improve provisioning, avoid using more than 63 chars

Author: jhemtjpr

CHANGELOG.md

@@ -1,5 +1,14 @@
 # CHANGELOG
 
+## 2020-04-29 1.2.8
+
+* Improve PV name provisioning as a hash of the Namespace+PVC string. Avoid using more than the 63 characater limit.
+* Bump python version to 3.9.4
+
+## 2020-03-24 1.2.7
+
+* Merge upstream security fixes.
+
 ## 2020-02-12 1.2.6
 
 * Add new argument `--forcePvInit` which forces PV initialization without annotations on the PVC.

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.7.3-alpine3.9
+FROM python:3.9.4-alpine3.13
 
 RUN pip install jinja2 kubernetes
 

Makefile

@@ -1,5 +1,5 @@
 IMAGE=juliohm/k8s-nfs-provisioner
-TAG=1.2.7
+TAG=1.2.8
 
 build:
 	docker build -t $(IMAGE):latest .

rootfs/usr/local/bin/controller.py

@@ -12,6 +12,7 @@
 import urllib3
 import os
 import controllerargs
+import hashlib
 
 args = controllerargs.p.parse_args()
 
@@ -45,6 +46,7 @@
 ################################################################################
 def init_pv_data(pvc, sc):
     pvcfullname = pvc.metadata.namespace + '-' + pvc.metadata.name
+    pvcfullname = "pvc-"+hashlib.md5(pvcfullname.encode()).hexdigest()
     logging.info("PVC "+pvcfullname+". Initializing NFS share directories")
 
     if pvc.metadata.annotations and ANNOTATION_INITPERMS in pvc.metadata.annotations and pvc.metadata.annotations[ANNOTATION_INITPERMS] == "false":
@@ -150,6 +152,8 @@ def provision_pv(pvc):
     pvname = pvc.metadata.namespace + "-" + pvc.metadata.name
     if pvNamePrefix:
         pvname = pvNamePrefix + "-" + pvname
+    if len(pvname) > 63:
+        pvname = "pv-"+hashlib.md5(pvname.encode()).hexdigest()
 
     pv = coreapi.list_persistent_volume(field_selector="metadata.name="+pvname)
     if len(pv.items) > 0:
@@ -166,8 +170,8 @@ def provision_pv(pvc):
     pv.metadata = kubernetes.client.V1ObjectMeta()
     pv.metadata.name = pvname
     pv.metadata.labels = dict()
-    pv.metadata.labels[LABEL_PVCNAME] = pvc.metadata.name
-    pv.metadata.labels[LABEL_PVCNAMESPACE] = pvc.metadata.namespace
+    pv.metadata.labels[LABEL_PVCNAME] = pvc.metadata.name[:63]
+    pv.metadata.labels[LABEL_PVCNAMESPACE] = pvc.metadata.namespace[:63]
     pv.metadata.labels[LABEL_STORAGECLASSNAME] = scname
     pv.spec = kubernetes.client.V1PersistentVolumeSpec()
     pv.status = kubernetes.client.V1PersistentVolumeStatus()
@@ -275,6 +279,7 @@ def remove_pv(pvc):
             eventtype = event["type"]
             pvc = event["object"]
             pvcfullname = pvc.metadata.namespace+"-"+pvc.metadata.name
+            pvcfullname = "pvc-"+hashlib.md5(pvcfullname.encode()).hexdigest()
             try:
                 logging.debug("Event: "+eventtype+" "+pvcfullname)
                 if eventtype == "ADDED":