Skip to content

Commit 595e9fa

Browse files
assafad1assafad1
committed
Prevent invalid label values by hashing long PrometheusRule names (#440)
1 parent d9b3ed4 commit 595e9fa

File tree

1 file changed

+27
-6
lines changed

1 file changed

+27
-6
lines changed

internal/controller/prometheusrule_controller.go

Lines changed: 27 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ package controllers
1616

1717
import (
1818
"context"
19+
"crypto/sha1"
20+
"encoding/hex"
1921
"errors"
2022
"fmt"
2123
"reflect"
@@ -43,6 +45,8 @@ import (
4345
"github.com/coralogix/coralogix-operator/internal/utils"
4446
)
4547

48+
const managedByLabelKey = "app.kubernetes.io/managed-by"
49+
4650
//+kubebuilder:rbac:groups=monitoring.coreos.com,resources=prometheusrules,verbs=get;list;watch
4751

4852
//+kubebuilder:rbac:groups=coralogix.com,resources=recordingrulegroupsets,verbs=get;list;watch;create;update;patch;delete
@@ -121,7 +125,7 @@ func (r *PrometheusRuleReconciler) convertPrometheusRuleRecordingRuleToCxRecordi
121125
recordingRuleGroupSet.Name = prometheusRule.Name
122126
recordingRuleGroupSet.Namespace = prometheusRule.Namespace
123127
recordingRuleGroupSet.Labels = prometheusRule.Labels
124-
recordingRuleGroupSet.Labels["app.kubernetes.io/managed-by"] = prometheusRule.Name
128+
recordingRuleGroupSet.Labels[managedByLabelKey] = truncateLabelValue(prometheusRule.Name)
125129
recordingRuleGroupSet.OwnerReferences = []metav1.OwnerReference{getOwnerReference(prometheusRule)}
126130
recordingRuleGroupSet.Spec = desiredRecordingRuleGroupSetSpec
127131
if err = config.GetClient().Create(ctx, recordingRuleGroupSet); err != nil {
@@ -135,7 +139,7 @@ func (r *PrometheusRuleReconciler) convertPrometheusRuleRecordingRuleToCxRecordi
135139

136140
updated := false
137141
desiredLabels := prometheusRule.Labels
138-
desiredLabels["app.kubernetes.io/managed-by"] = prometheusRule.Name
142+
desiredLabels[managedByLabelKey] = truncateLabelValue(prometheusRule.Name)
139143
if !reflect.DeepEqual(recordingRuleGroupSet.Labels, desiredLabels) {
140144
recordingRuleGroupSet.Labels = desiredLabels
141145
updated = true
@@ -236,7 +240,7 @@ func (r *PrometheusRuleReconciler) convertPrometheusRuleAlertToCxAlert(ctx conte
236240
alert.Name = alertName
237241
alert.Namespace = prometheusRule.Namespace
238242
alert.Labels = prometheusRule.Labels
239-
alert.Labels["app.kubernetes.io/managed-by"] = prometheusRule.Name
243+
alert.Labels[managedByLabelKey] = truncateLabelValue(prometheusRule.Name)
240244
alert.OwnerReferences = []metav1.OwnerReference{getOwnerReference(prometheusRule)}
241245
alert.Spec = prometheusAlertingRuleToAlertSpec(&rule)
242246
if err = config.GetClient().Create(ctx, alert); err != nil {
@@ -250,7 +254,7 @@ func (r *PrometheusRuleReconciler) convertPrometheusRuleAlertToCxAlert(ctx conte
250254

251255
updated := false
252256
desiredLabels := prometheusRule.Labels
253-
desiredLabels["app.kubernetes.io/managed-by"] = prometheusRule.Name
257+
desiredLabels[managedByLabelKey] = truncateLabelValue(prometheusRule.Name)
254258
if !reflect.DeepEqual(alert.Labels, desiredLabels) {
255259
alert.Labels = desiredLabels
256260
updated = true
@@ -298,7 +302,11 @@ func (r *PrometheusRuleReconciler) convertPrometheusRuleAlertToCxAlert(ctx conte
298302
}
299303

300304
var childAlerts coralogixv1beta1.AlertList
301-
if err := config.GetClient().List(ctx, &childAlerts, client.InNamespace(prometheusRule.Namespace), client.MatchingLabels{"app.kubernetes.io/managed-by": prometheusRule.Name}); err != nil {
305+
if err := config.GetClient().List(
306+
ctx,
307+
&childAlerts,
308+
client.InNamespace(prometheusRule.Namespace),
309+
client.MatchingLabels{managedByLabelKey: truncateLabelValue(prometheusRule.Name)}); err != nil {
302310
return fmt.Errorf("received an error while trying to list Alerts: %w", err)
303311
}
304312

@@ -318,7 +326,11 @@ func (r *PrometheusRuleReconciler) convertPrometheusRuleAlertToCxAlert(ctx conte
318326

319327
func (r *PrometheusRuleReconciler) deleteCxAlerts(ctx context.Context, prometheusRule *prometheus.PrometheusRule) error {
320328
var childAlerts coralogixv1beta1.AlertList
321-
err := config.GetClient().List(ctx, &childAlerts, client.InNamespace(prometheusRule.Namespace), client.MatchingLabels{"app.kubernetes.io/managed-by": prometheusRule.Name})
329+
err := config.GetClient().List(
330+
ctx,
331+
&childAlerts,
332+
client.InNamespace(prometheusRule.Namespace),
333+
client.MatchingLabels{managedByLabelKey: truncateLabelValue(prometheusRule.Name)})
322334
if err != nil {
323335
return fmt.Errorf("received an error while trying to list Alerts: %w", err)
324336
}
@@ -483,6 +495,15 @@ func sanitizeName(name string) string {
483495
return name
484496
}
485497

498+
// truncateLabelValue ensures label values stay under 63 chars.
499+
func truncateLabelValue(value string) string {
500+
if len(value) <= 63 {
501+
return value
502+
}
503+
h := sha1.Sum([]byte(value))
504+
return fmt.Sprintf("%s-%s", value[:40], hex.EncodeToString(h[:])[:8])
505+
}
506+
486507
// SetupWithManager sets up the controller with the Manager.
487508
func (r *PrometheusRuleReconciler) SetupWithManager(mgr ctrl.Manager) error {
488509
shouldTrackPrometheusRules := func(labels map[string]string) bool {

0 commit comments

Comments
 (0)