Use annotation for old secret name instead of label (gardener#8818)

``` panic: 6 errors occurred: * failed to create a temporary secret Secret "tmp-managedresource-shoot-core-kube-proxy-worker-remote-v1.24-e3b0c442" is invalid: metadata.labels: Invalid value: "managedresource-shoot-core-kube-proxy-worker-remote-v1.24-e3b0c442": must be no more than 63 characters * failed to create a temporary secret Secret "tmp-managedresource-shoot-core-kube-proxy-worker-f8blv-v1.27-5f0350de" is invalid: metadata.labels: Invalid value: "managedresource-shoot-core-kube-proxy-worker-f8blv-v1.27-5f0350de": must be no more than 63 characters * failed to create a temporary secret Secret "tmp-managedresource-shoot-core-kube-proxy-worker-hb2ub-v1.26.5-28fc7969" is invalid: metadata.labels: Invalid value: "managedresource-shoot-core-kube-proxy-worker-hb2ub-v1.26.5-28fc7969": must be no more than 63 characters * failed to create a temporary secret Secret "tmp-managedresource-shoot-core-kube-proxy-worker-hb2ub-v1.26-479c5685" is invalid: metadata.labels: Invalid value: "managedresource-shoot-core-kube-proxy-worker-hb2ub-v1.26-479c5685": must be no more than 63 characters * failed to create a temporary secret Secret "tmp-managedresource-shoot-core-kube-proxy-worker-fqi0o-v1.24-e3b0c442" is invalid: metadata.labels: Invalid value: "managedresource-shoot-core-kube-proxy-worker-fqi0o-v1.24-e3b0c442": must be no more than 63 characters ... ```
nickytd · Nov 15, 2023 · c675f5b · c675f5b
1 parent dc2cf26
commit c675f5b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/cmd/gardenlet/app/app.go b/cmd/gardenlet/app/app.go
@@ -491,9 +491,9 @@ func (g *garden) cleanupOrphanedExtensionsServiceAccounts(ctx context.Context, g
 }
 
 const (
-	grmFinalizer           = "resources.gardener.cloud/gardener-resource-manager"
-	tempSecretLabel        = "resources.gardener.cloud/temp-secret"
-	tempSecretOldNameLabel = "resources.gardener.cloud/temp-secret-old-name"
+	grmFinalizer                = "resources.gardener.cloud/gardener-resource-manager"
+	tempSecretLabel             = "resources.gardener.cloud/temp-secret"
+	tempSecretOldNameAnnotation = "resources.gardener.cloud/temp-secret-old-name"
 )
 
 // TODO(dimityrmirchev): Remove this code after v1.87 has been released.
@@ -512,7 +512,7 @@ func recreateDeletedManagedResourceSecrets(ctx context.Context, c client.Client)
 	for _, temp := range tempSecretList.Items {
 		temp := temp
 		tasks = append(tasks, func(ctx context.Context) error {
-			originalName := temp.Labels[tempSecretOldNameLabel]
+			originalName := temp.Annotations[tempSecretOldNameAnnotation]
 			original := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: originalName, Namespace: temp.Namespace}}
 
 			if err := limiter.Wait(ctx); err != nil {
@@ -524,7 +524,7 @@ func recreateDeletedManagedResourceSecrets(ctx context.Context, c client.Client)
 					// original secret is not found so we recreate it
 					original := temp.DeepCopy()
 					delete(original.Labels, tempSecretLabel)
-					delete(original.Labels, tempSecretOldNameLabel)
+					delete(original.Annotations, tempSecretOldNameAnnotation)
 					original.ResourceVersion = ""
 					original.Name = originalName
 
@@ -580,7 +580,7 @@ func recreateDeletedManagedResourceSecrets(ctx context.Context, c client.Client)
 			tempSecret := original.DeepCopy()
 			tempSecret.Name = "tmp-" + original.Name
 			metav1.SetMetaDataLabel(&tempSecret.ObjectMeta, tempSecretLabel, "true")
-			metav1.SetMetaDataLabel(&tempSecret.ObjectMeta, tempSecretOldNameLabel, original.Name)
+			metav1.SetMetaDataAnnotation(&tempSecret.ObjectMeta, tempSecretOldNameAnnotation, original.Name)
 			tempSecret.DeletionTimestamp = nil
 			tempSecret.ResourceVersion = ""
 			tempSecret.Finalizers = nil

diff --git a/cmd/gardenlet/app/app_test.go b/cmd/gardenlet/app/app_test.go
@@ -90,7 +90,9 @@ var _ = Describe("Recreate Managed Resource Secrets", func() {
 				Labels: map[string]string{
 					"resources.gardener.cloud/garbage-collectable-reference": "true",
 					"resources.gardener.cloud/temp-secret":                   "true",
-					"resources.gardener.cloud/temp-secret-old-name":          "secret3",
+				},
+				Annotations: map[string]string{
+					"resources.gardener.cloud/temp-secret-old-name": "secret3",
 				},
 			},
 			Immutable: pointer.Bool(true),
@@ -121,7 +123,9 @@ var _ = Describe("Recreate Managed Resource Secrets", func() {
 				Labels: map[string]string{
 					"resources.gardener.cloud/garbage-collectable-reference": "true",
 					"resources.gardener.cloud/temp-secret":                   "true",
-					"resources.gardener.cloud/temp-secret-old-name":          "secret4",
+				},
+				Annotations: map[string]string{
+					"resources.gardener.cloud/temp-secret-old-name": "secret4",
 				},
 			},
 			Immutable: pointer.Bool(true),