*: make "initial-corrupt-check", "corrupt-check-time" stable

[gyuho]

@jpbetz @spzala

[xiang90]

lgtm

[jpbetz]

lgtm

Thanks for enabling for the functional tester as well.

[codecov-io]

Codecov Report

Merging #10934 into master will increase coverage by 0.83%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master   #10934      +/-   ##
==========================================
+ Coverage   63.34%   64.17%   +0.83%     
==========================================
  Files         400      400              
  Lines       37689    37690       +1     
==========================================
+ Hits        23873    24189     +316     
+ Misses      12217    11884     -333     
- Partials     1599     1617      +18

Impacted Files	Coverage Δ
embed/config.go	50.84% <100%> (+0.13%)	⬆️
etcdmain/config.go	82.88% <100%> (ø)	⬆️
embed/etcd.go	67.71% <100%> (ø)	⬆️
pkg/transport/timeout_conn.go	60% <0%> (-20%)	⬇️
proxy/grpcproxy/register.go	69.44% <0%> (-13.89%)	⬇️
auth/store.go	57.47% <0%> (-11.12%)	⬇️
pkg/transport/listener.go	49.54% <0%> (-3.64%)	⬇️
etcdserver/api/rafthttp/peer.go	77.65% <0%> (-1.12%)	⬇️
embed/serve.go	36.48% <0%> (-0.91%)	⬇️
etcdserver/server.go	67.95% <0%> (-0.34%)	⬇️
... and 28 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 84a3804...7b90a7a. Read the comment docs.

[jingyih]

Does this feature work if TLS is enabled among peers [1]? If not, we probably want to fix it before promoting the flag?

[1]

etcd/etcdserver/corrupt.go

Line 311 in 388d15f

func (s *EtcdServer) getPeerHashKVs(rev int64) (resps []*peerHashKVResp) {

[gyuho]

@jingyih Good point. We need fix that.

[jingyih]

@jingyih Good point. We need fix that.

I am looking at how to fix it. Fundamentally, the server does not have the cert files of the client side, which means we cannot create a clientv3 on server side and reach out to another server. Instead, we need to get peer hash from the peer http [1]?

@gyuho, could you comment?

[1] https://github.com/etcd-io/etcd/blob/master/etcdserver/api/etcdhttp/peer.go

[jingyih]

@gyuho Never mind. I think I misunderstood some concepts.

[jpbetz]

At some point, maybe as a future task, we should clean up the peer communication infrastructure. It should be possible to introduce a new request type without having to sort out TLS each time..

[gyuho]

As @jpbetz mentioned, there's no easy way to configure client cert from a remote peer, when peer-to-peer is TLS-enabled. Please let me know if anyone has a better idea. Let's move this to etcd v4.

[jingyih]

@gyuho
I just merged #11621. Let's reopen this PR and make the flags stable.