rancher: [BUG] - Provisioning allows clusters to include names with dot "." when all is lowercase this breaks fleet agent
Rancher Server Setup
- Rancher version:
v2.6.9-rc3
- Installation option: Helm Chart
- If Helm Chart, Kubernetes Cluster and version:
RKE1 HA
- If Helm Chart, Kubernetes Cluster and version:
- Proxy/Cert Details: valid certificates
Information about the Cluster
- Kubernetes version:
N/A
- Cluster Type: Cluster provisioning v2 and imported clusters
User Information
- What is the role of the user logged in? This was done as Admin but applies to users with provisioning rights.
Describe the bug
When provisioning clusters the UI permits the use of dots and dashes This makes fleet not to deploy in the provisioned downstream cluster
To Reproduce
- Go to provisioning to any cluster type and create the cluster with dot in the name all lowercase
- The clusters will be provisioned successfully
Result
- The provisioned cluster doesn’t have the fleet agent and fleet components deployed.
Additional Information
Related issue: https://github.com/rancher/fleet/issues/739 Analysis:
If I use the name Test.1 I get the following error: Cluster.provisioning.cattle.io “Test.1” is invalid: metadata.name: Invalid value: “Test.1”: a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, ‘-’ or ‘.’, and must start and end with an alphanumeric character (e.g. ‘example.com’, regex used for validation is
'[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
) but this does not happen with test.1.
The verification seems to happen in the Rancher [UI] because they explicitly allow dots, which Fleet does not Pattern: “^[-a-z0-9]*$” (SURE-5467)
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 15 (14 by maintainers)
I have confirmed that this issue does in fact reproduce on
v2.6.9 (final release)
,v2.7-head
, andv2.7.0-rc8
. The warning message is not generated, the cluster goes intoActive
state, and there are no fleet-related workload items at all in the clusters.In addition, I verified that the following errors were observed in the Rancher logs for one of the clusters:
Rancher_error_logs_39248.txt
During testing on
v2.7-head
(Commit ID: e54432e) with rancher-webhookv0.3.2-rc9
, I was able to verify that a user is no longer able to provision a cluster with a “.” period character in the name, and they are instead provisioned a warning message in the UI that explains what information is allowed as a valid Cluster Name. Based on this as well as all previous testing done for this ticket, I am closing this ticket as Done.can be validated in the latest v2.7-head with webhook version v0.3.2-rc9
This issue can be validated in the lastest v2.7-head.
@jameson-mcghee There are multiple ways you could create the object, for example you can create it using
kubectl
with the invalid name format, circumventing both the UI and Rancher API. By adding it to the webhook we catch the issue regardless of how the resource is being created@jameson-mcghee the webhook version has not yet been bumped so this fix will not yet be present, apologies if I’ve moved it into to-test early