Skip to content

Cannot extract workload Name for certain workloads in NRI context #211

New issue
New issue
Open
Bug
Open
Cannot extract workload Name for certain workloads in NRI context#211
Bug
Labels
bugSomething isn't working
Milestone
MVP +1
@Andreagit97

Description

@Andreagit97
Andreagit97
opened on Jan 23, 2026

From the NRI context, we extract the workload name and kind starting from pod-name and labels. This is unfortunately not enough in all cases. Right now, I've spotted at least 3 cases where we cannot recover the full name of the workload:

Daemonset

Usually, the pod-name for a pod managed by a daemonset has the format:

pod-name: [daemonset-name]-[random-5chars]

Final [random-5chars] must always be there, while - can be truncated if there is not enough space.

Regular case:

  • daemonset-name: ubuntu-daemonset
  • pod-name: ubuntu-daemonset-6qq8v

Here, we can recover the full daemonset name from the pod one.

Worst case:

  • daemonset-name: ubuntu-daemonsetttttttttttttttttttttttttttttttttttttttttttttttttttt
  • pod-name: ubuntu-daemonsettttttttttttttttttttttttttttttttttttttttttt6qq8v

Here, we cannot recover the full daemonset name from the pod one because it is truncated!

Deployment

Usually, the pod-name for a pod managed by a deployment has the format:

pod-name: [deployment-name]-[hash]-[random-5chars]

Final [random-5chars] must always be there, while all the rest can become optional if there is no space

Regular case

  • deployment-name: ubuntu-deployment-674bcc58f4-pwvps
  • pod-name: ubuntu-deployment

Here, we can recover the full deployment name from the pod one.

Worst case:

  • deployment-name: ubuntu-deploymenttttttttttttttttttttttttttttttttttttttttttttttt
  • pod-name: ubuntu-deploymenttttttttttttttttttttttttttttttttttttttttttq8fcg

Here, we cannot recover the full deployment name from the pod one because it is truncated!

Replicaset (not an issue for now)

Here, the issue is that we don't have a way to understand if the current pod belongs to a replicaset or not. There are no labels that could help us. We cannot just say that each pod that has a suffix -[random-5chars] is a replicaset.
Since replicasets alone are rarely used in production, we decided not to support them for now.

Issues

This is an issue for 2 reasons:

  1. When we create the workload policy proposal, we need the full name of the workload to associate the policy with the workload. If the name is truncated, we cannot match the original workload name in the policy.
    • Just wondering if maybe we can find another way to associate the policy proposal with the workload without using the name.
  2. When we send a violation alert, in monitor/protect mode, we enrich it with some k8s info. Among them, we have the name of the workload that could be truncated due to the above issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    Bug

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions