diff --git a/internal/controllers/managedcontrolplane/access.go b/internal/controllers/managedcontrolplane/access.go index c79465e..52e3941 100644 --- a/internal/controllers/managedcontrolplane/access.go +++ b/internal/controllers/managedcontrolplane/access.go @@ -360,7 +360,7 @@ func (r *ManagedControlPlaneReconciler) syncAccessSecrets(ctx context.Context, m return false, rerr } mcpSecret := &corev1.Secret{} - mcpSecret.Name = ctrlutils.NameHashSHAKE128Base32(mcp.Name, providerName) + mcpSecret.Name = secretName(providerName, mcp.Name) mcpSecret.Namespace = mcp.Namespace if _, err := controllerutil.CreateOrUpdate(ctx, r.OnboardingCluster.Client(), mcpSecret, func() error { mcpSecret.Data = arSecret.Data @@ -397,3 +397,14 @@ func (r *ManagedControlPlaneReconciler) syncAccessSecrets(ctx context.Context, m return allAccessReady, nil } + +// secretName generates the following secret name format: '..kubeconfig'. +// The '.' part will be truncated and partially replaced with a hash if the +// resulting name exceeds the Kubernetes name length limit of 63 characters. +func secretName(providerName string, mcpName string) string { + // adjust oidc and token prefix in provider name to conform RFC 1123 + providerPrefix := strings.ReplaceAll(providerName, "_", "-") + compositeName := fmt.Sprintf("%s.%s", providerPrefix, mcpName) + suffix := ".kubeconfig" + return fmt.Sprintf("%s%s", ctrlutils.ShortenToXCharactersUnsafe(compositeName, ctrlutils.K8sMaxNameLength-len(suffix)), suffix) +} diff --git a/internal/controllers/managedcontrolplane/controller_test.go b/internal/controllers/managedcontrolplane/controller_test.go index 31f246b..f6324db 100644 --- a/internal/controllers/managedcontrolplane/controller_test.go +++ b/internal/controllers/managedcontrolplane/controller_test.go @@ -327,6 +327,8 @@ var _ = Describe("ManagedControlPlane Controller", func() { sec.SetNamespace(mcp.Namespace) Expect(env.Client(onboarding).Get(env.Ctx, client.ObjectKeyFromObject(sec), sec)).To(Succeed()) Expect(sec.Data).To(HaveKeyWithValue(clustersv1alpha1.SecretKeyKubeconfig, []byte(providerName))) + providerPrefix := strings.ReplaceAll(providerName, "_", "-") + Expect(sec.Name).To(Equal(strings.Join([]string{providerPrefix, mcp.Name, "kubeconfig"}, "."))) } By("=== UPDATE ===")