Description of problem:

See https://issues.redhat.com/browse/KFLUXSPRT-569 and https://redhat-internal.slack.com/archives/C04PZ7H0VA8/p1732264329543709.

Essentially, we have a ServiceAccount that has about ~118 secrets attached to it. This in terms means there will be about ~118 volumeMount in each Pod from a TaskRun.

And it turns out, it is possible that this will generate some conflicts (aka same name)

Workaround: none

			// While secret names can use RFC1123 DNS subdomain name rules, the volume mount
			// name required the stricter DNS label standard, for example no dots anymore.
			sanitizedName := dnsLabel1123Forbidden.ReplaceAllString(secret.Name, "-")
			name := names.SimpleNameGenerator.RestrictLengthWithRandomSuffix("tekton-internal-secret-volume-" + sanitizedName)

Prerequisites (if any, like setup, operators/versions):

Steps to Reproduce

• Attach about 120 secrets to the pipeline SA
• Create a TaskRun until it fails

Actual results:

Expected results:

Reproducibility (Always/Intermittent/Only Once):

Acceptance criteria: 

Definition of Done:

Build Details:

Additional info (Such as Logs, Screenshots, etc):

 *