Skip to content

Limit Stack Names to 42 Characters to Prevent StatefulSet Label Value crashes #899

New issue
New issue
Open
Bug
Open
Limit Stack Names to 42 Characters to Prevent StatefulSet Label Value crashes#899
Bug
Labels
good-first-issueStart here if you'd like to start contributing to Pulumikind/bugSome behavior is incorrect or out of spec
@mateusvtt

Description

@mateusvtt
mateusvtt
opened on May 1, 2025

Problem Description

The operator currently allows stack names of any length, which can lead to Kubernetes validation errors when those names are used to generate StatefulSet resources. This occurs because:

  1. The stack name plus the string "-workspace" is used for the StatefulSet name

    pulumi-kubernetes-operator/operator/internal/controller/pulumi/stack_controller.go

    Line 1320 in f01d73c

    func nameForWorkspace(stack *metav1.ObjectMeta) string {

    pulumi-kubernetes-operator/operator/internal/controller/auto/workspace_controller.go

    Line 430 in f01d73c

    return w.Name + "-workspace"
  2. The StatefulSet name is then used in the controller-revision-hash label, see StatefulSet may need specical method of generating pod name  kubernetes/kubernetes#79337
  3. The full label value ends up exceeding Kubernetes' 63-character limit
    Example error:
statefulset/my-very-long-stack-name-for-staging-environment-workspace create Pod my-very-long-stack-name-for-staging-environment-workspace-0 in StatefulSet my-very-long-stack-name-for-staging-environment-workspace failed error: Pod "my-very-long-stack-name-for-staging-environment-workspace-0" is invalid: metadata.labels: Invalid value: "my-very-long-stack-name-for-staging-environment-workspace-6888c94d69": must be no more than 63 characters

This will silently fail, and the error can be found in the event logs.

Root Cause

When creating StatefulSets, the operator:

  1. Appends "-workspace" to the stack name to create the StatefulSet name
  2. Kubernetes automatically adds a "-" suffix (10 characters) to the StatefulSet's pods for the controller-revision-hash label
  3. The total suffix length is 21 characters ("-workspace-" = 11 chars + hash = 10 chars)

Given Kubernetes' 63-character limit for label values, this means the original stack name must not exceed 42 characters (63 - 21 = 42).

Example

Just create any Stack name with more than 42 chars.

Output of pulumi about

Does not apply.
pulumi-kubernetes-operator:v2.0.0

Additional context

No response

Contributing

It's possible to avoid the issue with this simple validation:
https://github.com/pulumi/pulumi-kubernetes-operator/compare/master...mateusvtt:pulumi-kubernetes-operator:set-stackname-limit?expand=1
It's kinda of a breaking change, however I believe no one is able to create a Stack with more than 42 chars.

Metadata

Metadata

Assignees

No one assigned

    Labels

    good-first-issueStart here if you'd like to start contributing to Pulumikind/bugSome behavior is incorrect or out of spec

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions