v0.16.3

This release adds public RPC authority validation, data server admin APIs, and checksum metric cleanup. It also fixes Docker image rebuild behavior so release images pick up current Alpine security patches.

Compatibility

• v0.16.3 introduced public RPC authority validation, which may reject clients connecting through bootstrap, proxy, load balancer, or alternate DNS hostnames with PERMISSION_DENIED: oxia: unexpected authority.
• For v0.16.3 and v0.16.4, add expected hostnames to cluster-level allowExtraAuthorities.
• This is resolved in v0.16.5, where authority validation is configurable and disabled by default on the 0.16 line.

Requirements

• Review data server access paths before upgrading to v0.16.3 or v0.16.4.
• Configure allowExtraAuthorities if clients connect through proxy, bootstrap, load balancer, or alternate DNS names.

Public API Changes

• Data servers validate public RPC :authority values against shard assignments.
• Added cluster config field allowExtraAuthorities.
• Added admin RPCs: ListDataServers, GetDataServer.
• Added CLI commands: oxia admin dataserver list, oxia admin dataserver get <name>.

Metrics Changes

• Removed the dynamic commit-offset label from oxia_dataserver_db_checksum and oxia_dataserver_wal_checksum.
• Checksum metrics are now labeled at shard level only to reduce high-cardinality series.

Operational Changes

• Docker release images now rebuild the runtime stage so Alpine package updates are included in published images.

Changes Since v0.16.2

• admin: add data server list/get APIs and CLI commands (#1036, #1043, #1044, #1045)
• dataserver: validate public RPC authority against shard assignments (#1038)
• cluster: allow extra authorities from cluster config (#1040)
• metrics: remove commit-offset label from checksum metrics (#1039)
• docker: rebuild runtime stage on every build (#1046)

Full Changelog: v0.16.2...v0.16.3