Bug: Can't override Kubernetes DNS settings 用户无法覆盖 Kubernetes DNS 配置

chenjunyu19 commented 3 months ago

Before submitting / 提交之前

[X] I have verified that I use latest version and no similar issues were found. / 我已验证我使用的是最新版本，并且没有找到类似的问题。

What version of GZCTF are you using? / 您使用的 GZCTF 版本是什么？

develop

What is the commit hash for your build? (in About page and backend logs) / 您所使用的构建的提交哈希是什么？（在关于页面和后端日志中）

f7ef64094acfa2ced42de47b2fdebe2734fab915

In which browsers you can reproduce the issue? / 您在哪些浏览器中可以重现此问题？

Not applicable – issue is not related to the browser

Describe the bug / 描述 bug

我不是该问题的亲历者，以下内容根据用户反馈的实际情况推测得到。

// ......
      "DNS": [
        // custom DNS to avoid cluster DNS
        "8.8.8.8",
        "223.5.5.5"
      ]
// ......

使用 k8s 作为容器运行时和文档中给出的 DNS 配置（摘抄如上）运行该版本的 GZCTF Server
启动一个测试容器
UI 提示启动失败
服务端日志提示 Invalid value: []string{"8.8.8.8", "223.5.5.5", "114.114.114.114", "8.8.8.8", "223.5.5.5"}: must not have more than 3 nameservers

完整日志如下：

[24-03-31 04:54:10.159 WRN] KubernetesManager: Failed to create container quiz-for-pyehc-d8ca08df721c4daa, status: UnprocessableEntity #Failed <System>
[24-03-31 04:54:10.160 ERR] KubernetesManager: Failed to create container quiz-for-pyehc-d8ca08df721c4daa, response: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Pod \"quiz-for-pyehc-d8ca08df721c4daa\" is invalid: spec.dnsConfig.nameservers: Invalid value: []string{\"8.8.8.8\", \"223.5.5.5\", \"114.114.114.114\", \"8.8.8.8\", \"223.5.5.5\"}: must not have more than 3 nameservers","reason":"Invalid","details":{"name":"quiz-for-pyehc-d8ca08df721c4daa","kind":"Pod","causes":[{"reason":"FieldValueInvalid","message":"Invalid value: []string{\"8.8.8.8\", \"223.5.5.5\", \"114.114.114.114\", \"8.8.8.8\", \"223.5.5.5\"}: must not have more than 3 nameservers","field":"spec.dnsConfig.nameservers"}]},"code":422} #Failed <System>

Expected behavior / 期望行为

配置文件中的 DNS 数组可以正确地覆盖默认值。

Possible fix / 可能的修复

https://github.com/GZTimeWalker/GZCTF/blob/f7ef64094acfa2ced42de47b2fdebe2734fab915/src/GZCTF/Models/Internal/Configs.cs#L141-L151

根据源码，用户配置理应能够覆盖掉默认配置，但看起来并没有，非常奇怪。

此外，可以考虑默认值为空数组。运行时如果发现自定义 DNS 配置为空，就将 dnsPolicy 设为 Default，让容器使用 Host 系统中的 resolv.conf。

Pod 主机名和名称解析

GZTimeWalker commented 3 months ago

这里需要避免容器内部使用集群的 DNS，存在导致信息泄漏的风险，所以似乎不能直接设置为 Default

GZTimeWalker commented 3 months ago

cc @hez2010 看一下为什么没有成功覆盖（？

hez2010 commented 3 months ago

asp.net core 的 Configuration 不走 System.Text.Json 的反序列化，所以不遵守 JsonObjectCreationHandling

hez2010 commented 3 months ago

Fixed by 37d9cb91a8c190c155c629ffffa3b4525c5eda46

hez2010 commented 3 months ago

A new docker image tagged with develop has been pushed. Please try the latest image.

GZTimeWalker / GZCTF