Enforced compliance of the id used in kubernetes annotations#488
Open
plup wants to merge 2 commits intoTheHive-Project:masterfrom
Open
Enforced compliance of the id used in kubernetes annotations#488plup wants to merge 2 commits intoTheHive-Project:masterfrom
plup wants to merge 2 commits intoTheHive-Project:masterfrom
Conversation
Made-with: Cursor
Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Sanitize Cortex job and worker identifiers before using them as Kubernetes label values and in the
Job name in K8sJobRunnerSrv.
Why
Kubernetes rejects label values that don’t start and end with an alphanumeric character (max 63
chars). Some job IDs end with _, which produced 400 Bad Request on operations using labelSelector
(e.g. wait/delete on Jobs).
How
• Add kubernetesLabelValue() to trim invalid leading/trailing characters, cap length at 63, and
fall back to "0" only if nothing valid remains.
• Use it for cortex-job-id, cortex-worker-id, and for neuron-job-* name construction (aligned
with valid RFC 1123-style names).
Risk / follow-up
• Low for normal Cortex IDs.
• Old Job objects in-cluster may still have pre-sanitization labels; new Jobs use the new values.
Update any dashboards/alerts that assumed raw IDs on labels if applicable.
Testing
• ./sbt compile (not run in agent environment; please run locally).
• Deploy and run an analysis whose job ID ends with _; confirm Job create, wait, and delete
succeed without label parse errors.