-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.18
-
Quality / Stability / Reliability
-
False
-
-
None
-
Critical
-
None
-
None
-
Rejected
-
NI&D Sprint 270, NI&D Sprint 271, NI&D Sprint 272, NI&D Sprint 273, NI&D Sprint 274, NI&D Sprint 275, NI&D Sprint 276, NI&D Sprint 277, NI&D Sprint 278
-
9
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
Currently, the ingress clusteroperator does not validate that an ingresscontroller's `.spec.domain` field is configured properly, which can result in the router pods entering a CrashLoopBackOff state immediately upon creation.
For example, prepending an otherwise valid domain with `*.<domain>` will be accepted by the apiserver, but result in pods that will fail immediately with the following error:
error: invalid canonical hostname: router-<IC name>.*.<domain>
Rather than allow the ingresscontroller to be created and it's resulting pods fail, the ingress clusteroperator should reject ICs with invalid domains outright.
Version-Release number of selected component (if applicable):
4.18.7
How reproducible:
Always
Steps to Reproduce:
1. Create a custom ingresscontroller with an invalid .spec.domain. For example, set .spec.domain to '*.myexampledomain.com'
2. The apiserver and ingress CO will accept the incorrectly configured IC, and create router pods
3. The router pods will immediately fail with an `invalid canonical hostname` message
Actual results:
Ingresscontroller can be created with an invalid domain
Expected results:
An incorrectly configured ingresscontroller is rejected by the apiserver and/or ingress clusteroperator
Additional info:
- is related to
-
-
- New
-
- links to
