Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,538 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

764 Commits

Author SHA1 Message Date
Siyuan Zhang
b8d5e79fc1 [3.5] backport health check e2e tests. 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-12-07 09:51:39 -08:00
Marek Siarkowicz
3b252db4f6 version: bump up to 3.5.11 2023-12-07 11:29:12 +01:00
Marek Siarkowicz
6f125ce33b
Merge pull request #17039 from siyuanfoundation/release-3.5-step2 
[3.5] Backport livez/readyz
 2023-12-07 09:53:18 +01:00
Siyuan Zhang
ebb7e796c3 etcdserver: add linearizable_read check to readyz. 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-12-06 11:12:14 -08:00
Ivan Valdes
98aa466905
server: disable redirects in peer communication 
Disable following redirects from peer HTTP communication on the client's side.
Etcd server may run into SSRF (Server-side request forgery) when adding a new
member. If users provide a malicious peer URL, the existing etcd members may be
redirected to another unexpected internal URL when getting the new member's
version.

Signed-off-by: Ivan Valdes <ivan@vald.es>
 2023-12-05 10:59:25 -08:00
Marek Siarkowicz
ce4ae2beb6
Merge pull request #17024 from jmhbnz/backport-ssrf-fix 
[3.5] Backport disable following redirects when checking peer urls
 2023-11-28 21:22:32 +01:00
Siyuan Zhang
293fc21cd8 etcdserver: add metric counters for livez/readyz health checks. 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-11-27 12:52:15 -08:00
Siyuan Zhang
f5d7f997d6 etcdserver: add livez and ready http endpoints for etcd. 
Add two separate probes, one for liveness and one for readiness. The liveness probe would check that the local individual node is up and running, or else restart the node, while the readiness probe would check that the cluster is ready to serve traffic. This would make etcd health-check fully Kubernetes API complient.

Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-11-27 12:52:15 -08:00
Chao Chen
2b54660a04 http health check bug fixes 
Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-11-27 12:52:15 -08:00
Marek Siarkowicz
d4e86108e3
Merge pull request #17000 from siyuanfoundation/livez-bp-3.5-step1 
[3.5] Backport healthcheck code cleanup
 2023-11-27 19:59:40 +01:00
Marek Siarkowicz
46e394242f server: Split metrics and health code 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-11-27 09:31:00 -08:00
Marek Siarkowicz
8ab1c0f25b server: Cover V3 health with tests 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-11-27 09:31:00 -08:00
Marek Siarkowicz
9db8ddbb8c server: Refactor health checks 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-11-27 09:31:00 -08:00
Marek Siarkowicz
eed94f6f94 server: Run health check tests in subtests 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-11-27 09:31:00 -08:00
Marek Siarkowicz
2f6c84e91d server: Rename test case expect fields 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-11-27 09:31:00 -08:00
Marek Siarkowicz
c6784a7e82 server: Use named struct initialization in healthcheck test 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2023-11-27 09:31:00 -08:00
James Blair
9e21048c4b
Backport server: Don't follow redirects when checking peer urls. 
It's possible that etcd server may run into SSRF situation when adding a new member. If users provide a malicious peer URL, the existing etcd members may be redirected to other unexpected internal URL when getting the new member's version.

Signed-off-by: James Blair <mail@jamesblair.net>
 2023-11-27 21:48:50 +13:00
James Blair
5a564d56d7
Backport server: Have tracingExporter own resources it initialises. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-11-26 10:22:10 +13:00
James Blair
3a54851f48
Backport server: Add sampling rate to distributed tracing. 
ExperimentalDistributedTracingSamplingRatePerMillion is the
number of samples to collect per million spans.
Defaults to 0.

Signed-off-by: James Blair <mail@jamesblair.net>
 2023-11-26 10:22:10 +13:00
sharath sivakumar
f26074ae56 CVE-2023-47108: Backport go.opentelemetry.io/otel@v1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 
Signed-off-by: sharath sivakumar <sharath.sivakumar@mollie.com>
 2023-11-15 14:09:07 +01:00
Marek Siarkowicz
0223ca52b8 version: bump up to 3.5.10 2023-10-27 12:33:25 +02:00
Benjamin Wang
88beb6ca47 bump bbolt to 1.3.8 for etcd 3.5 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-10-26 16:32:07 +01:00
Benjamin Wang
3521aaad9a
Merge pull request #16790 from chaochn47/3.5-grpc-update 
[3.5] Upgrade gRPC-go to 1.58.3
 2023-10-19 10:21:36 +01:00
Marek Siarkowicz
31b7c58fd5
Merge pull request #16637 from serathius/check-cluster-id-release-3.5 
[release-3.5] etcdserver: add cluster id check for hashKVHandler
 2023-10-17 20:58:21 +02:00
Chao Chen
1aa4aa8a96 3.5: upgrade gRPC-go to 1.58.3 
The last step with gRPC update behavior changes auditing to resolve CVE #16740 in 3.5

This PR backports #14922, #16338, #16587, #16630, #16636 and #16739 to release-3.5.

Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-17 11:07:08 -07:00
caojiamingalan
04cfb4c660 etcdserver: add cluster id check for hashKVHandler 
Signed-off-by: caojiamingalan <alan.c.19971111@gmail.com>
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-10-17 13:27:47 +02:00
Chao Chen
6f4fa5a27a [release-3.5]: upgrade gRPC-go to v1.52.0 
backport https://github.com/etcd-io/etcd/pull/14834 and https://github.com/etcd-io/etcd/pull/16324

Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-16 21:43:00 -07:00
Chao Chen
db16069588 backport #14125 to release-3.5: Update to grpc-1.47 (and fix the connection-string format) 
Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-12 09:46:49 -07:00
Marek Siarkowicz
404eeaa74e Return to default write scheduler since golang.org/x/net@v0.11.0 started using round robin 
Introduction of round robin 120fc906b3
Added in v0.10.0 https://github.com/golang/net/compare/v0.10.0...v0.11.0

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-10-12 15:19:17 +02:00
Allen Ray
24ee8e491f bump golang.org/x/net to 0.17.0 
Part of https://github.com/etcd-io/etcd/issues/16740

Signed-off-by: Allen Ray <alray@redhat.com>
 2023-10-11 10:43:51 -04:00
James Blair
164175dfe3
Backport adding unit test for socket options. 
Co-authored-by: Shawn Gerrard <shawn.gerrard@gmail.com>
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-08-18 19:14:57 +12:00
James Blair
2a7bffc63e
Backport export reuse-port and reuse-address 
so that they cabn be configured via config file.

Co-authored-by: Shawn Gerrard <shawn.gerrard@gmail.com>
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-08-18 12:05:19 +12:00
James Blair
f62a894ae7
Fix goword failure in rafthttp/transport.go. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-08-11 21:47:30 +12:00
James Blair
9c7c8c6b3f
Backport update to golang 1.20 minor release. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-08-11 21:16:01 +12:00
caojiamingalan
eb9bfaa983 Follow up https://github.com/etcd-io/etcd/pull/16068#discussion_r1263667496 
Add a UnsafeReadScheduledCompact and UnsafeReadFinishedCompact

Signed-off-by: caojiamingalan <alan.c.19971111@gmail.com>
 2023-07-18 10:54:16 -05:00
caojiamingalan
6ac9d94d67 etcdserver: backport check scheduledCompactKeyName and finishedCompactKeyName before writing hash to release-3.5. 
Fix #15919.
Check ScheduledCompactKeyName and FinishedCompactKeyName
before writing hash to hashstore.
If they do not match, then it means this compaction has once been interrupted and its hash value is invalid. In such cases, we won't write the hash values to the hashstore, and avoids the incorrect corruption alarm.

Signed-off-by: caojiamingalan <alan.c.19971111@gmail.com>
 2023-07-14 19:22:38 -05:00
Lan Liang
960cd26bef Backport #13577 
Disable auth gracefully without impacting existing watchers.

Signed-off-by: Lan Liang <gcslyp@gmail.com>
 2023-07-14 12:50:21 +08:00
Thomas Jungblut
4425ef572e Adding optional revision bump and mark compacted to snapshot restore 
Signed-off-by: Allen Ray <alray@redhat.com>
Signed-off-by: Thomas Jungblut <tjungblu@redhat.com>
 2023-07-03 12:57:12 +02:00
Benjamin Wang
f565a94844
Merge pull request #16019 from tjungblu/putauthshort_3.5 
[3.5] Early exit auth check on lease puts
 2023-06-21 11:04:51 +01:00
Benjamin Wang
306c60a083
Merge pull request #16048 from kkkkun/cp-14457-to-3.5 
[3.5] etcdserver: fix corruption check when server has just been compacted
 2023-06-19 09:33:57 +01:00
Thomas Jungblut
423f951409 Add first unit test for authApplierV3 
This contains a slight refactoring to expose enough information
to write meaningful tests for auth applier v3.

Signed-off-by: Thomas Jungblut <tjungblu@redhat.com>
 2023-06-16 09:42:09 +02:00
Thomas Jungblut
b2fb75d147 Early exit auth check on lease puts 
Mitigates etcd-io#15993 by not checking each key individually for permission
when auth is entirely disabled or admin user is calling the method.

Signed-off-by: Thomas Jungblut <tjungblu@redhat.com>
 2023-06-16 09:14:41 +02:00
kkkkun
8cffdbafba etcdserver: fix corruption check when server has just been compacted 
Signed-off-by: kkkkun <scuzk373x@gmail.com>
 2023-06-11 22:27:02 +08:00
scuzk373x@gmai.com
d3d530c562 add compact hash check to help 
Signed-off-by: scuzk373x@gmai.com <zhuanwajiang@pinduoduo.com>
 2023-06-08 14:26:11 +08:00
yellowzf
ecfed91e50 grpcproxy: fix memberlist results not update when proxy node down 
If start grpc proxy with --resolver-prefix, memberlist will return all alive proxy nodes, when one grpc proxy node is down, it is expected to not return the down node, but it is still return

Signed-off-by: yellowzf <zzhf3311@163.com>
 2023-05-16 11:35:31 +08:00
Marek Siarkowicz
bdbbde998b version: bump up to 3.5.9 2023-05-11 13:39:43 +02:00
Hitoshi Mitake
d1b1aa9dbe etcdserver: protect lease timetilive with auth 
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
 2023-05-08 22:45:38 +09:00
sharathsivakumar
c0f2954e9f
server: backport 15743, improved description of --initial-cluster-state flag 
Signed-off-by: sharathsivakumar <mailssr9@gmail.com>
 2023-04-25 08:02:39 +02:00
Marek Siarkowicz
217d183e5a version: bump up to 3.5.8 2023-04-13 12:08:47 +02:00
Marek Siarkowicz
9d2cda4e44
Merge pull request #15676 from ahrtr/jwt_panic_3.5_20230410 
[3.5] etcdserver: verify field 'username' and 'revision' present when decoding a JWT token
 2023-04-11 12:21:50 +02:00