The CNCF etcd project reaches a significant milestone with completion of security audit

By Sahdev Zala, Senior Software Engineer and Open Source Developer, IBM

This week, a third-party security audit was published on etcd, the open source distributed key-value store that plays a crucial role in scaling Kubernetes in the cloud. For etcd, this audit was important in multiple ways. The audit validates the project’s maturity and sheds light on some areas where the project can improve. This sort of audit is required criteria for any project in the Cloud Native Computing Foundation (CNCF) to qualify for graduation from the CNCF.
Read the CNCF blog post that I co-authored to learn more about the audit and what it uncovered. As one of the project maintainers and one of two members of the etcd Project Security Committee, I’d love to share a few reasons I’m hopeful for etcd’s future and why now is a great time to contribute to etcd’s open source community.

Main takeaways and why the industry should care
My main takeaway from the audit, which was conducted by Trail of Bits, is that it provides some concrete areas the etcd team can improve and gives the team confidence that no critical security vulnerability was found in the etcd core. With the completion of the security audit and the resulting fixes to uncovered issues, the etcd project has achieved an important milestone. The next step is for the etcd project team to begin the application process for graduating from CNCF.
The technology industry should take notice, because etcd is one of the most popular open source distributed data stores and is being used across many projects and organizations. Known end users include users of Cloud Foundry, CoreDNS, Kubernetes, M3, OpenStack, and Rook.

How etcd helps advance the scalability of Kubernetes
etcd is a core Kubernetes component. It serves a critical role as the primary key-value store for creating a functioning, fault-tolerant Kubernetes cluster. etcd offers strong consistency guarantees and high availability, making it crucial for Kubernetes scaling.
The Kubernetes API server stores each cluster’s state data in etcd. Kubernetes uses etcd’s watch function to monitor this data and to reconfigure itself when changes occur to accomplish the desired cluster state.

How you can contribute to etcd
etcd is a friendly open source project and new contributors are always welcome. The etcd GitHub repository is the best place to get involved with the etcd project contributions. The How to Contribute doc provides more details and resources for new contributors to get involved with the project.
Right now there are two supported versions of etcd: v3.4 and v3.3. The next major planned version of etcd is v3.5, and you can see what new features and fixes are going into planned v3.5 in the GitHub repo. Contribute to advance the technology today!

IBM’s leadership role in etcd
IBM was an early contributor to the etcd project and has supported the project on an ongoing basis. IBMers continue to contribute within the open source community, which was brought on board by the CNCF.