Merge pull request #19 from westbrook-ai/fix-orchestrator-dns-names

fix: ensure container names don't exceed 63-character DNS label limit

Author: tjbck

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "terminals"
-version = "0.0.1"
+version = "0.0.2"
 description = "Multi-tenant terminal orchestrator for Open Terminal."
 readme = "README.md"
 authors = [

terminals/backends/docker.py

@@ -1,7 +1,9 @@
 """Docker backend — provisions Open Terminal inside containers via aiodocker."""
 
 import asyncio
+import hashlib
 import logging
+import re
 import secrets
 import time
 from pathlib import Path
@@ -18,6 +20,7 @@
 
 # Container name prefix used for discovery during reconciliation.
 _CONTAINER_PREFIX = "terminals-"
+_DNS_SAFE = re.compile(r"[^a-z0-9-]")
 
 
 class DockerBackend(Backend):
@@ -34,8 +37,12 @@ async def _get_docker(self) -> aiodocker.Docker:
 
     @staticmethod
     def _container_name(policy_id: str, user_id: str) -> str:
-        """Build the deterministic container name."""
-        return f"{_CONTAINER_PREFIX}{policy_id}-{user_id}"
+        """Build a deterministic, DNS-safe container name (≤63 chars)."""
+        short = hashlib.sha256(user_id.encode()).hexdigest()[:12]
+        if policy_id == "default":
+            return f"{_CONTAINER_PREFIX}{short}"
+        policy_slug = _DNS_SAFE.sub("-", policy_id.lower()).strip("-")[:20]
+        return f"{_CONTAINER_PREFIX}{short}-{policy_slug}"
 
     # ------------------------------------------------------------------
     # Backend interface

terminals/backends/kubernetes.py

@@ -2,6 +2,7 @@
 
 import asyncio
 import base64
+import hashlib
 import logging
 import re
 import secrets
@@ -23,10 +24,13 @@
 _DNS_SAFE = re.compile(r"[^a-z0-9-]")
 
 
-def _sanitize_name(user_id: str) -> str:
-    """Convert a user ID to a DNS-safe K8s resource name."""
-    name = _DNS_SAFE.sub("-", user_id.lower()).strip("-")[:53]
-    return f"terminal-{name}"
+def _sanitize_name(user_id: str, policy_id: str = "default") -> str:
+    """Deterministic, DNS-safe K8s resource name (≤63 chars)."""
+    short = hashlib.sha256(user_id.encode()).hexdigest()[:12]
+    if policy_id == "default":
+        return f"terminal-{short}"
+    policy_slug = _DNS_SAFE.sub("-", policy_id.lower()).strip("-")[:20]
+    return f"terminal-{short}-{policy_slug}"
 
 
 def _parse_labels() -> dict[str, str]:
@@ -87,9 +91,8 @@ async def provision(
         s = spec or {}
 
         api_key = secrets.token_urlsafe(24)
-        base_name = _sanitize_name(user_id)
+        name = _sanitize_name(user_id, policy_id)
         policy_slug = _DNS_SAFE.sub("-", policy_id.lower()).strip("-")[:20]
-        name = f"{base_name}-{policy_slug}" if policy_id != "default" else base_name
         ns = settings.kubernetes_namespace
         labels = _base_labels(user_id)
         labels["openwebui.com/policy"] = policy_slug