-
Bug
-
Resolution: Done-Errata
-
Normal
-
4.14
-
None
Description of problem:
When configuring an adminpolicybasedexternalroutes policy, if we use capital letters in the policy name, a validation test fails, blocks policy creation great: The AdminPolicyBasedExternalRoute "invalidIP" is invalid: metadata.name: Invalid value: "invalidIP": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*') If we forget to populate next-hope section again a validation test fails, policy isn't created again great: $ oc apply -f 4.create.abp_static_NoHope.yaml The AdminPolicyBasedExternalRoute "invalid-no-nexthope-policy" is invalid: spec.nextHops: Required value But if we set an invalid IP address on next-hope, no validations checks the proposed IPv4/v6 address(es), confirming valid IP addresses is IMHO some worth adding, for the rare typos that might slip unnoticed.
Version-Release number of selected component (if applicable):
4.14.0-0.nightly-2023-10-04-143709
How reproducible:
Every time
Steps to Reproduce:
1. Deploy a cluster 2. Try to create a static policy with an invalid IP address, it should fail, yet it doesn't mention any error, proceding with policy creation with an invalid IP address, I tested it on IPv4 but the same thing could also happened on IPv6. $ cat 4.create.abp_static_invalidIP.yaml apiVersion: k8s.ovn.org/v1 kind: AdminPolicyBasedExternalRoute metadata: name: invalidip spec: ## gateway example from: namespaceSelector: matchLabels: kubernetes.io/metadata.name: bar nextHops: static: - ip: "1734.20.0.8" <----- Invalid IP :) $ oc apply -f 4.create.abp_static_invalidIP.yaml adminpolicybasedexternalroute.k8s.ovn.org/invalidip created And nooooo error message/no validations, this should fail here with a user error. [kni@provisionhost-0-0 ~]$ oc get adminpolicybasedexternalroutes.k8s.ovn.org NAME LAST UPDATE STATUS invalidip [kni@provisionhost-0-0 ~]$ oc describe adminpolicybasedexternalroutes.k8s.ovn.org invalidip Name: invalidip Namespace: Labels: <none> Annotations: <none> API Version: k8s.ovn.org/v1 Kind: AdminPolicyBasedExternalRoute Metadata: Creation Timestamp: 2023-10-31T08:50:58Z Generation: 1 Resource Version: 11128481 UID: 99af3e73-00dd-408b-8238-397cc9a795bc Spec: From: Namespace Selector: Match Labels: kubernetes.io/metadata.name: bar Next Hops: Static: Bfd Enabled: false Ip: 1734.20.0.8 Events: <none> We see above the invalid IP was consumed as-is, which is wrong the policy shouldn't have been applied to begin with.
Actual results:
A policy is created despite using an invalid IP address, see above.
Expected results:
Policy creation should fail, with a notification of invalid IP address, same as we get when we try an invalid policy name.
Additional info:
- clones
-
-
- Closed
-
- depends on
-
-
- Closed
-
- links to
-
RHBA-2024:0290
OpenShift Container Platform 4.14.z bug fix update