fix: Request Flood when misconfigured cluster-cidr causes dead routes to be kept #482

apricote · 2023-07-25T10:24:41Z

Scenario

Cluster CIDR in hccm config does not correspond to real Pod CIDRs
Routes are created for real Pod CIDRs
Nodes are removed again by an autoscaler
Routes are never deleted (since fix(routes): Only delete routes in the Cluster CIDR #432) because CIDR is outside the configured Cluster CIDRs
With ListRoutes, the existing routes are always listed again, but the gateway IPs cannot be assigned to any servers because the servers are deleted.
In case of a cache miss we reload the complete server list.
Since several faulty routes exist without servers, we reload the server list several times per ListRoutes

Depending on the amount of "dead routes", this can quickly exhaust the API rate limit by sending multiple GET /servers requests per second.

Detect misconfiguration: In CreateRoute we can validate that the Route CIDR is contained within the configured Cluster CIDR
Slower cache refresh: Refreshing the cache multiple times per iteration is not necessary, it should be enough to refresh the cache once per ListRoutes call

The text was updated successfully, but these errors were encountered:

github-actions · 2023-09-23T12:45:07Z

This issue has been marked as stale because it has not had recent activity. The bot will close the issue if no further action occurs.

github-actions · 2023-12-24T12:44:55Z

This issue has been marked as stale because it has not had recent activity. The bot will close the issue if no further action occurs.

apricote added the bug Something isn't working label Jul 25, 2023

github-actions bot added the stale label Sep 23, 2023

apricote removed the stale label Sep 25, 2023

github-actions bot added the stale label Dec 24, 2023

apricote added pinned and removed stale labels Jan 8, 2024