Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate IOP fields for DNS1123 compliance #36792

Open
1 of 10 tasks
nmnellis opened this issue Jan 11, 2022 · 3 comments
Open
1 of 10 tasks

Validate IOP fields for DNS1123 compliance #36792

nmnellis opened this issue Jan 11, 2022 · 3 comments
Assignees
@hanxiaop
Labels
area/environments lifecycle/staleproof Indicates a PR or issue has been deemed to be immune from becoming stale and/or automatically closed

Comments

@nmnellis
Copy link
Contributor

nmnellis commented Jan 11, 2022
edited
Loading

Bug Description

Istio can get into a bad state and often default back to default values if any DNS1123 fields are set incorrectly. For example if trustDomain is not DNS1123 complaint istio fails to parse the rest of the spec and defaults the trustDomain back to cluster.local. The current set of errors is hard to decipher the root cause of the issue.

Based on the code, we believe that these fields are all required to be compliant if set.

  • revision
  • cluster name (name field for istioctl x create-remote-secret)
  • port names (defined in various resources)
  • global.meshConfig.trustDomain
  • gateway name
  • namespace
  • name (general application)
  • subset
  • values.global.meshNetworks[network].endpoints[].fromRegistry
  • service name

Version

Istio 1.12.1

Additional Information

No response
@hanxiaop
Copy link
Member

@nmnellis I think it might be helpful if you could update the description to the task list format to track which has already been checked.

@nmnellis
Copy link
Contributor Author

@nmnellis I think it might be helpful if you could update the description to the task list format to track which has already been checked.

updated, i think revision is the only one currently validated for DNS1123

@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Apr 20, 2022
@istio-policy-bot istio-policy-bot added the lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. label May 5, 2022
@hanxiaop hanxiaop reopened this May 5, 2022
@istio-policy-bot istio-policy-bot removed the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label May 5, 2022
@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Aug 3, 2022
@hanxiaop hanxiaop reopened this Aug 18, 2022
@istio-policy-bot istio-policy-bot removed the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Aug 18, 2022
@zirain zirain added lifecycle/staleproof Indicates a PR or issue has been deemed to be immune from becoming stale and/or automatically closed and removed lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. labels Aug 25, 2022
@hanxiaop hanxiaop self-assigned this Apr 23, 2023
@hanxiaop hanxiaop mentioned this issue Apr 23, 2023
Closed
@hanxiaop
Copy link
Member

Things in meshConfig has already been validated.

I have created a PR to validate the remaining fields. However, I am not certain about what 'subset' means here. I think you mean the subset in DestinationRule, not the IOP resource?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hanxiaop hanxiaop

Labels
area/environments lifecycle/staleproof Indicates a PR or issue has been deemed to be immune from becoming stale and/or automatically closed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add dns1123 validation to iop resource hanxiaop/istio
4 participants
@zirain @hanxiaop @nmnellis @istio-policy-bot