Description of problem

When creating PersistentVolumeClaims (PVCs) during vSphere migration with the xcopy offload plugin, the NAA identifier obtained from vSphere datastores is used directly as a Kubernetes label value. This causes validation errors when the NAA contains characters not allowed in Kubernetes labels.

Root Cause

The NAA identifier format (e.g., mpx.vmhba0:C0:T1:L0) contains colons (:) which are not allowed in Kubernetes label values.

The Kubernetes label validation regex requires:

• Only alphanumeric characters, -, _, or .
• Must start and end with an alphanumeric character
• Maximum 63 characters

Affected Code

The issue occurs in the xcopy volume populator code path where getNAAFromDatastore() returns NAA identifiers that are then used as storage affinity labels on PVCs without validation.

File: pkg/controller/plan/adapter/vsphere/builder.go

Implemented Fix

Use Kubernetes' built-in validation function k8svalidation.IsValidLabelValue() to check if the NAA value is valid for Kubernetes labels. If the label value is invalid, omit the label rather than failing resource creation or attempting to sanitize it.

This approach:

1. Validates NAA label values before adding them to PVC labels
2. Omits invalid labels instead of causing failures
3. Preserves the original data integrity without transformation
4. Uses standard Kubernetes validation logic

PR: https://github.com/kubev2v/forklift/pull/3952