cozystack icon indicating copy to clipboard operation
cozystack copied to clipboard
verified publisher icon aenix-io

ingress-nginx-system fail on default config if tenant names start with a digits

Open lb0o opened this issue 2 months ago • 2 comments

Describe the bug A tenant was deployed using an id "1" (digits) rather that a letter causing DNS 1035 rule to trigger

DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character

Environment

  • Cozystack version 0.37.2

To Reproduce Steps to reproduce the behavior:

  1. create a new tenant with name starting with a number "1"
  2. Enable ingress in tenant (require metalLB)
  3. kubectl get hr -n tenant-1jhon

Expected behaviour Enforce DNS 1035 rule to tenant naming

The tenant name should have rejected the name starting with a digit

Actual behaviour Service "1-ingress-defaultbackend" is invalid: metadata.name: Invalid value: "1-ingress-defaultbackend": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is 'a-z?')

lb0o avatar Oct 20 '25 13:10 lb0o

Hi @lb0o! I'm Dosu and I’m helping the cozystack team.

Tenant names that start with digits aren't currently rejected in Cozystack, which leads to downstream DNS-1035 validation errors when those names are used to generate Kubernetes resources like ingress services. DNS-1035 requires names to start with a lowercase letter, so tenant names should be validated against this rule during creation. The validation logic for tenant names is expected to reside in the API and validation packages (such as pkg/apis/core/validation), but enforcement of DNS-1035 compliance is missing, which is why the error occurs. To prevent this, tenant name validation should explicitly check for DNS-1035 compliance at creation time, rejecting names that start with digits or otherwise violate the rule. Documentation currently only states that tenant names must be alphanumeric and cannot contain dashes, but does not mention DNS-1035 rules or starting character restrictions (source).

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Chat with Dosu Join Discord Share on X

dosubot[bot] avatar Oct 20 '25 13:10 dosubot[bot]

Nice catch, thank you for report! We're going to rework tenant system soon and will refer to this issue as well

kvaps avatar Oct 21 '25 10:10 kvaps