fix(controller): handle long rule names in bootstrap annotation keys#224
fix(controller): handle long rule names in bootstrap annotation keys#224vishnukothakapu wants to merge 1 commit intokubernetes-sigs:mainfrom
Conversation
✅ Deploy Preview for node-readiness-controller canceled.
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: vishnukothakapu The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Welcome @vishnukothakapu! |
k8s-ci-robot
added
needs-ok-to-test
|
Hi @vishnukothakapu. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/L
| // "bootstrap-completed-" is 20 characters. | ||
| if len(namePart) > 43 { | ||
| hash := md5.Sum([]byte(ruleName)) | ||
| namePart = hex.EncodeToString(hash[:]) |
There was a problem hiding this comment.
Don't we need to restrict limit here?
There was a problem hiding this comment.
Since the hash is fixed to 32 characters, the annotation name length also stays fixed.
With a 20-character prefix + 32-character hash, the final annotation name becomes 52 characters total, no matter how long the original rule name is.
So this keeps it safely within Kubernetes’ 63-character limit.
| // Annotation name part (after prefix/) must be <= 63 characters. | ||
| // "bootstrap-completed-" is 20 characters. | ||
| if len(namePart) > 43 { | ||
| hash := md5.Sum([]byte(ruleName)) |
There was a problem hiding this comment.
is md5 is recomended or is there any other better way? like sha256?
There was a problem hiding this comment.
I initially used MD5 because of its shorter fixed-length output, which fit easily within Kubernetes’ 63-character limit. I’ve now updated it to SHA256 and truncated it to 32 characters so it stays within the limit while providing stronger hashing.
Truncate and hash rule names in annotation keys when they exceed the 63-character Kubernetes limit for the name part. Uses truncated SHA256 to ensure deterministic and valid annotation keys for rules with names up to 253 characters.
vishnukothakapu
force-pushed
the
fix-annotation-key-length
branch
from
538cca4 to
d42de51
Compare
|
Thanks for catching this. My only thoughts on this is that it takes away the human observability on this when a bootsrap-rule is done. :/ |
4 participants
Description
This PR fixes a bug where NodeReadinessRule resources with long names (longer than 43 characters) caused the controller to fail when patching Node annotations. Kubernetes strictly limits the name part of an annotation key to 63 characters. Since our key pattern was
readiness.k8s.io/bootstrap-completed-<rule-name>, long rule names resulted in invalid keys.I introduced a helper function
getBootstrapAnnotationKeythat deterministically hashes the rule name using MD5 when it exceeds the length limit, ensuring the final key is always valid.Related Issue
Fixes #223
Type of Change
/kind bug
Testing
Checklist
make testpassesmake lintpassesDoes this PR introduce a user-facing change?
NONE