Hash or truncate secret names for checksum annotations
Summary
The operator cannot deploy the application if the postgres secret has a long name which is how Zalando's postgres operator creates its secrets.
Steps to reproduce
- Using the zalando postgres operator instantiate a database.
- The postgres-operator will create a secret for the user pw in the format
{user}.{group}.{cluster-name}.credentials.postgresql.acid.zalan.do
- Applying this to the gitlab CR results in an error in the gitlab-operator regarding length of the generated checksum annotation (see below logs).
Configuration used
The relevant part (I assume) is the following:
global:
psql:
host: elderbyte-postgres-cluster.database
port: 5432
database: gitlabhq_production # default = gitlabhq_production
username: gitlab.gitlab
password:
useSecret: true
secret: gitlab.gitlab.elderbyte-postgres-cluster.credentials.postgresql.acid.zalan.do
key: password
preparedStatements: true # default = false
# ssl: TODO
# load_balancing: TODO
Current behavior
An error regarding length of a checksum annotation is thrown by the gitlab operator reconciliation loop.
Expected behavior
Truncate or hash the (long) secret name to fit in the annotation.
Versions
- Operator: 0.15.5
- Platform:
- Cloud: AKS
- Kubernetes: (
kubectl version
)- Client: 1.26.1 (but Flux CD used so this is not the applying client)
- Server: 1.24.6
Relevant logs
{
"reconciler group": "apps.gitlab.com",
"reconciler kind": "GitLab",
"name": "gitlab",
"namespace": "gitlab",
"error": "failed to create object: gitlab/gitlab-toolbox [*v1.Deployment]: Deployment.apps \"gitlab-toolbox\" is invalid: spec.template.annotations: Invalid value: \"checksum/secret-gitlab.gitlab.elderbyte-postgres-cluster.credentials.postgresql.acid.zalan.do\": name part must be no more than 63 characters",
"errorVerbose": "Deployment.apps \"gitlab-toolbox\" is invalid: spec.template.annotations: Invalid value: \"checksum/secret-gitlab.gitlab.elderbyte-postgres-cluster.credentials.postgresql.acid.zalan.do\": name part must be no more than 63 characters\nfailed to create object: gitlab/gitlab-toolbox [*v1.Deployment]\ngitlab.com/gitlab-org/cloud-native/gitlab-operator/pkg/support/kube.(*ApplyConfig).wrapObjectError\n\t/workspace/pkg/support/kube/apply.go:291\ngitlab.com/gitlab-org/cloud-native/gitlab-operator/pkg/support/kube.(*ApplyConfig).create\n\t/workspace/pkg/support/kube/apply.go:167\ngitlab.com/gitlab-org/cloud-native/gitlab-operator/pkg/support/kube.(*ApplyConfig).apply\n\t/workspace/pkg/support/kube/apply.go:142\ngitlab.com/gitlab-org/cloud-native/gitlab-operator/pkg/support/kube.ApplyObject\n\t/workspace/pkg/support/kube/apply.go:82\ngitlab.com/gitlab-org/cloud-native/gitlab-operator/controllers.(*GitLabReconciler).createOrPatch\n\t/workspace/controllers/gitlab_controller.go:543\ngitlab.com/gitlab-org/cloud-native/gitlab-operator/controllers.(*GitLabReconciler).reconcileToolboxDeployment\n\t/workspace/controllers/toolbox.go:59\ngitlab.com/gitlab-org/cloud-native/gitlab-operator/controllers.(*GitLabReconciler).reconcileToolbox\n\t/workspace/controllers/toolbox.go:29\ngitlab.com/gitlab-org/cloud-native/gitlab-operator/controllers.(*GitLabReconciler).Reconcile\n\t/workspace/controllers/gitlab_controller.go:251\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.10.1/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.10.1/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.10.1/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.10.1/pkg/internal/controller/controller.go:227\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1371"
}
```