Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-20359

CoreDNS panics if an EndpointSlice object contains a port without a port number

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done-Errata
    • Critical
    • 4.11.z
    • 4.13, 4.12, 4.11, 4.14
    • Networking / DNS
    • None
    • Critical
    • No
    • Sprint 243, Sprint 244
    • 2
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, CoreDNS would crash if a user created an EndpointSlice port without a port number. This allowed a user with the necessary permissions to disrupt DNS functionality within a cluster. With this update, validation was added to CoreDNS so that it will no longer crash in this situation.
      Show
      Previously, CoreDNS would crash if a user created an EndpointSlice port without a port number. This allowed a user with the necessary permissions to disrupt DNS functionality within a cluster. With this update, validation was added to CoreDNS so that it will no longer crash in this situation.

    Description

      This is a clone of issue OCPBUGS-19805. The following is the description of the original issue:

      Description of problem:

      While reviewing PRs in CoreDNS 1.11.0, we stumbled upon https://github.com/coredns/coredns/pull/6179, which describes an CoreDNS crash in the kubernetes plugin if you create an EndpointSlice object contains a port without a port number.

I reproduced this myself and was able to successfully bring down all of CoreDNS so that the cluster was put into a degraded state.

We've bumped to CoreDNS 1.11.1 in 4.15, so this is concern for < 4.15.

      Version-Release number of selected component (if applicable):

      Less than or equal to 4.14

      How reproducible:

      100%

      Steps to Reproduce:

      1. Create an endpointslice with a port with no port number:

apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
  name: example-abc
addressType: IPv4
ports:
  - name: ""

2.Shortly after creating this object, all DNS pods continuously crash:
oc get -n openshift-dns pods
NAME                  READY   STATUS             RESTARTS     AGE
dns-default-57lmh     1/2     CrashLoopBackOff   1 (3s ago)   79m
dns-default-h6cvm     1/2     CrashLoopBackOff   1 (4s ago)   79m
dns-default-mn7qd     1/2     CrashLoopBackOff   1 (3s ago)   79m
dns-default-mxq5g     1/2     CrashLoopBackOff   1 (3s ago)   79m
dns-default-wdrff     1/2     CrashLoopBackOff   1 (3s ago)   79m
dns-default-zs7cd     1/2     CrashLoopBackOff   1 (3s ago)   79m

      Actual results:

      DNS Pods crash

      Expected results:

      DNS Pods should NOT crash

      Additional info:

       

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-19805 CoreDNS panics if an EndpointSlice object contains a port without a port number

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-20144 CoreDNS panics if an EndpointSlice object contains a port without a port number

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          GitHub openshift/coredns#99: [release-4.11] OCPBUGS-20359: UPSTREAM: <carry>: openshift: Fix OCPBUGS-20359

          Web Link RHSA-2023:6272 OpenShift Container Platform 4.11.z security update

          Activity

            People

              gspence@redhat.com Grant Spence
              openshift-crt-jira-prow OpenShift Prow Bot
              Melvin Joseph Melvin Joseph
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: