-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix ipallowlist
parser not handling validation
type errors
#11968
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: joey <zchengjoey@gmail.com>
This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Hi @chengjoey. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: chengjoey The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
✅ Deploy Preview for kubernetes-ingress-nginx canceled.
|
@chengjoey thanks for the contribution. Can you kindly help and copy/paste visual data like ;
|
kubectl describe ing httpd
curl localhost -H "Host: httpd.local"
kubectl -n ingress-nginx exec $podName -- cat /etc/nginx/nginx.conf | egrep -i "allow|deny"
@longwuyuan , could you please tell me why need do this, If this is necessary work, I think it should be added to GitHub CI |
@chengjoey sorry for the confusion.
|
I can/could clone your branch and check but I am hoping to get it visually explained here for all so that it adds value on the lines of why did this slip through and yet stop any real-damage by not getting inserted into nginx.conf. Is it possible that Nginx reconcile stopped the damage but admissionController needs a n rule or improvement. |
k create ing httpd --class nginx --rule httpd.local/"*"=httpd:80 --annotation nginx.ingress.kubernetes.io/whitelist-source-range='1.1.1.1 2.2.2.2'
|
@longwuyuan , This result should meet expectations? because we hope that adminssion-webhook can verify and return errors when creating ingress |
There no fix in here? this justs a test? The issue in #11967 is caught by the admission controller? |
@strongjz , the invalid source range has been caughted by the admission controller after this pr fix |
What this PR does / why we need it:
fix
ipallowlist
parser not handlingvalidation
type errorsTypes of changes
Which issue/s this PR fixes
fixes #11967
How Has This Been Tested?
Checklist: