bug: coder_app DNS label must not exceed 64 characters to avoid NXDOMAIN #9518
Labels
s2
Broken use cases or features (with a workaround). Only humans may set this.
Comments
|
Is it different or related to #8145? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem:
DNS entries consist of labels separated by a period (
.), where each label may be up to 64 characters in length.When exposing a
coder_app, we forward requests that match the DNS label<app_name>.<agent-name>.<workspace_name>.<user_name>. Unfortunately, this can exceed 63 characters.Result: confusion as to why a coder_app in one workspace works, and another with a longer name is inaccessible with an NXDOMAIN error.
Possible Solutions
1. Validate at workspace planning stage
When creating a workspace, enforce an upper limit on the length of a
coder_appsuch thatlen(app.Name) + len(agent.Name) + len(workspace.Name) + len(user.Username) < 65. This would be detected at the Terraform plan stage.Note: There is a pathological case here where one or more of the above fields already add up to more than 64 characters. We could potentially also add upper limits on the length of the component fields, but this becomes problematic in the case of OIDC logins where we automatically generate the username based on claims.
The text was updated successfully, but these errors were encountered: