-
Notifications
You must be signed in to change notification settings - Fork 336
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to create PV if the secret name length is greater than 63 chars #708
Comments
As the issue is not in the external-provisioner, I created an issue here as it's trying to create the PV. it's a generic problem with both dynamic PVC and static PV. if we want I can open an issue in the kubernetes repo also. |
Consider this field belong to or validation goes through via As per kubernetes CO, the secret name should be a valid DNS subdomain name ( RFC 1123) https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names , so creation of secret (>63 char) has covered with that. Having it in sc opaque Key value param list is also fine. However while spec has been saved, the validation goes through |
PV.spec.csi is the CSIPersistentVolumeSource in the PersistentVolumeSource, right? But it doesn't have a Is that perhaps referring to the Does the name validation there use stricter rules than the name validation for secret objects? @Madhu-1 said "Create secret with name length greater than 63 chars", so I am assuming that this worked. |
afaict, the
It will work (ie secret creation wil work) , as mentioned in above comment (#708 (comment)) the secret object name has to be DNS subdomain name which is "253" char by the RFC. |
yes its the secret name field
Yes, the creation of secrets is allowed till the limit of 253 chars but reference it is not allowed in the PV object. @pohly we need to decide we need to increase the char limit in the validation or not. at least if not possible fail fast before provisioning the PV or creating the storage resources. it does not make sense to create all the storage resources and fail to create the PV. This can also cause the storage resource leak like #486 |
It seems like a bug in the validation, In addition, the field path is constructed wrong after all It's interesting that |
In other words, feel free to fix the secret ref validation to use |
Thanks @jsafrane , indeed this is confusing and goes wrong in the validation path. I can drop the fix 👍 |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
@k8s-triage-robot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
When the secret name length is greater than 63 chars the PV creation is failing with below error
Steps to reproduce
If the secret creation with a name greater than 63 chars are allowed and specifying the same length name is allowed in storageclass parameters why not allow the creation of PV objects?
The text was updated successfully, but these errors were encountered: