New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-24931: Rebase etcd 3.5.11 openshift 4.16 #237
OCPBUGS-24931: Rebase etcd 3.5.11 openshift 4.16 #237
Conversation
To keep etcd projects up to date with the latest patch releases & incorporate the latest security updates. Signed-off-by: arjunmalhotra1 <am2cj@virginia.edu>
[3.5] etcd: upgrade go version from 1.20.10 to 1.20.11
Use a template to consolidate arm64 and amd64 test workflows. Enable running armd64 tests on every push and pull request. Signed-off-by: Ivan Valdes <ivan@vald.es>
…telemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 Signed-off-by: sharath sivakumar <sharath.sivakumar@mollie.com>
…apis/api,google.golang.org/grpc to make it consistent Signed-off-by: sharath sivakumar <sharath.sivakumar@mollie.com>
[3.5] CVE-2023-47108: Backport go.opentelemetry.io/otel@v1.20.0 and go.open…
…every-push-and-pr-in-release-3.5 github workflow: run arm64 tests on every push
ExperimentalDistributedTracingSamplingRatePerMillion is the number of samples to collect per million spans. Defaults to 0. Signed-off-by: James Blair <mail@jamesblair.net>
Signed-off-by: James Blair <mail@jamesblair.net>
Signed-off-by: James Blair <mail@jamesblair.net>
[3.5] Backport add sampling rate to fix distributed tracing
It's possible that etcd server may run into SSRF situation when adding a new member. If users provide a malicious peer URL, the existing etcd members may be redirected to other unexpected internal URL when getting the new member's version. Signed-off-by: James Blair <mail@jamesblair.net>
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Signed-off-by: Siyuan Zhang <sizhang@google.com>
…tep1 [3.5] Backport healthcheck code cleanup
Signed-off-by: Chao Chen <chaochn@amazon.com>
Add two separate probes, one for liveness and one for readiness. The liveness probe would check that the local individual node is up and running, or else restart the node, while the readiness probe would check that the cluster is ready to serve traffic. This would make etcd health-check fully Kubernetes API complient. Signed-off-by: Siyuan Zhang <sizhang@google.com>
Signed-off-by: Siyuan Zhang <sizhang@google.com>
[3.5] Backport disable following redirects when checking peer urls
Disable following redirects from peer HTTP communication on the client's side. Etcd server may run into SSRF (Server-side request forgery) when adding a new member. If users provide a malicious peer URL, the existing etcd members may be redirected to another unexpected internal URL when getting the new member's version. Signed-off-by: Ivan Valdes <ivan@vald.es>
Backport disable redirects in peer communication to release-3.5
Signed-off-by: Jonas Riedel <jonasriedel@pm.me>
Signed-off-by: Siyuan Zhang <sizhang@google.com>
…go-1.20.12 [3.5] Update go version to 1.20.12
[3.5] Backport livez/readyz
…penshift-4.15-ose-etcd OCPBUGS-19279: Updating ose-etcd images to be consistent with ART
@Elbehery: This pull request references Jira Issue OCPBUGS-24931, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/payload 4.16 nightly informing |
/payload 4.16 nightly blocking |
@Elbehery: trigger 8 job(s) of type blocking for the nightly release of OCP 4.16
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/4ab4dd40-ab29-11ee-8fec-9806b15b6964-0 |
@Elbehery: trigger 66 job(s) of type informing for the nightly release of OCP 4.16
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/45f55960-ab29-11ee-94e2-f5154884c27b-0 |
/remove-label jira/invalid-bug This is the first patch bump in a row, so there's no bug to rely on. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Elbehery, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
66af0e5
into
openshift:openshift-4.16
@Elbehery: Jira Issue OCPBUGS-24931: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-24931 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
[ART PR BUILD NOTIFIER] This PR has been included in build ose-etcd-container-v4.16.0-202401051633.p0.g66af0e5.assembly.stream for distgit ose-etcd. |
This PR rebases etcd 3.5.11 into openshift-4.16.
This PR has been created by this workflow
git rebase --rebase-merges --fork-point v3.5.10 v3.5.11
( rebasing the changes from upstream 3.5.10 --> 3.5.11 )git cherry-pick -m 1 c89a29056e881a1862dda376fc3ba5002121f289
to cherrypick the downstream changes (commit)git cherry-pick -m 1 969d7af
to cherrypick ART changes (commit)After rebasing, running
make
locally producecc @hasbro17 @dusk125 @tjungblu @soltysh @deads2k