fix(tunnel): don't include OwnerReference in EndpointSlice

grampelberg · grampelberg · commit 27bbb35e4025 · 2024-09-05T09:00:42.000-07:00
diff --git a/TODO.md b/TODO.md
@@ -54,11 +54,24 @@
 
 ## Ingress Tunnel
 
+- Add an information banner for tunnels that have been requested and are active.
+
 ## Egress Tunnel
 
+- Add an information banner for tunnels that have been requested and are active.
+- Keep the task running even if the first connect fails - need to be able to
+  retry it without restarting the session.
 - Display error for when the `tcpip_forward` address is `localhost`.
 - Need some way to do cleanup and lifecycle management of endpoints and
   services.
+- Cleanup services/endpoints on:
+  - Shutdown - especially termination of the channel.
+  - Startup - because we can't do cross-namespace owner references, anything
+    created that doesn't have an active pod should be removed (via `targetRef`
+    on the `endpointSlice`).
+- Test what happens when a service is replaced. It looks like the endpointslice
+  sticks around but it is unclear if the separate endpointslice's endpoints are
+  used or not.
 
 ## Build
 
diff --git a/src/resources/tunnel/egress.rs b/src/resources/tunnel/egress.rs
@@ -112,6 +112,11 @@ impl Egress {
             .expect("current pod has an IP address");
         let address_type = if addr.is_ipv4() { "IPv4" } else { "IPv6" };
 
+        // Owner references cannot be cross-namespace. Because the server will run in
+        // namespace X and the services can be in namespace Y, this results in the
+        // EndpointSlice being immediately deleted. It would be nice to have some kind
+        // of garbage collection tied to the pod itself - but that might need to be a
+        // startup process.
         let mut metadata = self.metadata.clone();
         metadata.labels.get_or_insert(BTreeMap::new()).extend([
             (
@@ -120,10 +125,6 @@ impl Egress {
             ),
             ("kubernetes.io/service-name".to_string(), self.name_any()),
         ]);
-        metadata
-            .owner_references
-            .get_or_insert(Vec::new())
-            .push(self.current_pod.owner_ref(&()).expect("pods can be owners"));
 
         #[allow(clippy::cast_lossless)]
         let endpoint = EndpointSlice {
