Announcing etcd v3.6.0
https://kubernetes.io/blog/2025/05/15/announcing-etcd-3.6/
This announcement originally appeared on the etcd blog.
Today, we are releasing etcd v3.6.0, the first minor release since etcd v3.5.0 on June 15, 2021. This release
introduces several new features, makes significant progress on long-standing efforts like downgrade support and
migration to v3store, and addresses numerous critical & major issues. It also includes major optimizations in
memory usage, improving efficiency and performance.
In addition to the features of v3.6.0, etcd has joined Kubernetes as a SIG (sig-etcd), enabling us to improve
project sustainability. We've introduced systematic robustness testing to ensure correctness and reliability.
Through the etcd-operator Working Group, we plan to improve usability as well.
What follows are the most significant changes introduced in etcd v3.6.0, along with the discussion of the
roadmap for future development. For a detailed list of changes, please refer to the CHANGELOG-3.6.
A heartfelt thank you to all the contributors who made this release possible!
Security
etcd takes security seriously. To enhance software security in v3.6.0, we have improved our workflow checks by
integrating govulncheck to scan the source code and trivy to scan container images. These improvements
have also been backported to supported stable releases.
etcd continues to follow the Security Release Process to ensure vulnerabilities are properly managed and addressed.
Features
Migration to v3store
The v2store has been deprecated since etcd v3.4 but could still be enabled via --enable-v2. It remained the source of
truth for membership data. In etcd v3.6.0, v2store can no longer be enabled as the --enable-v2 flag has been removed,
and v3store has become the sole source of truth for membership data.
While v2store still exists in v3.6.0, etcd will fail to start if it contains any data other than membership information.
To assist with migration, etcd v3.5.18+ provides the etcdutl check v2store command, which verifies that v2store
contains only membership data (see PR 19113).
Compared to v2store, v3store offers better performance and transactional support. It is also the actively maintained
storage engine moving forward.
The removal of v2store is still ongoing and is tracked in issues/12913.
Downgrade
etcd v3.6.0 is the first version to fully support downgrade. The effort for this downgrade task spans
both versions 3.5 and 3.6, and all related work is tracked in issues/11716.
At a high level, the process involves migrating the data schema to the target version (e.g., v3.5),
followed by a rolling downgrade.
Ensure the cluster is healthy, and take a snapshot backup. Validate whether the downgrade is valid:
$ etcdctl downgrade validate 3.5
Downgrade validate success, cluster version 3.6
If the downgrade is valid, enable downgrade mode:
$ etcdctl downgrade enable 3.5
Downgrade enable success, cluster version 3.6
etcd will then migrate the data schema in the background. Once complete, proceed with the rolling downgrade.
For details, refer to the Downgrade-3.6 guide.
Feature gates
In etcd v3.6.0, we introduced Kubernetes-style feature gates for managing new features. Previously, we
indicated unstable features through the --experimental prefix in feature flag names. The prefix was removed
once the feature was stable, causing a breaking change. Now, features will start in Alpha, progress
to Beta, then GA, or get deprecated. This ensures a much smoother upgrade and downgrade experience for users.
See feature-gates for details.
livez / readyz checks
etcd now supports /livez and /readyz endpoints, aligning with Kubernetes' Liveness and Readiness probes.
/livez indicates whether the etcd instance is alive, while /readyz indicates when it is ready to serve requests.
This feature has also been backported to release-3.5 (starting from v3.5.11) and release-3.4 (starting from v3.4.29).
See livez/readyz for details.
The existing /health endpoint remains functional. /livez is similar to /health?serializable=true, while
/readyz is similar to /health or /health?serializable=false. Clearly, the /livez and /readyz
endpoints provide clearer semantics and are easier to understand.
v3discovery
In etcd v3.6.0, the new discovery protocol v3discovery was introduced, based on clientv3.
It facilitates the discovery of all cluster members during the bootstrap phase.
The previous v2discovery protocol, based on clientv2, has been deprecated. Additionally,
the public discovery service at https://discovery.etcd.io/, which relied on v2discovery, is no longer maintained.
Performance
Memory
In this release, we reduced average memory consumption by at least 50% (see Figure 1). This improvement is primarily due to two changes:
The default value of --snapshot-count has been reduced from 100,000 in v3.5 to 10,000 in v3.6. As a result, etcd v3.6 now retains only about 10% of the history records compared to v3.5.
Raft history is compacted more frequently, as introduced in PR/18825.
Figure 1: Memory usage comparison between etcd v3.5.20 and v3.6.0-rc.2 under different read/write ratios.
Each subplot shows the memory usage over time with a specific read/write ratio. The red line represents etcd
v3.5.20, while the teal line represents v3.6.0-rc.2. Across all tested ratios, v3.6.0-rc.2 exhibits lower and
more stable memory usage.
Throughput
Compared to v3.5, etcd v3.6 delivers an average performance improvement of approximately 10%
in both read and write throughput (see Figure 2, 3, 4 and 5). This improvement is not attributed to
any single major change, but rather the cumulative effect of multiple minor enhancements. One such
example is the optimization of the free page queries introduced in PR/419.
Figure 2: Read throughput comparison between etcd v3.5.20 and v3.6.0-rc.2 under a high write ratio. The
read/write ratio is 0.0078, meaning 1 read per 128 writes. The right bar shows the percentage improvement
in read throughput of v3.6.0-rc.2 over v3.5.20, ranging from 3.21% to 25.59%.
Figure 3: Read throughput comparison between etcd v3.5.20 and v3.6.0-rc.2 under a high read ratio.
The read/write ratio is 8, meaning 8 reads per write. The right bar shows the percentage improvement in
read throughput of v3.6.0-rc.2 over v3.5.20, ranging from 4.38% to 27.20%.
Figure 4: Write throughput comparison between etcd v3.5.20 and v3.6.0-rc.2 under a high write ratio. The
read/write ratio is 0.0078, meaning 1 read per 128 writes. The right bar shows the percentage improvement
in write throughput of v3.6.0-rc.2 over v3.5.20, ranging from 2.95% to 24.24%.
Figure 5: Write throughput comparison between etcd v3.5.20 and v3.6.0-rc.2 under a high read ratio.
The read/write ratio is 8, meaning 8 reads per write. The right bar shows the percentage improvement in
write throughput of v3.6.0-rc.2 over v3.5.20, ranging from 3.86% to 28.37%.
Breaking changes
This section highlights a few notable breaking changes. For a complete list, please refer to
the Upgrade etcd from v3.5 to v3.6 and the CHANGELOG-3.6.
Old binaries are incompatible with new schema versions
Old etcd binaries are not compatible with newer data schema versions. For example, etcd 3.5 cannot start with
data created by etcd 3.6, and etcd 3.4 cannot start with data created by either 3.5 or 3.6.
When downgrading etcd, it's important to follow the documented downgrade procedure. Simply replacing
the binary or image will result in the incompatibility issue.
Peer endpoints no longer serve client requests
Client endpoints (--advertise-client-urls) are intended to serve client requests only, while peer
endpoints (--initial-advertise-peer-urls) are intended solely for peer communication. However, due to an implementation
oversight, the peer endpoints were also able to handle client requests in etcd 3.4 and 3.5. This behavior was misleading and
encouraged incorrect usage patterns. In etcd 3.6, this misleading behavior was corrected via PR/13565; peer endpoints
no longer serve client requests.
Clear boundary between etcdctl and etcdutl
Both etcdctl and etcdutl are command line tools. etcdutl is an offline utility designed to operate directly on
etcd data files, while etcdctl is an online tool that interacts with etcd over a network. Previously, there were some
overlapping functionalities between the two, but these overlaps were removed in 3.6.0.
Removed etcdctl defrag --data-dir
The etcdctl defrag command only support online defragmentation and no longer supports offline defragmentation.
To perform offline defragmentation, use the etcdutl defrag --data-dir command instead.
Removed etcdctl snapshot status
etcdctl no longer supports retrieving the status of a snapshot. Use the etcdutl snapshot status command instead.
Removed etcdctl snapshot restore
etcdctl no longer supports restoring from a snapshot. Use the etcdutl snapshot restore command instead.
Critical bug fixes
Correctness has always been a top priority for the etcd project. In the process of developing 3.6.0, we found and
fixed a few notable bugs that could lead to data inconsistency in specific cases. These fixes have been backported
to previous releases, but we believe they deserve special mention here.
Data Inconsistency when Crashing Under Load
Previously, when etcd was applying data, it would update the consistent-index first, followed by committing the
data. However, these operations were not atomic. If etcd crashed in between, it could lead to data inconsistency
(see issue/13766). The issue was introduced in v3.5.0, and fixed in v3.5.3 with PR/13854.
Durability API guarantee broken in single node cluster
When a client writes data and receives a success response, the data is expected to be persisted. However, the data might
be lost if etcd crashes immediately after sending the success response to the client. This was a legacy issue (see issue/14370)
affecting all previous releases. It was addressed in
1_r/devopsish
2_News
