-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to decode an event from the watch stream: object to decode was longer than maximum allowed size #57073
Comments
The error comes from the decoder which limits the max bytes up to 1MiB. I think we should limit max bytes of a object's meta on creating. |
/sig api-machinery |
/cc @yliaog |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle rotten |
agreed, since the decoder has the 1MiB limit, the limit should be applied at the creation time. We don't want an object stored in the system that the system cannot decode. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale The nginx ingress controller runs into the same problem until it gives up and the config becomes stale. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
/remove-lifecycle stale |
+1 This is a huge issue. It opens up a very easy dos attack from anyone that has create or update access to any objects in a cluster. |
Behaviour of kube-controller-manager changed after the original issue report of #57073 . First I created a 1.4M job just like the yaml described at the top comment with little differences of total numbers of envs. Kube-controller-manager watched the creation of this obj and its length is larger than the maximum limit 1Mib. So Kube-controller-manager keeped logging
But when I tried to create a 2.0M job, kube-apiserver failed to create it because etcdserver has a limit of maximum size of http body.
|
It's good to see that the controller partially works. The big issue here is consistency, I would rather have the initial API request be rejected then experience inconsistent performance. Anything that uses client-go for watches will experience similar issues that may go undetected for a long time. Thank you for making the PR to fix this at the api layer! |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/close |
@carsonoid: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened:
Create a job with lots of envs. The job can't run normally. Controller keeps logging
Unable to decode an event from the watch stream: object to decode was longer than maximum allowed size
.What you expected to happen:
The job should run normally or fail early on creating.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
kubectl version
):uname -a
):The text was updated successfully, but these errors were encountered: