search

skupperproject / skupper

Skupper is an implementation of a Virtual Application Network, enabling rich hybrid cloud communication.
http://skupper.io
Apache License 2.0
595 stars 74 forks source link

null pointer dereference in policy controller #1427

Closed grs closed 7 months ago

grs commented 7 months ago

Describe the bug

On platforms without DeploymentConfig, if cluster policy CRD is installed (and therefore policy enabled), and a service is annotated, the service controller will crash with:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x131007f]

goroutine 304 [running]:
github.com/skupperproject/skupper/pkg/kube.GetDeploymentConfig({0xc000890b10, 0x9}, {0xc00004802a, 0x3}, {0x0?, 0x0?})
    /go/src/app/pkg/kube/deploymentconfigs.go:12 +0x3f
github.com/skupperproject/skupper/pkg/kube.GetServiceInterfaceTarget({0x17fc0e3?, 0x1?}, {0xc000890b10, 0x9}, 0x1, {0xc00004802a, 0x3}, {0x1a6d498?, 0xc00020cc60?}, {0x0, ...})
    /go/src/app/pkg/kube/misc.go:90 +0x69e
main.(*PolicyController).inferTargetType.func1({0xc000bd1b08?, 0x3, 0x0?})
    /go/src/app/cmd/service-controller/policy_controller.go:412 +0xea
main.(*PolicyController).inferTargetType(0x0?, {{0xc000890b10, 0x9}, {0xc00088b368, 0x17}, 0xc0009d8180, {0x0, 0x0}, {0x0, 0x0}}, ...)
    /go/src/app/cmd/service-controller/policy_controller.go:422 +0x150
main.(*PolicyController).validateExposeStateChanged(0xc000661c80)
    /go/src/app/cmd/service-controller/policy_controller.go:349 +0x338
main.(*PolicyController).validateStateChanged(0xc000661c80?)
    /go/src/app/cmd/service-controller/policy_controller.go:461 +0x3c
main.(*PolicyController).start.func1()
    /go/src/app/cmd/service-controller/policy_controller.go:118 +0x1e6
created by main.(*PolicyController).start
    /go/src/app/cmd/service-controller/policy_controller.go:89 +0x72

How To Reproduce Steps to reproduce the behavior:

Initialise a namespace with skupper. Create a deployment with a service. Annotate the service with skupper.io/proxy=tcp. Install skupper ClusterPolicy CRD.

Expected behavior

No crash.

Environment details

grs commented 7 months ago

The root of the issue is the 'inferTargetType' function in cmd/service-controller/policy_controller.go which does not take account of how annotated services are recorded in skupper-services. It therefore assumes it is either a Deployment or StatefulSet and when neither of those resolve, tries with DeploymentConfig without checking whether there is a valid client for that.