Cannot launch because no-permission SA name is over 63 chars #4182
Description
Checks
- I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
- I am using charts that are officially provided
Controller Version
0.12.1
Deployment Method
Helm
Checks
- This isn't a question or user support case (For Q&A and community support, go to Discussions).
- I've read the Changelog before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes
To Reproduce
- A longer than usual repo name
- A longer than usual environment name
all leading to ....
a SA name is set to shift-copy-sandbox-arc-runner-set-gha-rs-controller-no-permission, which is over the 63 chars limit.
Describe the bug
My runner pods therefore do not start. My particular error running on EKS and Cilium is:
0s Warning FailedCreatePodSandBox pod/shift-copy-sandbox-arc-runner-set-5br5g-runner-b2zwr
Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "0525ce8c22f7ca6658e945f2e5d1af4bfd8a91121fabf58664f72e33265f0029": plugin type="cilium-cni" failed (add): unable to create endpoint: Cilium API client timeout exceeded
due to
time="2025-07-16T14:37:11.063142787Z" level=warning msg="Key allocation attempt failed" attempt=8 error="unable to allocate ID 3343 for key [k8s:actions-ephemeral-runner=True
k8s:actions.github.com/organization=MyOrg k8s:actions.github.com/repository=Shift-copy
k8s:actions.github.com/scale-set-name=shift-copy-sandbox-arc-runner-set
k8s:actions.github.com/scale-set-namespace=arc-runners
k8s:app.kubernetes.io/component=runner
k8s:app.kubernetes.io/instance=shift-copy-sandbox-arc-runner-set
k8s:app.kubernetes.io/managed-by=Helm
k8s:app.kubernetes.io/name=shift-copy-sandbox-arc-runner-set
k8s:app.kubernetes.io/part-of=gha-runner-scale-set
k8s:app.kubernetes.io/version=0.12.1 k8s:helm.sh/chart=gha-rs-controller-0.12.1 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=arc-runners k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=shift-copy-sandbox-arc-runner-set-gha-rs-controller-no-permission
k8s:io.kubernetes.pod.namespace=arc-runners]: CiliumIdentity.cilium.io \"3343\" is invalid: metadata.labels: Invalid value: \"shift-copy-sandbox-arc-runner-set-gha-rs-controller-no-permission\": must be no more than 63 characters"
key="
[k8s:actions-ephemeral-runner=True
k8s:actions.github.com/organization=MyOrg
k8s:actions.github.com/repository=Shift-copy
k8s:actions.github.com/scale-set-name=shift-copy-sandbox-arc-runner-set k8s:actions.github.com/scale-set-namespace=arc-runners
k8s:app.kubernetes.io/component=runner
k8s:app.kubernetes.io/instance=shift-copy-sandbox-arc-runner-set
k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=shift-copy-sandbox-arc-runner-set k8s:app.kubernetes.io/part-of=gha-runner-scale-set
k8s:app.kubernetes.io/version=0.12.1 k8s:helm.sh/chart=gha-rs-controller-0.12.1 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=arc-runners
k8s:io. cilium.k8s.policy.cluster=default
k8s:io.cilium.k8s.policy.serviceaccount=shift-copy-sandbox-arc-runner-set-gha-rs-controller-no-permission
k8s:io.kubernetes.pod.namespace=arc-runners]
" subsys=allocator
Describe the expected behavior
The name fits within the Kubernetes 63 chars limit, always.
Additional Context
I could not find a way to override the SA name for the `no-permission` SA, just the controller.Controller Logs
Logs provided above.Runner Pod Logs
No log, no pod running.