Hitoshi Mitake

@AkihiroSuda I think the approach based on block device (nbd, iSCSI, qemu, etc) is too costly because correspondence between file accesses and block requests will be hard to be analyzed....

Hi @struz , thanks for reporting the problem. > The best fix for this, in my opinion, is to allow modular access privileges to be granted to different administration commands....

@heyitsanthony @xiang90 @jpbetz thanks for your comments. It seems that more consideration is required before working on. @struz could you share more detail about your use case? Do you have...

@struz thanks for sharing the detail. I understand the motivation. How about disabling compaction requests from apiserver and issuing the requests from external management stuff (e.g. cron job of `etcdctl`...

@struz I added a new option `--etcd-compaction-interval` to kube-apiserver side: https://github.com/kubernetes/kubernetes/pull/51765 . If you pass an argument 0 with the option, apiserver won't issue compaction requests. The PR is already...

1. I’m not sure what’s the actual issue, but recommend not to use v2 interface. Note that v2 API and v3 API are completely separated including authentication mechanism. 2. It’s...

That's the debug log, so you are using `--log-level=debug` right? I think that shouldn't be used in production environments so practically not harmful. But if you have motivation to change...

You can create a user with no password based authentication with `etcdctl user add --no-password`. Such a user only allows CN based authnz. If you really want to avoid the...

@gyuho probably adding a salvation tool like etcd-dump-db to etcdctl would be helpful?

@gyuho probably draining all the data from existing files of snapshot and wal and put them to a new cluster as an ordinary etcd cluster would be straightforward. Modifying the...