kubernetes: EndpointSlice object is not removed when service selector is made to be empty

What happened?

Implementations like kube-proxy might direct service traffic to stale endpoint slice as if it was a valid endpoint.

What did you expect to happen?

The EndpointSlice (have service object as owner reference) object must get removed when service selector is set to empty.

How can we reproduce it (as minimally and precisely as possible)?

  1. Create a Pod Deployment and Service with a corresponding selector label.
  2. Ensure Endpoint and EndpointSlice (with service object as the owner reference) is created.
  3. Edit the Service object by removing selector label.
  4. Check how Endpoint and EndpointSlice objects are updated.

Anything else we need to know?

Actual Result:

The Endpoint and EndpointSlice (having service object as owner reference) object is untouched, a new EndpointSlice mirror object (having Endpoint object as owner reference) is created.

An update on the Endpoint object also modifies EndpointSlice mirror object and not the old endpointslice object (which is a desired behavior).

Observation:

The PR https://github.com/kubernetes/kubernetes/pull/105997 adds/removes mirrored EndpointSlice when selector is updated from non empty to empty and vice versa. But EndpointSlice controller doesn’t delete EndpointSlice object when service’s selector is set to empty.

Kubernetes version

# kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.3", GitCommit:"816c97ab8cff8a1c72eccca1026f7820e93e0d25", GitTreeState:"clean", BuildDate:"2022-01-25T21:25:17Z", GoVersion:"go1.17.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.2", GitCommit:"fc04e732bb3e7198d2fa44efa5457c7c6f8c0f5b", GitTreeState:"clean", BuildDate:"2023-02-22T13:32:22Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}

Cloud provider

Any

OS version

# On Linux:
$ cat /etc/os-release
NAME=Fedora
VERSION="33 (Server Edition)"
ID=fedora
VERSION_ID=33
VERSION_CODENAME=""
PLATFORM_ID="platform:f33"
PRETTY_NAME="Fedora 33 (Server Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:33"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f33/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=33
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=33
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Server Edition"
VARIANT_ID=server
$ uname -a
Linux fedora-ovk 5.8.15-301.fc33.x86_64 #1 SMP Thu Oct 15 16:58:06 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Install tools

Container runtime (CRI) and version (if applicable)

Related plugins (CNI, CSI, …) and versions (if applicable)

About this issue

  • Original URL
  • State: open
  • Created a year ago
  • Reactions: 1
  • Comments: 24 (15 by maintainers)

Most upvoted comments

maybe we should start emitting a warning on all manual Endpoints creations…

+1
danwinship on Jun 6, 2023
Read more comments on GitHub
← kubernetes: EndpointSlice controller sync fails when Node is not found
kubernetes: Enhancement: Marking a pending pod as failed after a certain timeout →