Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vSphere credentials Secret creation fails if VSPHERE_SERVER contains a trailing slash #3473

Open
xmudrii opened this issue Nov 29, 2024 · 0 comments · May be fixed by #3537
Open

vSphere credentials Secret creation fails if VSPHERE_SERVER contains a trailing slash #3473

xmudrii opened this issue Nov 29, 2024 · 0 comments · May be fixed by #3537
Labels
kind/bug Categorizes issue or PR as related to a bug. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. triage/needs-information Indicates an issue needs more information in order to work on it.

Comments

@xmudrii
Copy link
Member

xmudrii commented Nov 29, 2024

What happened?

If VSPHERE_SERVER environment variable contains a trailing slash, creating vSphere credentials Secret fails because / is not an allowed character in a key name.

The key names in the vSphere credentials Secret are using the pattern of {{ .VSPHERE_SERVER }}.{{ .username}} and {{ .VSPHERE_SERVER }}.{{ .password}}. If VSPHERE_SERVER has a trailing slash, the generated key name would be <server>/.username which is not allowed by Kubernetes.

kubeone/pkg/credentials/secret.go

Lines 213 to 218 in e43259a

vcenterPrefix := strings.ReplaceAll(credentials[VSphereAddressMC], "https://", "")
// Save credentials in Secret and configure vSphere cloud controller
// manager to read it, in replace of storing those in /etc/kubernates/cloud-config
// see more: https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/k8s-secret.html
vscreds[fmt.Sprintf("%s.username", vcenterPrefix)] = credentials[VSphereUsernameMC]
vscreds[fmt.Sprintf("%s.password", vcenterPrefix)] = credentials[VSpherePassword]

Expected behavior

There are two possible options:

  • Reject VSPHERE_SERVER values that have a trailing slash
  • Drop a trailing slash in the linked function

How to reproduce the issue?

  • Set VSPHERE_SERVER environment variable to a value that contains a trailing slash
  • Try to provision or upgrade a cluster

What cloud provider are you running on?

vSphere

Additional information

This code might have another bug. We drop https:// prefix, but not http://, which might be a valid prefix too (we should verify that).
@xmudrii xmudrii added kind/bug Categorizes issue or PR as related to a bug. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. triage/needs-information Indicates an issue needs more information in order to work on it. labels Nov 29, 2024
@kron4eg kron4eg linked a pull request Jan 16, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. triage/needs-information Indicates an issue needs more information in order to work on it.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make sure no slash at the end of vcenterPrefix kron4eg/kubeone
1 participant
@xmudrii