apiserver identity : use SHA256 hash in lease names

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2025-07-22 03:11:40 +00:00 · 2022-11-05 13:52:07 -04:00 · 2022-11-05 13:52:07 -04:00 · 5b3a9e2d75
commit 5b3a9e2d75
parent 62e9df085a
2 changed files with 9 additions and 8 deletions
--- a/staging/src/k8s.io/apiserver/pkg/server/config.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/config.go
@ -18,8 +18,9 @@ package server

 import (
 	"context"
+	"crypto/sha256"
+	"encoding/base32"
 	"fmt"
-	"hash/fnv"
 	"net"
 	"net/http"
 	"os"
@ -335,9 +336,8 @@ func NewConfig(codecs serializer.CodecFactory) *Config {
 			klog.Fatalf("error getting hostname for apiserver identity: %v", err)
 		}

-		h := fnv.New32a()
-		h.Write([]byte(hostname))
-		id = "kube-apiserver-" + fmt.Sprint(h.Sum32())
+		hash := sha256.Sum256([]byte(hostname))
+		id = "kube-apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16]))
 	}
 	lifecycleSignals := newLifecycleSignals()

--- a/test/integration/controlplane/apiserver_identity_test.go
+++ b/test/integration/controlplane/apiserver_identity_test.go
@ -18,9 +18,11 @@ package controlplane

 import (
 	"context"
+	"crypto/sha256"
+	"encoding/base32"
 	"fmt"
-	"hash/fnv"
 	"os"
+	"strings"
 	"testing"
 	"time"

@ -44,9 +46,8 @@ const (
 )

 func expectedAPIServerIdentity(hostname string) string {
-	h := fnv.New32a()
-	h.Write([]byte(hostname))
-	return "kube-apiserver-" + fmt.Sprint(h.Sum32())
+	hash := sha256.Sum256([]byte(hostname))
+	return "kube-apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16]))
 }

 func TestCreateLeaseOnStart(t *testing.T) {