https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/blob/5f2efd4ff97e7c0bfdb726a066118d3401576730/hack/gencerts.sh#L120-L125

x509 cert's only allow 64 characters for the CN name, and all k8's values we're using here could be that length by themselves.

"/CN=${SERVICE}.${NAMESPACE}.svc"

The script already is using the cert extensions for DNS, but if you try to setup the operator in a namespace with 40+ characters, it will fail to launch with an error like this:

Generating certs for the Spark pod admission webhook in /tmp/spark-pod-webhook-certs.
803BB7BE987F0000:error:06800097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:../crypto/asn1/a_mbstr.c:106:maxsize=64
req: Error adding subject name attribute "/CN=app-spark-operator-webhook.eventus-app-885b9f64-87f8-4eda-a6a3-9895cdd5fab5.svc"

The script should probably just use the value for the service as it's not going to be longer than 64 characters and is a valid dns endpoint within the namespace

 "/CN=${SERVICE}"