Hash dataplane volume names when bigger than DNS label

closes OSPRH-8801 Signed-off-by: Fabricio Aguiar <[email protected]>
fao89 · Jul 25, 2024 · 3a073ce · 3a073ce
1 parent e569d04
commit 3a073ce
Showing 1 changed file with 10 additions and 6 deletions.
diff --git a/pkg/dataplane/deployment.go b/pkg/dataplane/deployment.go
@@ -18,6 +18,8 @@ package deployment
 
 import (
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"path"
 	"reflect"
@@ -313,7 +315,8 @@ func (d *Deployer) addCertMounts(
 				}
 				volumeName := GetServiceCertsSecretName(d.NodeSet, service.Name, certKey, 0)
 				if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
-					volumeName = volumeName[:apimachineryvalidation.DNS1123LabelMaxLength]
+					hash := sha256.Sum224([]byte(volumeName))
+					volumeName = "cert" + hex.EncodeToString(hash[:])
 				}
 				certVolume := corev1.Volume{
 					Name: volumeName,
@@ -348,7 +351,8 @@ func (d *Deployer) addCertMounts(
 			}
 			volumeName := fmt.Sprintf("%s-%s", service.Name, service.Spec.CACerts)
 			if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
-				volumeName = volumeName[:apimachineryvalidation.DNS1123LabelMaxLength]
+				hash := sha256.Sum224([]byte(volumeName))
+				volumeName = "cacert" + hex.EncodeToString(hash[:])
 			}
 			cacertVolume := corev1.Volume{
 				Name: volumeName,
@@ -412,8 +416,8 @@ func (d *Deployer) addServiceExtraMounts(
 		for idx, key := range keys {
 			volumeName := fmt.Sprintf("%s-%s", cm.Name, strconv.Itoa(idx))
 			if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
-				limit := apimachineryvalidation.DNS1123LabelMaxLength - len(strconv.Itoa(idx))
-				volumeName = volumeName[:limit] + strconv.Itoa(idx)
+				hash := sha256.Sum224([]byte(volumeName))
+				volumeName = "cm" + hex.EncodeToString(hash[:]) + strconv.Itoa(idx)
 			}
 			volume := corev1.Volume{
 				Name: volumeName,
@@ -458,8 +462,8 @@ func (d *Deployer) addServiceExtraMounts(
 		for idx, key := range keys {
 			volumeName := fmt.Sprintf("%s-%s", sec.Name, strconv.Itoa(idx))
 			if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
-				limit := apimachineryvalidation.DNS1123LabelMaxLength - len(strconv.Itoa(idx))
-				volumeName = volumeName[:limit] + strconv.Itoa(idx)
+				hash := sha256.Sum224([]byte(volumeName))
+				volumeName = "sec" + hex.EncodeToString(hash[:]) + strconv.Itoa(idx)
 			}
 			volume := corev1.Volume{
 				Name: volumeName,