@@ -95,10 +95,37 @@ local clusterRoleName(name) =
9595local replaceColon(str) =
9696 std.strReplace(str, ':', '-');
9797
98- local rbac_objs(objdata, verbs=[ 'create', 'get', 'update', 'patch' ]) =
99- local dest_ns = objdata.namespace;
98+ local rl_obj_name(objdata) =
10099 // Some objects like ClusterRoleBinding can contain colons.
101100 local name = replaceColon(objdata.name);
101+ local n =
102+ if objdata.namespace != null then
103+ '%s-%s' % [ objdata.namespace, name ]
104+ else
105+ // Reduce potential for name collisions when generating names for
106+ // cluster-scoped ResourceLocker configurations.
107+ local prefix =
108+ if objdata.apigroup != '' &&
109+ std.length(objdata.apigroup + objdata.kind + name) <= 61
110+ then
111+ '%s-%s' % [
112+ std.asciiLower(objdata.kind),
113+ std.strReplace(objdata.apigroup, '.', '-'),
114+ ]
115+ else
116+ std.asciiLower(objdata.kind);
117+ if std.length(prefix + name) >= 63 then
118+ name
119+ else
120+ '%s-%s' % [ prefix, name ];
121+
122+ assert std.length(n) <= 63;
123+ n;
124+
125+ local rbac_objs(objdata, verbs=[ 'create', 'get', 'update', 'patch' ]) =
126+ local dest_ns = objdata.namespace;
127+ // Use full rl_obj_name to avoid collisions for cluster-scoped configs
128+ local name = rl_obj_name(objdata);
102129 // Create sa if not provided
103130 local saname = name + '-manager';
104131 local serviceaccount = kube.ServiceAccount(saname) {
@@ -162,14 +189,6 @@ local obj_data(obj) =
162189 namespace: if std.objectHas(obj.metadata, 'namespace') then obj.metadata.namespace,
163190 };
164191
165- local rl_obj_name(objdata) =
166- // Some objects like ClusterRoleBinding can contain colons.
167- local name = replaceColon(objdata.name);
168- if objdata.namespace != null then
169- '%s-%s' % [ objdata.namespace, name ]
170- else
171- name;
172-
173192/**
174193 * \brief Create a managed resource (similar to Espejo, but for single NS)
175194 *
0 commit comments