Bug 1337322 - Generated route host DNS segment should not exceed 63 characters
Summary: Generated route host DNS segment should not exceed 63 characters
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Ram Ranganathan
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-18 19:54 UTC by Matt Woodson
Modified: 2022-08-04 22:20 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: We were not validating that the generated host names for routes were lower than the DNS max lengths. Consequence: We were generating names (based on the user-provided template) that would not be usable in DNS. Fix: Add more stringent validation of the generated names. Result: We catch the error for the user when the route is processed by the router and provide a clear error about why the route won't work.
Clone Of:
Environment:
Last Closed: 2017-01-18 12:40:57 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 10434 0 None None None 2016-10-28 17:33:18 UTC
Red Hat Product Errata RHBA-2017:0066 0 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.4 RPM Release Advisory 2017-01-18 17:23:26 UTC

Description Matt Woodson 2016-05-18 19:54:21 UTC 
Description of problem:

This isn't a high priority problem, but we ran into it today and it's causing issues for us.

According to the RFC found here:

https://www.ietf.org/rfc/rfc1035.txt

a DNS "label" (I think I'm naming this correctly) can only have 63 characters in it.  IF it has more, DNS fails.  I believe the Openshift shouldn't allow users to have labels that are longer than 63 characters.  Here is further explanation.

If my dns name is:

<label1>.<label2>.<label3>

example:

foo.example.com

Each "label" can only have 63 chars.  More than that, dns fails to resolve.

In our case, we have this:

project name: ops-monitor-appbuildxxxxxx-xxxx-xxxx-xxxx-xxxxx
pod name in project:  nodejs-example

The output of "oc get route nodejs-example" -n ops-monitor-appbuildxxxxxx-xxxx-xxxx-xxxx-xxxxx" shows:

..<snip>..
spec:
    host: nodejs-example-ops-monitor-appbuildxxxxxx-xxxx-xxxx-xxxx-xxxxx.yyyy.zzzz.tttttt.com
..<snip>..

This host name is not valid and can not be resolved, so this is invalid.

Again, not a huge concern, but it is biting us.  This is a really long project name, so it's a unique situation, but we should be aware of it.

Version-Release number of selected component (if applicable):

atomic-openshift-3.1.1.6-6

How reproducible:

Very with long pod names and/or project names

Steps to Reproduce:
1.  create a really long project name
2.  create a really long pod name in the project created in #1
3.  try to resolve pod name

Actual results:

Dns will fail

Expected results:

Maybe Openshift shouldn't allow projects + pod to exceed 63 characters.
Comment 1 Ben Bennett 2016-08-08 17:28:46 UTC 
Ram: Not necessarily asking you to fix this, but I need design advice.  Is it reasonable for the router to screen the names and reject routes where the name is too long (with appropriate status in the label?)  Or is there a better approach?
Comment 2 Ram Ranganathan 2016-08-15 21:37:56 UTC 
@Ben: so we already have validation when a route host name is specified. 
https://github.com/openshift/origin/blob/master/pkg/route/api/validation/validation.go#L29

For generated names at runtime using the hostname template (which seems to be the case here that Matt listed), the approach you listed sounds good. 
I'll create a PR for this with a fix.
Comment 3 Ram Ranganathan 2016-08-16 18:05:50 UTC 
Associated PR: https://github.com/openshift/origin/pull/10434
Comment 4 zhaozhanqi 2016-11-01 02:24:35 UTC 
since this bug was reported on OCP, so mark this bug to 'MODIFIED' for now. please feel free change to 'ON_QA' once it is merged to OCP. thanks.
Comment 5 Troy Dawson 2016-11-02 17:56:49 UTC 
This has been merged into ose and is in OSE v3.4.0.19 or newer.
Comment 7 zhaozhanqi 2016-11-03 05:52:26 UTC 
Verified this bug on:
openshift v3.4.0.19+346a31d
kubernetes v1.4.0+776c994
etcd 3.1.0-rc.0

with haproxy images (v3.4.0.19           6e54d63e6bc9        13 hours ago        628.7 MB)

steps:

1. create one 63 chars route host. success 
2. Create one 64 chars route host. failed.
Comment 9 errata-xmlrpc 2017-01-18 12:40:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0066
Note You need to log in before you can comment on or make changes to this bug.