Verification steps, $ cat test-svc.yaml apiVersion: v1 kind: Service metadata: name: test namespace: default spec: clusterIP: 172.30.001.008 ports: - name: "80" port: 80 protocol: TCP targetPort: 80 selector: app: test type: ClusterIP $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.9.21 True False 11h Cluster version is 4.9.21 $ oc apply -f test-svc.yaml --loglevel=9 ... I0212 00:03:57.051554 52759 request.go:1181] Response Body: {"kind":"Service","apiVersion":"v1","metadata":{"name":"test","namespace":"default","uid":"8f22524b-f608-4cb6-a19e-30e9f24e4def","resourceVersion":"222390","creationTimestamp":"2022-02-11T16:03:56Z","annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{},\"name\":\"test\",\"namespace\":\"default\"},\"spec\":{\"clusterIP\":\"172.30.001.008\",\"ports\":[{\"name\":\"80\",\"port\":80,\"protocol\":\"TCP\",\"targetPort\":80}],\"selector\":{\"app\":\"test\"},\"type\":\"ClusterIP\"}}\n"},"managedFields":[{"manager":"kubectl-client-side-apply","operation":"Update","apiVersion":"v1","time":"2022-02-11T16:03:56Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}}},"f:spec":{"f:clusterIP":{},"f:internalTrafficPolicy":{},"f:ports":{".":{},"k:{\"port\":80,\"protocol\":\"TCP\"}":{".":{},"f:name":{},"f:port":{},"f:protocol":{},"f:targetPort":{}}},"f:selector":{},"f:sessionAffinity":{},"f:type":{}}}}]},"spec":{"ports":[{"name":"80","protocol":"TCP","port":80,"targetPort":80}],"selector":{"app":"test"},"clusterIP":"172.30.001.008","clusterIPs":["172.30.001.008"],"type":"ClusterIP","sessionAffinity":"None","ipFamilies":["IPv4"],"ipFamilyPolicy":"SingleStack","internalTrafficPolicy":"Cluster"},"status":{"loadBalancer":{}}} service/test created $ oc get service test -n default NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE test ClusterIP 172.30.001.008 <none> 80/TCP 37s Based on above, IPs with leading zeros still are valid in apiserver.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.22 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0561
reopening it, since I see the unit test failing: : Run test unit - container test expand_more 13m49s k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/validation: TestIsValidIP expand_less 0s {Failed === RUN TestIsValidIP validation_test.go:340: expected true for "1.1.1.01": [must be a valid IP address, (e.g. 10.9.8.7 or 2001:db8::ffff)] --- FAIL: TestIsValidIP (0.00s) } https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_kubernetes/1233/pull-ci-openshift-kubernetes-release-4.9-unit/1511357899316662272 It's blocking https://github.com/openshift/kubernetes/pull/1233. I do see the proper GOFLAGS in 4.9, and yet the unit test fails. https://github.com/openshift/kubernetes/blob/release-4.9/openshift-hack/images/hyperkube/Dockerfile.rhel#L4-L9 > RUN make GOFLAGS='-mod=vendor -p=4 -tags=unsupportedGolang116OnlyUseDeprecatedParseIPv4' \ > WHAT='cmd/kube-apiserver cmd/kube-controller-manager cmd/kube-scheduler cmd/kubelet cmd/watch-termination' && \
the unit test still fails, opened a new BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2073153