Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EKS] [BUG] EKS breaks when cluster's launched with a HEX name #2513

Open
teocns opened this issue Dec 30, 2024 · 7 comments
Open

[EKS] [BUG] EKS breaks when cluster's launched with a HEX name #2513

teocns opened this issue Dec 30, 2024 · 7 comments
Labels
EKS Amazon Elastic Kubernetes Service

Comments

@teocns
Copy link

teocns commented Dec 30, 2024
edited
Loading

When deploying EKS clusters with hex names (i.e 0x01), the cluster silently breaks and never comes alive. Any attempt in accessing the cluster results in a failure as managed cluster access (aws-auth) does not get configured.

Only meaningful logs I managed to collect during experiments:

        {
            "timestamp": 1735586849000,
            "message": "E1230 19:27:29.674589      12 webhook.go:154] Failed to make webhook authenticator request: unknown",
            "ingestionTime": 1735586853443
        },
        {
            "timestamp": 1735586849000,
            "message": "E1230 19:27:29.674635      12 authentication.go:73] \"Unable to authenticate the request\" err=\"[invalid bearer token, unknown]\"",
            "ingestionTime": 1735586853443
        }

     {\"Code\":\"SignatureDoesNotMatch\",\"Message\":\"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\",\"Type\":\"Sender\"},\"RequestId\":\"ba389980-8472-4bca-93a8-26baeb070ebd\"}" method=POST path=/authenticate...

Relevant slack thread
@mariusmagureanu
Copy link

Looks legit. The regex pattern mentioned in the docs does validate it.

^[0-9A-Za-z][A-Za-z0-9\-_]*

@dims
Copy link
Member

dims commented Dec 30, 2024

@teocns have you already reached out to AWS EKS support?

@teocns
Copy link
Author

teocns commented Dec 30, 2024
edited
Loading

Yep we confirmed this bug with support case # 173559286800063. I've been indicated to open an issue here

@dims
Copy link
Member

dims commented Dec 31, 2024

@teocns you mean something like ClusterName-0x01? can you give me some examples please.

@teocns
Copy link
Author

teocns commented Dec 31, 2024

Bare hex names. I probably deployed around 50 clusters, all with incremental hex names while figuring why it didn't work: 0x01, 0x101, 0x701, etc...

@dims
Copy link
Member

dims commented Dec 31, 2024

@teocns 0x01 is a string of 4 characters i am assuming. thanks for confirming (that's valid per the regex).

@teocns
Copy link
Author

teocns commented Dec 31, 2024

My guts tell me somewhere down the pipeline it is not being escaped and therefore crashes some process or produces unexpected side effects. If that's true, this leaves room for attack vectors

@teocns teocns changed the title [BUG] EKS breaks when launched using hex names [EKS] [BUG] breaks when launched using hex names Dec 31, 2024
@teocns teocns changed the title [EKS] [BUG] breaks when launched using hex names [EKS] [BUG] EKS breaks when cluster's launched with a HEX name Dec 31, 2024
@dims dims added the EKS Amazon Elastic Kubernetes Service label Dec 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
EKS Amazon Elastic Kubernetes Service
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dims @mariusmagureanu @teocns