Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Perform full validation of IngressRoute resources to protect from missing CRD validation #513

Closed
alexbrand opened this issue Jul 5, 2018 · 3 comments
Closed

Perform full validation of IngressRoute resources to protect from missing CRD validation #513

alexbrand opened this issue Jul 5, 2018 · 3 comments
Labels
priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
1.0.0-rc.2

Comments

@alexbrand
Copy link
Contributor

We rely on the API server to perform validation of IngressRoute resources via the CRD validation implemented in #441

This validation is encoded in the CRD's deployment manifest, but it is possible for a user to deploy the CRD without it.
@alexbrand alexbrand added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Jul 5, 2018
@alexbrand alexbrand mentioned this issue Jul 5, 2018
Closed
9 tasks
@rosskukulinski rosskukulinski added this to the 0.7.0 milestone Jul 6, 2018
@davecheney davecheney modified the milestones: 0.7.0, 0.9.0 Oct 25, 2018
@davecheney davecheney modified the milestones: 0.9.0, 0.10.0 Jan 23, 2019
@davecheney davecheney modified the milestones: 0.10.0, 0.11.0 Feb 6, 2019
@davecheney davecheney modified the milestones: 0.11.0, 0.12.0 Apr 8, 2019
@timh timh removed this from the 0.12.0 milestone Apr 10, 2019
@davecheney davecheney added this to the 0.15.0 milestone Jun 18, 2019
@stevesloka
Copy link
Member

Would this need to be implemented as an admission controller or are you thinking that we perform the validation when Contour sees the object change and update the status then?

@davecheney davecheney modified the milestones: 0.15.0, 1.0.0-beta.1 Aug 23, 2019
davecheney added a commit to davecheney/contour that referenced this issue Aug 30, 2019
@davecheney
internal/dag: add logger to KubernetesCache
d1bdd2e 
Updates projectcontour#513

Add a logger to the KubernetesCache. This is useful at the moment to
spot failures to promulgate the projectcontour.HTTPLoadbalancer objects
through Contour.

This will also be useful to log cert validation failures, see projectcontour#513.

Signed-off-by: Dave Cheney <[email protected]>
davecheney added a commit to davecheney/contour that referenced this issue Aug 30, 2019
@davecheney
internal/dag: add logger to KubernetesCache
124b0c0 
Updates projectcontour#513

Add a logger to the KubernetesCache. This is useful at the moment to
spot failures to promulgate the projectcontour.HTTPLoadbalancer objects
through Contour.

This will also be useful to log cert validation failures, see projectcontour#513.

Signed-off-by: Dave Cheney <[email protected]>
@davecheney davecheney mentioned this issue Aug 30, 2019
Merged
davecheney added a commit to davecheney/contour that referenced this issue Aug 30, 2019
@davecheney
internal/dag: add logger to KubernetesCache
9ce7f4a 
Updates projectcontour#513

Add a logger to the KubernetesCache. This is useful at the moment to
spot failures to promulgate the projectcontour.HTTPLoadbalancer objects
through Contour.

This will also be useful to log cert validation failures, see projectcontour#513.

Signed-off-by: Dave Cheney <[email protected]>
davecheney added a commit that referenced this issue Aug 30, 2019
@davecheney
internal/dag: add logger to KubernetesCache
95233cb 
Updates #513

Add a logger to the KubernetesCache. This is useful at the moment to
spot failures to promulgate the projectcontour.HTTPLoadbalancer objects
through Contour.

This will also be useful to log cert validation failures, see #513.

Signed-off-by: Dave Cheney <[email protected]>
@davecheney davecheney modified the milestones: 1.0.0-beta.1, Backlog Sep 17, 2019
davecheney added a commit to davecheney/contour that referenced this issue Oct 3, 2019
@davecheney
internal/dag: add logger to KubernetesCache
2ba50a2 
Updates projectcontour#513

Add a logger to the KubernetesCache. This is useful at the moment to
spot failures to promulgate the projectcontour.HTTPLoadbalancer objects
through Contour.

This will also be useful to log cert validation failures, see projectcontour#513.

Signed-off-by: Dave Cheney <[email protected]>
@davecheney davecheney mentioned this issue Oct 3, 2019
Merged
davecheney added a commit that referenced this issue Oct 3, 2019
@davecheney
internal/dag: add logger to KubernetesCache
7669d48 
Updates #513

Add a logger to the KubernetesCache. This is useful at the moment to
spot failures to promulgate the projectcontour.HTTPLoadbalancer objects
through Contour.

This will also be useful to log cert validation failures, see #513.

Signed-off-by: Dave Cheney <[email protected]>
@sudeeptoroy
Copy link
Contributor

A wrong ingressroute or httpproxy configuration can pause further processing of ingressroute/httpproxy by contour controller.

Example:

---
apiVersion: contour.heptio.com/v1beta1
kind: IngressRoute
metadata: 
  name: health-check-boom
  namespace: default
spec: 
- routes: 					# wrongly configured routes
    - match: /
      services: 
        - name: s1-health
          port: 80
  virtualhost:
    fqdn: health.bar.com

Once you apply this config you would see contour logging error (reflector.go: 98).
no more ingressroutes will be processed.

recently the entire validation is removed from crd. A min validation is needed.

  validation:
    openAPIV3Schema:
      type: object
      properties:
        spec:
          type: object

please prioritise this issue

@davecheney
Copy link
Contributor

@sudeeptoroy I'm sorry you got bitten by this. The good news is this is fixed in #1731 which will be available in Contour 1.0.0-rc.2 at the end of the week. I'm going to mark this issue as closed as I didn't realise this old issue was a duplicate.

@davecheney davecheney removed this from the Backlog milestone Oct 22, 2019
@davecheney davecheney added this to the 1.0.0-rc.2 milestone Oct 22, 2019
sunjayBhatia pushed a commit that referenced this issue Jan 30, 2023
@skriss
update to Kubernetes 1.24 (#513)
d1ad923 
Signed-off-by: Steve Kriss <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
1.0.0-rc.2
Development

No branches or pull requests
6 participants
@davecheney @timh @alexbrand @stevesloka @rosskukulinski @sudeeptoroy