Sync endpoint updates for service mappings of headless services (#1481)

* Add watch for updates to from.endpoints * Add rbac for endpoints if mapServices.Host exists * Add e2e tests
loft-sh · Jan 30, 2024 · 619f186 · 619f186
1 parent acd9c71
commit 619f186
Show file tree

Hide file tree

Showing 8 changed files with 337 additions and 16 deletions.
diff --git a/charts/eks/templates/rbac/clusterrole.yaml b/charts/eks/templates/rbac/clusterrole.yaml
@@ -83,7 +83,7 @@ rules:
   {{- include "vcluster.generic.clusterRoleExtraRules" . | indent 2 }}
   {{- if (not (empty (include "vcluster.serviceMapping.fromHost" . ))) }}
   - apiGroups: [""]
-    resources: ["services"]
+    resources: ["services", "endpoints"]
     verbs: ["get", "watch", "list"]
   {{- end }}
   {{- if .Values.multiNamespaceMode.enabled }}

diff --git a/charts/k0s/templates/rbac/clusterrole.yaml b/charts/k0s/templates/rbac/clusterrole.yaml
@@ -83,7 +83,7 @@ rules:
   {{- include "vcluster.generic.clusterRoleExtraRules" . | indent 2 }}
   {{- if (not (empty (include "vcluster.serviceMapping.fromHost" . ))) }}
   - apiGroups: [""]
-    resources: ["services"]
+    resources: ["services", "endpoints"]
     verbs: ["get", "watch", "list"]
   {{- end }}
   {{- if .Values.multiNamespaceMode.enabled }}

diff --git a/charts/k3s/templates/rbac/clusterrole.yaml b/charts/k3s/templates/rbac/clusterrole.yaml
@@ -83,7 +83,7 @@ rules:
   {{- include "vcluster.generic.clusterRoleExtraRules" . | indent 2 }}
   {{- if (not (empty (include "vcluster.serviceMapping.fromHost" . ))) }}
   - apiGroups: [""]
-    resources: ["services"]
+    resources: ["services", "endpoints"]
     verbs: ["get", "watch", "list"]
   {{- end }}
   {{- if .Values.multiNamespaceMode.enabled }}

diff --git a/charts/k8s/templates/rbac/clusterrole.yaml b/charts/k8s/templates/rbac/clusterrole.yaml
@@ -83,7 +83,7 @@ rules:
   {{- include "vcluster.generic.clusterRoleExtraRules" . | indent 2 }}
   {{- if (not (empty (include "vcluster.serviceMapping.fromHost" . ))) }}
   - apiGroups: [""]
-    resources: ["services"]
+    resources: ["services", "endpoints"]
     verbs: ["get", "watch", "list"]
   {{- end }}
   {{- if .Values.multiNamespaceMode.enabled }}

diff --git a/pkg/controllers/servicesync/servicesync.go b/pkg/controllers/servicesync/servicesync.go
@@ -62,6 +62,20 @@ func (e *ServiceSyncer) Register() error {
 
 			return []reconcile.Request{{NamespacedName: from}}
 		})).
+		WatchesRawSource(source.Kind(e.From.GetCache(), &corev1.Endpoints{}), handler.EnqueueRequestsFromMapFunc(func(_ context.Context, object client.Object) []reconcile.Request {
+			if object == nil {
+				return nil
+			}
+
+			_, ok := e.SyncServices[object.GetNamespace()+"/"+object.GetName()]
+			if !ok {
+				return nil
+			}
+
+			return []reconcile.Request{{
+				NamespacedName: types.NamespacedName{Namespace: object.GetNamespace(), Name: object.GetName()},
+			}}
+		})).
 		Complete(e)
 }
 
@@ -81,7 +95,7 @@ func (e *ServiceSyncer) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 		}
 
 		// make sure the to service is deleted
-		e.Log.Infof("Delete target service %s/%s because from service is missing", to.Name, to.Namespace)
+		e.Log.Infof("Delete target service %s/%s because from service is missing", to.Namespace, to.Name)
 		err = e.To.GetClient().Delete(ctx, &corev1.Service{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      to.Name,
@@ -281,16 +295,32 @@ func (e *ServiceSyncer) syncServiceAndEndpoints(ctx context.Context, fromService
 	}
 
 	// check if update is needed
-	expectedSubsets := []corev1.EndpointSubset{
-		{
-			Addresses: []corev1.EndpointAddress{
-				{
-					IP: fromService.Spec.ClusterIP,
+	var expectedSubsets []corev1.EndpointSubset
+	if fromService.Spec.ClusterIP == corev1.ClusterIPNone {
+		// fetch the corresponding endpoint and assign address from there to here
+		fromEndpoint := &corev1.Endpoints{}
+		err = e.From.GetClient().Get(ctx, types.NamespacedName{
+			Name:      fromService.GetName(),
+			Namespace: fromService.GetNamespace(),
+		}, fromEndpoint)
+		if err != nil {
+			return ctrl.Result{}, err
+		}
+
+		expectedSubsets = fromEndpoint.Subsets
+	} else {
+		expectedSubsets = []corev1.EndpointSubset{
+			{
+				Addresses: []corev1.EndpointAddress{
+					{
+						IP: fromService.Spec.ClusterIP,
+					},
 				},
+				Ports: convertPorts(toService.Spec.Ports),
 			},
-			Ports: convertPorts(toService.Spec.Ports),
-		},
+		}
 	}
+
 	if !apiequality.Semantic.DeepEqual(toEndpoints.Subsets, expectedSubsets) {
 		e.Log.Infof("Update target endpoints %s/%s because subsets are different", to.Namespace, to.Name)
 		toEndpoints.Subsets = expectedSubsets

diff --git a/test/commonValues.yaml b/test/commonValues.yaml
@@ -34,9 +34,13 @@ mapServices:
   fromVirtual:
   - from: test/test
     to: test
+  - from: test/nginx
+    to: nginx
   fromHost:
   - from: test/test
     to: default/test
+  - from: test/nginx
+    to: default/nginx
 
 init:
   helm: