From 3a073ce3bc47efab6b9ff74c29085bd527301534 Mon Sep 17 00:00:00 2001
From: Fabricio Aguiar <fabricio.aguiar@gmail.com>
Date: Thu, 25 Jul 2024 15:26:09 +0100
Subject: [PATCH] Hash dataplane volume names when bigger than DNS label

closes OSPRH-8801

Signed-off-by: Fabricio Aguiar <fabricio.aguiar@gmail.com>
---
 pkg/dataplane/deployment.go | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/pkg/dataplane/deployment.go b/pkg/dataplane/deployment.go
index 28e237504..72672ff24 100644
--- a/pkg/dataplane/deployment.go
+++ b/pkg/dataplane/deployment.go
@@ -18,6 +18,8 @@ package deployment
 
 import (
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"path"
 	"reflect"
@@ -313,7 +315,8 @@ func (d *Deployer) addCertMounts(
 				}
 				volumeName := GetServiceCertsSecretName(d.NodeSet, service.Name, certKey, 0)
 				if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
-					volumeName = volumeName[:apimachineryvalidation.DNS1123LabelMaxLength]
+					hash := sha256.Sum224([]byte(volumeName))
+					volumeName = "cert" + hex.EncodeToString(hash[:])
 				}
 				certVolume := corev1.Volume{
 					Name: volumeName,
@@ -348,7 +351,8 @@ func (d *Deployer) addCertMounts(
 			}
 			volumeName := fmt.Sprintf("%s-%s", service.Name, service.Spec.CACerts)
 			if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
-				volumeName = volumeName[:apimachineryvalidation.DNS1123LabelMaxLength]
+				hash := sha256.Sum224([]byte(volumeName))
+				volumeName = "cacert" + hex.EncodeToString(hash[:])
 			}
 			cacertVolume := corev1.Volume{
 				Name: volumeName,
@@ -412,8 +416,8 @@ func (d *Deployer) addServiceExtraMounts(
 		for idx, key := range keys {
 			volumeName := fmt.Sprintf("%s-%s", cm.Name, strconv.Itoa(idx))
 			if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
-				limit := apimachineryvalidation.DNS1123LabelMaxLength - len(strconv.Itoa(idx))
-				volumeName = volumeName[:limit] + strconv.Itoa(idx)
+				hash := sha256.Sum224([]byte(volumeName))
+				volumeName = "cm" + hex.EncodeToString(hash[:]) + strconv.Itoa(idx)
 			}
 			volume := corev1.Volume{
 				Name: volumeName,
@@ -458,8 +462,8 @@ func (d *Deployer) addServiceExtraMounts(
 		for idx, key := range keys {
 			volumeName := fmt.Sprintf("%s-%s", sec.Name, strconv.Itoa(idx))
 			if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
-				limit := apimachineryvalidation.DNS1123LabelMaxLength - len(strconv.Itoa(idx))
-				volumeName = volumeName[:limit] + strconv.Itoa(idx)
+				hash := sha256.Sum224([]byte(volumeName))
+				volumeName = "sec" + hex.EncodeToString(hash[:]) + strconv.Itoa(idx)
 			}
 			volume := corev1.Volume{
 				Name: volumeName,