Fixing ServiceCIDR Status Overwrite Vulnerability in Kubernetes
What's the problem?
Learn how to resolve the ServiceCIDR status field wiping issue in Kubernetes to ensure API consistency and prevent unauthorized status modification by clients.
Why does this happen?
The ServiceCIDR API previously failed to sanitize incoming requests, allowing users to overwrite controller-managed status fields. This occurred because the registry strategy lacked explicit 'wipe' logic for the status subresource, bypassing standard Kubernetes API safety protocols.
Code Example
// Example of the corrected strategy logic in strategy.go
func (s *strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
newCIDR := obj.(*networking.ServiceCIDR)
oldCIDR := old.(*networking.ServiceCIDR)
// Preserve server-side status, ignore client-provided status
newCIDR.Status = oldCIDR.Status
}How to fix it
To resolve this, upgrade your cluster to a version containing the ServiceCIDRStatusFieldWiping feature gate. Ensure your API server configuration enables this gate (enabled by default in newer versions). If you are maintaining a custom controller, update your strategy logic to call GetResetFields() and explicitly reset the status object during PrepareForCreate and PrepareForUpdate operations.