

[codecov-commenter]

Codecov Report

Merging #13967 (d87cca1) into main (4555fc3) will decrease coverage by 0.35%.
The diff coverage is 100.00%.

❗ Current head d87cca1 differs from pull request most recent head 7fe1bf5. Consider uploading reports for the commit 7fe1bf5 to get more accurate results

@@            Coverage Diff             @@
##             main   #13967      +/-   ##
==========================================
- Coverage   72.67%   72.32%   -0.36%     
==========================================
  Files         469      469              
  Lines       38413    38413              
==========================================
- Hits        27918    27783     -135     
- Misses       8727     8838     +111     
- Partials     1768     1792      +24     

Flag	Coverage Δ
all	72.32% <100.00%> (-0.36%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
server/etcdserver/server.go	84.14% <100.00%> (-0.81%)	⬇️
client/v3/leasing/util.go	88.33% <0.00%> (-10.00%)	⬇️
client/v3/namespace/watch.go	87.87% <0.00%> (-6.07%)	⬇️
server/storage/mvcc/watchable_store.go	85.14% <0.00%> (-5.80%)	⬇️
client/v3/concurrency/session.go	88.63% <0.00%> (-4.55%)	⬇️
client/v3/leasing/cache.go	87.77% <0.00%> (-3.89%)	⬇️
server/etcdserver/api/v3rpc/watch.go	84.22% <0.00%> (-3.70%)	⬇️
server/etcdserver/api/rafthttp/msgappv2_codec.go	71.30% <0.00%> (-3.48%)	⬇️
server/etcdserver/api/v3rpc/util.go	70.96% <0.00%> (-3.23%)	⬇️
server/etcdserver/api/v3rpc/member.go	93.54% <0.00%> (-3.23%)	⬇️
... and 21 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4555fc3...7fe1bf5. Read the comment docs.

[spzala]

lgtm, just couple of small comments. Thanks!

[xiang90]

etcd instead of Etcd :P. We use etcd even if it is the first word in the sentence conventionally.

[spzala]

:) +1 @xiang90 Good catch!

[spzala]

I now noticed it at few other places :) so should do a clean sweep @serathius Thanks!

[ptabor]

• Etcd corruption check is linearizable/negotiates common revision
• The recovery procedures are documented and tested:
  - bootstaping from other member's snapshot
  - bootstaping from backup
  - bootstraping from backup + WAL log
• Snapshots (exchanged between the leader and lagging member) are checked for consistency

[serathius]

I tried to generalize Etcd corruption check is linearizable/negotiates common revision as etcd can reliably detect data corruption.

I'm not sure how Snapshots (exchanged between the leader and lagging member) are checked for consistency would relate to improve data corruption. I haven't seen this discussed, could you expand on it/file an issue?

[ptabor]

Done: #13973

[ptabor]

• Not clearly went wrong... but the problem is that as OSS community, we don't have insight what's the production adoption of different etcd versions thus their maturity. We make version as PROD-ready after some internal feadback... to get diverse usage, but the user's hold on till someone else will discover issues. I have no more recommendation here than transparency between maintainers.

[serathius]

I think lack of feedback loop here is a persistent issue. Without a feedback loop about feature usage we cannot make a good production recommendation.

What do you think we can do to improve the situation? Could we maybe each out to CNCF about collecting usage data from users?

[xiang90]

I think we can probably start with collecting version and uptime information with opt-out by default. I know the Kubernetes community tried to do similar things. Do you know how well it goes?