Refactor controller to use EndpointSlices instead of Endpoints

Signed-off-by: Mengxin Liu <liumengxinfly@gmail.com>

Author: oilbeater

charts/kube-ovn-v2/templates/rbac/ovn-CR.yaml

@@ -135,6 +135,14 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - apps
     resources:

charts/kube-ovn/templates/ovn-CR.yaml

@@ -135,6 +135,14 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - apps
     resources:

dist/images/install.sh

@@ -3480,6 +3480,14 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - apps
     resources:

pkg/controller/controller.go

@@ -20,6 +20,7 @@ import (
 	appsv1 "k8s.io/client-go/listers/apps/v1"
 	certListerv1 "k8s.io/client-go/listers/certificates/v1"
 	v1 "k8s.io/client-go/listers/core/v1"
+	discoveryv1 "k8s.io/client-go/listers/discovery/v1"
 	netv1 "k8s.io/client-go/listers/networking/v1"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/tools/record"
@@ -222,10 +223,10 @@ type Controller struct {
 	updateServiceQueue workqueue.TypedRateLimitingInterface[*updateSvcObject]
 	svcKeyMutex        keymutex.KeyMutex
 
-	endpointsLister          v1.EndpointsLister
-	endpointsSynced          cache.InformerSynced
-	addOrUpdateEndpointQueue workqueue.TypedRateLimitingInterface[string]
-	epKeyMutex               keymutex.KeyMutex
+	endpointSlicesLister          discoveryv1.EndpointSliceLister
+	endpointSlicesSynced          cache.InformerSynced
+	addOrUpdateEndpointSliceQueue workqueue.TypedRateLimitingInterface[string]
+	epKeyMutex                    keymutex.KeyMutex
 
 	deploymentsLister appsv1.DeploymentLister
 	deploymentsSynced cache.InformerSynced
@@ -349,7 +350,7 @@ func Run(ctx context.Context, config *Configuration) {
 	namespaceInformer := informerFactory.Core().V1().Namespaces()
 	nodeInformer := informerFactory.Core().V1().Nodes()
 	serviceInformer := informerFactory.Core().V1().Services()
-	endpointInformer := informerFactory.Core().V1().Endpoints()
+	endpointSliceInformer := informerFactory.Discovery().V1().EndpointSlices()
 	deploymentInformer := deployInformerFactory.Apps().V1().Deployments()
 	qosPolicyInformer := kubeovnInformerFactory.Kubeovn().V1().QoSPolicies()
 	configMapInformer := cmInformerFactory.Core().V1().ConfigMaps()
@@ -493,10 +494,10 @@ func Run(ctx context.Context, config *Configuration) {
 		updateServiceQueue: newTypedRateLimitingQueue[*updateSvcObject]("UpdateService", nil),
 		svcKeyMutex:        keymutex.NewHashed(numKeyLocks),
 
-		endpointsLister:          endpointInformer.Lister(),
-		endpointsSynced:          endpointInformer.Informer().HasSynced,
-		addOrUpdateEndpointQueue: newTypedRateLimitingQueue[string]("UpdateEndpoint", nil),
-		epKeyMutex:               keymutex.NewHashed(numKeyLocks),
+		endpointSlicesLister:          endpointSliceInformer.Lister(),
+		endpointSlicesSynced:          endpointSliceInformer.Informer().HasSynced,
+		addOrUpdateEndpointSliceQueue: newTypedRateLimitingQueue[string]("UpdateEndpointSlice", nil),
+		epKeyMutex:                    keymutex.NewHashed(numKeyLocks),
 
 		deploymentsLister: deploymentInformer.Lister(),
 		deploymentsSynced: deploymentInformer.Informer().HasSynced,
@@ -642,7 +643,7 @@ func Run(ctx context.Context, config *Configuration) {
 		controller.ipSynced, controller.virtualIpsSynced, controller.iptablesEipSynced,
 		controller.iptablesFipSynced, controller.iptablesDnatRuleSynced, controller.iptablesSnatRuleSynced,
 		controller.vlanSynced, controller.podsSynced, controller.namespacesSynced, controller.nodesSynced,
-		controller.serviceSynced, controller.endpointsSynced, controller.deploymentsSynced, controller.configMapsSynced,
+		controller.serviceSynced, controller.endpointSlicesSynced, controller.deploymentsSynced, controller.configMapsSynced,
 		controller.ovnEipSynced, controller.ovnFipSynced, controller.ovnSnatRuleSynced,
 		controller.ovnDnatRuleSynced,
 	}
@@ -692,11 +693,11 @@ func Run(ctx context.Context, config *Configuration) {
 		util.LogFatalAndExit(err, "failed to add service event handler")
 	}
 
-	if _, err = endpointInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
-		AddFunc:    controller.enqueueAddEndpoint,
-		UpdateFunc: controller.enqueueUpdateEndpoint,
+	if _, err = endpointSliceInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
+		AddFunc:    controller.enqueueAddEndpointSlice,
+		UpdateFunc: controller.enqueueUpdateEndpointSlice,
 	}); err != nil {
-		util.LogFatalAndExit(err, "failed to add endpoint event handler")
+		util.LogFatalAndExit(err, "failed to add endpoint slice event handler")
 	}
 
 	if _, err = deploymentInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
@@ -1017,7 +1018,7 @@ func (c *Controller) shutdown() {
 	c.addServiceQueue.ShutDown()
 	c.deleteServiceQueue.ShutDown()
 	c.updateServiceQueue.ShutDown()
-	c.addOrUpdateEndpointQueue.ShutDown()
+	c.addOrUpdateEndpointSliceQueue.ShutDown()
 
 	c.addVlanQueue.ShutDown()
 	c.delVlanQueue.ShutDown()
@@ -1211,7 +1212,7 @@ func (c *Controller) startWorkers(ctx context.Context) {
 
 		if c.config.EnableLb {
 			go wait.Until(runWorker("update service", c.updateServiceQueue, c.handleUpdateService), time.Second, ctx.Done())
-			go wait.Until(runWorker("add/update endpoint", c.addOrUpdateEndpointQueue, c.handleUpdateEndpoint), time.Second, ctx.Done())
+			go wait.Until(runWorker("add/update endpoint slice", c.addOrUpdateEndpointSliceQueue, c.handleUpdateEndpointSlice), time.Second, ctx.Done())
 		}
 
 		if c.config.EnableNP {

pkg/controller/endpoint.go pkg/controller/endpoint_slice.gopkg/controller/endpoint.go renamed to pkg/controller/endpoint_slice.go

@@ -6,6 +6,7 @@ import (
 	"time"
 
 	v1 "k8s.io/api/core/v1"
+	discoveryv1 "k8s.io/api/discovery/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -17,29 +18,40 @@ import (
 	"github.com/kubeovn/kube-ovn/pkg/util"
 )
 
-func (c *Controller) enqueueAddEndpoint(obj any) {
-	key := cache.MetaObjectToName(obj.(*v1.Endpoints)).String()
-	klog.V(3).Infof("enqueue add endpoint %s", key)
-	c.addOrUpdateEndpointQueue.Add(key)
+func findServiceKey(endpointSlice *discoveryv1.EndpointSlice) string {
+	if endpointSlice != nil && endpointSlice.Labels != nil && endpointSlice.Labels[discoveryv1.LabelServiceName] != "" {
+		return endpointSlice.Namespace + "/" + endpointSlice.Labels[discoveryv1.LabelServiceName]
+	}
+	return ""
 }
 
-func (c *Controller) enqueueUpdateEndpoint(oldObj, newObj any) {
-	oldEp := oldObj.(*v1.Endpoints)
-	newEp := newObj.(*v1.Endpoints)
-	if oldEp.ResourceVersion == newEp.ResourceVersion {
+func (c *Controller) enqueueAddEndpointSlice(obj any) {
+	key := findServiceKey(obj.(*discoveryv1.EndpointSlice))
+	if key != "" {
+		klog.V(3).Infof("enqueue add endpointSlice %s", key)
+		c.addOrUpdateEndpointSliceQueue.Add(key)
+	}
+}
+
+func (c *Controller) enqueueUpdateEndpointSlice(oldObj, newObj any) {
+	oldEndpointSlice := oldObj.(*discoveryv1.EndpointSlice)
+	newEndpointSlice := newObj.(*discoveryv1.EndpointSlice)
+	if oldEndpointSlice.ResourceVersion == newEndpointSlice.ResourceVersion {
 		return
 	}
 
-	if len(oldEp.Subsets) == 0 && len(newEp.Subsets) == 0 {
+	if len(oldEndpointSlice.Endpoints) == 0 && len(newEndpointSlice.Endpoints) == 0 {
 		return
 	}
 
-	key := cache.MetaObjectToName(newEp).String()
-	klog.V(3).Infof("enqueue update endpoint %s", key)
-	c.addOrUpdateEndpointQueue.Add(key)
+	key := findServiceKey(newEndpointSlice)
+	if key != "" {
+		klog.V(3).Infof("enqueue update endpointSlice for service %s", key)
+		c.addOrUpdateEndpointSliceQueue.Add(key)
+	}
 }
 
-func (c *Controller) handleUpdateEndpoint(key string) error {
+func (c *Controller) handleUpdateEndpointSlice(key string) error {
 	namespace, name, err := cache.SplitMetaNamespaceKey(key)
 	if err != nil {
 		utilruntime.HandleError(fmt.Errorf("invalid resource key: %s", key))
@@ -48,9 +60,9 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 
 	c.epKeyMutex.LockKey(key)
 	defer func() { _ = c.epKeyMutex.UnlockKey(key) }()
-	klog.Infof("handle update endpoint %s", key)
+	klog.Infof("handle update endpointSlice for service %s", key)
 
-	ep, err := c.endpointsLister.Endpoints(namespace).Get(name)
+	endpointSlices, err := c.endpointSlicesLister.EndpointSlices(namespace).List(labels.Set(map[string]string{discoveryv1.LabelServiceName: name}).AsSelector())
 	if err != nil {
 		if errors.IsNotFound(err) {
 			return nil
@@ -81,11 +93,10 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 	if vip, ok = svc.Annotations[util.SwitchLBRuleVipsAnnotation]; ok {
 		lbVips = []string{vip}
 
-		for _, subset := range ep.Subsets {
-			for _, address := range subset.Addresses {
-				// TODO: IPv6
+		for _, endpointSlice := range endpointSlices {
+			for _, endpoint := range endpointSlice.Endpoints {
 				if util.CheckProtocol(vip) == kubeovnv1.ProtocolIPv4 &&
-					address.TargetRef.Name != "" {
+					endpoint.TargetRef.Name != "" {
 					ignoreHealthCheck = false
 				}
 			}
@@ -113,32 +124,7 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 		klog.Errorf("failed to get pods for service %s in namespace %s: %v", name, namespace, err)
 		return err
 	}
-	for i, pod := range pods {
-		if pod.Status.PodIP != "" || len(pod.Status.PodIPs) != 0 {
-			continue
-		}
-
-		for _, subset := range ep.Subsets {
-			for _, addr := range subset.Addresses {
-				if addr.TargetRef == nil || addr.TargetRef.Kind != "Pod" || addr.TargetRef.Name != pod.Name {
-					continue
-				}
-
-				p, err := c.config.KubeClient.CoreV1().Pods(pod.Namespace).Get(context.Background(), pod.Name, metav1.GetOptions{})
-				if err != nil {
-					klog.Errorf("failed to get pod %s/%s: %v", pod.Namespace, pod.Name, err)
-					return err
-				}
-				pods[i] = p.DeepCopy()
-				break
-			}
-			if pods[i] != pod {
-				break
-			}
-		}
-	}
-
-	vpcName, subnetName = c.getVpcSubnetName(pods, ep, svc)
+	vpcName, subnetName = c.getVpcSubnetName(pods, endpointSlices, svc)
 
 	var (
 		vpc    *kubeovnv1.Vpc
@@ -189,7 +175,7 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 				checkIP = util.MasqueradeCheckIP
 			}
 			isGenIPPortMapping := !ignoreHealthCheck || isPreferLocalBackend
-			ipPortMapping, backends = getIPPortMappingBackend(ep, pods, port, lbVip, checkIP, isGenIPPortMapping)
+			ipPortMapping, backends = getIPPortMappingBackend(endpointSlices, port, lbVip, checkIP, isGenIPPortMapping)
 			// for performance reason delete lb with no backends
 			if len(backends) != 0 {
 				vip = util.JoinHostPort(lbVip, port.Port)
@@ -252,7 +238,7 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 	return nil
 }
 
-func (c *Controller) getVpcSubnetName(pods []*v1.Pod, endpoints *v1.Endpoints, service *v1.Service) (string, string) {
+func (c *Controller) getVpcSubnetName(pods []*v1.Pod, endpointSlices []*discoveryv1.EndpointSlice, service *v1.Service) (string, string) {
 	var (
 		vpcName    string
 		subnetName string
@@ -267,14 +253,16 @@ func (c *Controller) getVpcSubnetName(pods []*v1.Pod, endpoints *v1.Endpoints, s
 		}
 
 	LOOP:
-		for _, subset := range endpoints.Subsets {
-			for _, addr := range subset.Addresses {
-				if addr.IP == pod.Status.PodIP {
-					if vpcName == "" {
-						vpcName = pod.Annotations[util.LogicalRouterAnnotation]
-					}
-					if vpcName != "" {
-						break LOOP
+		for _, endpointSlice := range endpointSlices {
+			for _, endpoint := range endpointSlice.Endpoints {
+				for _, addr := range endpoint.Addresses {
+					if addr == pod.Status.PodIP {
+						if vpcName == "" {
+							vpcName = pod.Annotations[util.LogicalRouterAnnotation]
+						}
+						if vpcName != "" {
+							break LOOP
+						}
 					}
 				}
 			}
@@ -361,56 +349,50 @@ func (c *Controller) getHealthCheckVip(subnetName, lbVip string) (string, error)
 	return checkIP, nil
 }
 
-func getIPPortMappingBackend(endpoints *v1.Endpoints, pods []*v1.Pod, servicePort v1.ServicePort, serviceIP, checkVip string, isGenIPPortMapping bool) (map[string]string, []string) {
+func getIPPortMappingBackend(endpointSlices []*discoveryv1.EndpointSlice, servicePort v1.ServicePort, serviceIP, checkVip string, isGenIPPortMapping bool) (map[string]string, []string) {
 	var (
 		ipPortMapping = map[string]string{}
 		backends      = []string{}
 		protocol      = util.CheckProtocol(serviceIP)
 	)
 
-	for _, subset := range endpoints.Subsets {
+	for _, endpointSlice := range endpointSlices {
 		var targetPort int32
-		for _, port := range subset.Ports {
-			if port.Name == servicePort.Name {
-				targetPort = port.Port
+		for _, port := range endpointSlice.Ports {
+			if port.Name != nil && *port.Name == servicePort.Name {
+				targetPort = *port.Port
 				break
 			}
 		}
 		if targetPort == 0 {
 			continue
 		}
 
-		for _, address := range subset.Addresses {
-			if isGenIPPortMapping && address.TargetRef.Name != "" {
-				ipName := fmt.Sprintf("%s.%s", address.TargetRef.Name, address.TargetRef.Namespace)
-				ipPortMapping[address.IP] = fmt.Sprintf(util.HealthCheckNamedVipTemplate, ipName, checkVip)
-			}
-			if address.TargetRef == nil || address.TargetRef.Kind != "Pod" {
-				if util.CheckProtocol(address.IP) == protocol {
-					backends = append(backends, util.JoinHostPort(address.IP, targetPort))
+		for _, endpoint := range endpointSlice.Endpoints {
+			if isGenIPPortMapping && endpoint.TargetRef.Name != "" {
+				ipName := fmt.Sprintf("%s.%s", endpoint.TargetRef.Name, endpoint.TargetRef.Namespace)
+				for _, address := range endpoint.Addresses {
+					ipPortMapping[address] = fmt.Sprintf(util.HealthCheckNamedVipTemplate, ipName, checkVip)
 				}
+			}
+		}
+
+		for _, endpoint := range endpointSlice.Endpoints {
+			if !endpointReady(endpoint) {
 				continue
 			}
-			var ip string
-			for _, pod := range pods {
-				if pod.Name == address.TargetRef.Name {
-					for _, podIP := range util.PodIPs(*pod) {
-						if util.CheckProtocol(podIP) == protocol {
-							ip = podIP
-							break
-						}
-					}
-					break
+
+			for _, address := range endpoint.Addresses {
+				if util.CheckProtocol(address) == protocol {
+					backends = append(backends, util.JoinHostPort(address, targetPort))
 				}
 			}
-			if ip == "" && util.CheckProtocol(address.IP) == protocol {
-				ip = address.IP
-			}
-			if ip != "" {
-				backends = append(backends, util.JoinHostPort(ip, targetPort))
-			}
 		}
 	}
 
 	return ipPortMapping, backends
 }
+
+func endpointReady(endpoint discoveryv1.Endpoint) bool {
+	return endpoint.Conditions.Ready == nil || *endpoint.Conditions.Ready
+}