Firewall annotation cannot work with long service names

[julsemaan]

General:

• Have you removed all sensitive information, including but not limited to access keys and passwords?
• Have you checked to ensure there aren't other open or closed Pull Requests for the same bug/feature/question?

---

Feature Requests:

• Have you explained your rationale for why this feature is needed?
• Have you offered a proposed implementation/solution?

---

Bug Reporting

When using the service.beta.kubernetes.io/linode-loadbalancer-firewall-acl annotation, if the service name is too long, it causes errors creating the firewall

Expected Behavior

Service name should be able to be as long as needed in the k8s resource and stripped as needed by the CCM when creating resources

Actual Behavior

Linode API rejects the requests coming from the CCM and the firewall doesn't get created:

I0207 20:43:21.111439       1 loadbalancers.go:735] found NodeBalancer (000000) for service (ingress/banana-banana-banana-banana) via IPv4 (X.X.X.X)
E0207 20:43:21.494953       1 controller.go:307] error processing service ingress/ingress/banana-banana-banana-banana (will retry): failed to ensure load balancer: [400] [rules.inbound[0].label] Length must be 3-32 characters

Steps to Reproduce the Problem

1. Create a k8s service with spec.name: banana-banana-banana-banana and spec.metadata.annotations.service.beta.kubernetes.io/linode-loadbalancer-firewall-acl: { "allowList": { "ipv4": ["1.2.3.4/32"] }}

Environment Specifications

Screenshots, Code Blocks, and Logs

Additional Notes

@schinmai-akamai said it's a bug :)

---

For general help or discussion, join the Kubernetes Slack team channel #linode. To sign up, use the Kubernetes Slack inviter.

The Linode Community is a great place to get additional support.