Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TTL validation bug #282

Open
kfox1111 opened this issue Jan 13, 2024 · 2 comments
Open

TTL validation bug #282

kfox1111 opened this issue Jan 13, 2024 · 2 comments

Comments

@kfox1111
Copy link
Contributor

I accidentally created a cluster spiffe id with ttl set to 5d.

It doesn't work as 'd' is not supported. This is fine. The whole controller manager is kind of broken with syncing at this point... this even is kind of fine, as its not supported and my mistake.

I then did a kubectl edit on it and tried to remove the ttl, or change it to something valid. It fails:

error: clusterspiffeids.spire.spiffe.io "spire-root-server-spire-step" could not be patched: admission webhook "vclusterspiffeid.kb.io" denied the request: time: unknown unit "d" in duration "5d"

It seems to be validating the previous version before validating the current version?

But there's now not a way to fix it.
@azdagron
Copy link
Member

Hmm, that's no good. Curious how the CR got past the admission controller in the first place?

@kfox1111
Copy link
Contributor Author

kfox1111 commented Jan 15, 2024
edited
Loading

Used the helm chart. I think it may have been an initial deployment... I guess in that case it may load in the cr before the webhook gets into place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kfox1111 @azdagron