-
Notifications
You must be signed in to change notification settings - Fork 39.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EndpointSlice object is not removed when service selector is made to be empty #118376
Comments
/sig network |
/assign |
yeah, this was discussed in several places and as far as I remember we settled in leaving the object orphan since removing the selector of the Service is a conscious decision that removes the ownership of the endpoint or endpointslice from the controller ... it is a complex problem with a lot of edges, can you elaborate on the use case to remove the selector of the service @pperiyasamy ? /cc @robscott |
The description here isn't very clear about what the problem is. The bug is:
Note that step 3 (modifying the My theory on fixing this was that in step 2, the ownership of the |
I looked at some of the relevant issues and the document for |
May I submit a PR to fix the issue as you suggested? |
I'm not sure the Endpoints should own the EndpointSlices - that means we have a (semi)deprecated object owning a stable, recommended API kind. |
For any case where the behavior is likely to be surprising, and we can't use code to reduce the surprise directly, we could return a |
Why not? In fact, this is already the case: When you create a service without selector and the Endpoints are created manually, those Endpoints own the EndpointSlices. When you delete those Endpoints, you expect the mirrored EndpointSlices to be deleted. If we are doing this already, why would it be a problem to just transfer the ownership as @danwinship suggested? |
Basically, if I have a this
And I remove the selector, I expect to cut only the first edge but keep the other one, i.e. to end up with
Honestly, I can see neither a good use case nor a valid reason to keep the current odd behavior. |
So the mirroring controller creates a new EndpointSlice label but the
and
The problem with this triangle of dependencies between Services, Endpoints and EndpointSlices is that it has a lot of edge cases, and there can be more endpoint slice controllers or owners, I think that what we want is:
Then the endpointslice mirroring controller takes ownership of this EndpointSlice do we see any corner case we can break something @robscott @thockin ? |
Why is it useful to have an EndpointSlice owned by an Endpoints? |
Reasons that come to my head:
|
I have this ambition that we reverse the mirroring: EndpointSlices (plural) that have a related Service would one day mirror to an Endpoints. That feels like the better approach because it makes it clear that Endpoints is the legacy API. However, that ownership if we do it could get in the way. It's weird to have things mirror into their owner. |
The endpointslicemirroring mirrors Endpoints to EndpointSlices, that is its job and I AFAIK the problem here is to decide if the EndpointSlice orphaned should be considered by the EndpointSliceMirroring controller or not, but is not really orphan since still keeps the "managed-by" label 🤷 On one side we can say, the controller is smart enough to detect this problem and reconcile, but now that I think it out loud, it does not look a good idea to open this path of "taking ownership" from other controllers #118376 (comment) with a lot more of thinking, if we not define clear guidelines for this behavior we'll end on hotlooping situations between controllers stealing objects from others back and forth. In other side we can argument that is a user problem, "you leave these objects orphan on purpose you have to deal with the existing behavior", that is why I asked in #118376 (comment) what is the use case and how did we end in this situation, because it seems that here we only have a consequence without full context on why we ended in this situation, can we have more details on the full picture? |
No, we don't want that. Translating an EndpointSlice to an Endpoints is a lossy operation. (eg, you can't preserve dual-stack). If someone creates an EndpointSlice by hand, and they don't create a corresponding Endpoints object, then we just assume that they don't care about legacy Endpoints-only clients (because they absolutely shouldn't care about them at this point). But the opposite is not the case; if someone creates an Endpoints by hand, and they don't create a corresponding EndpointSlice, we assume that they are a legacy client and don't realize that they should have created an EndpointSlice, so we create the EndpointSlice for them, because otherwise their Endpoints is useless because kube-proxy, etc, won't look at it. If you are a modern client and you for some reason want to create an Endpoints which will not get mirrored to an EndpointSlice, then you are required to set the The question here is what the expectation is for an Endpoints object that was orphaned by the EndpointController.
The EndpointSlice isn't owned by the Endpoints, it's owned by the EndpointSlice mirroring controller. |
maybe we should start emitting a warning on all manual Endpoints creations... |
@aojea Maybe it would be feasible/simpler if we had the endpointslice controller delete the endpoint slices when the service has endpoints and selector is removed? Under the assumption that the endpointslicemirroring controller would create its own EndpointSlices by mirroring the Endpoints that have been kept around. |
@danwinship if you mean a warning in kube-apiserver logs, I am afraid that it will be seen by almost nobody other than few very careful cluster-admins (which often are teams different to the users who create them). An event might be better seen by the end users, but... |
Could we emit a Warning at HTTP level? (see linked article for more details) |
@sftim oh, such a warning would be perfectly visible to end-user |
/triage accepted |
@danwinship @robscott any update on the proposed fix ? Is anyone of you working on it ? |
@pperiyasamy the warning should be something good to have (so that people prefer creating manual endpointslices instead of manual endpoints). But once somebody has decided to create the Endpoints, the mapping between EndpointSlices and Endpoints should be always correct. We should not have wrong mappings just because the sequence of actions was as described in the issue. |
This issue has not been updated in over 1 year, and should be re-triaged. You can:
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/ /remove-triage accepted |
/triage accepted Still a problem. Some of the discussion here (eg, warnings if people use Endpoints) ties into the idea that we should "deprecate Endpoints harder" as discussed in SIG Network on May 9. |
What happened?
Implementations like kube-proxy might direct service traffic to stale endpoint slice as if it was a valid endpoint.
What did you expect to happen?
The EndpointSlice (have service object as owner reference) object must get removed when service selector is set to empty.
How can we reproduce it (as minimally and precisely as possible)?
Anything else we need to know?
Actual Result:
The Endpoint and EndpointSlice (having service object as owner reference) object is untouched, a new EndpointSlice mirror object (having Endpoint object as owner reference) is created.
An update on the Endpoint object also modifies EndpointSlice mirror object and not the old endpointslice object (which is a desired behavior).
Observation:
The PR #105997 adds/removes mirrored EndpointSlice when selector is updated from non empty to empty and vice versa.
But EndpointSlice controller doesn't delete EndpointSlice object when service's selector is set to empty.
Kubernetes version
Cloud provider
OS version
Install tools
Container runtime (CRI) and version (if applicable)
Related plugins (CNI, CSI, ...) and versions (if applicable)
The text was updated successfully, but these errors were encountered: