fix errors/warns

obezpalko · obezpalko · commit e2743bef18f6 · 2026-03-16T18:33:42.000+01:00
diff --git a/charts/envoy-router/Chart.yaml b/charts/envoy-router/Chart.yaml
@@ -2,6 +2,6 @@ apiVersion: v2
 name: envoy-router
 description: Operator that dynamically manages HTTPRoutes for labelled pods via Envoy Gateway
 type: application
-version: 0.1.0
-appVersion: "0.1.0"
+version: 0.1.1
+appVersion: "0.1.1"
 icon: data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxMDAgMTAwIj4KICA8IS0tIEJhY2tncm91bmQgLS0+CiAgPGNpcmNsZSBjeD0iNTAiIGN5PSI1MCIgcj0iNTAiIGZpbGw9IiMxYjFmM2EiLz4KICA8IS0tIEluY29taW5nIHJvdXRlcyAtLT4KICA8bGluZSB4MT0iOCIgeTE9IjI4IiB4Mj0iMzkiIHkyPSI0NCIgc3Ryb2tlPSIjMDBiNGEwIiBzdHJva2Utd2lkdGg9IjIuNSIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIi8+CiAgPGxpbmUgeDE9IjgiIHkxPSI1MCIgeDI9IjM3IiB5Mj0iNTAiIHN0cm9rZT0iIzAwYjRhMCIgc3Ryb2tlLXdpZHRoPSIyLjUiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIvPgogIDxsaW5lIHgxPSI4IiB5MT0iNzIiIHgyPSIzOSIgeTI9IjU2IiBzdHJva2U9IiMwMGI0YTAiIHN0cm9rZS13aWR0aD0iMi41IiBzdHJva2UtbGluZWNhcD0icm91bmQiLz4KICA8IS0tIEFycm93aGVhZHMgLS0+CiAgPHBvbHlnb24gcG9pbnRzPSI0MCw0NCAzMSwzNyAzMyw0NyIgZmlsbD0iIzAwYjRhMCIvPgogIDxwb2x5Z29uIHBvaW50cz0iMzgsNTAgMjksNDYgMjksNTQiIGZpbGw9IiMwMGI0YTAiLz4KICA8cG9seWdvbiBwb2ludHM9IjQwLDU2IDMxLDUzIDMzLDYzIiBmaWxsPSIjMDBiNGEwIi8+CiAgPCEtLSBDZW50cmFsIHJvdXRlciBub2RlIC0tPgogIDxjaXJjbGUgY3g9IjUwIiBjeT0iNTAiIHI9IjExIiBmaWxsPSIjMDBiNGEwIi8+CiAgPGNpcmNsZSBjeD0iNTAiIGN5PSI1MCIgcj0iNyIgZmlsbD0iIzFiMWYzYSIvPgogIDxjaXJjbGUgY3g9IjUwIiBjeT0iNTAiIHI9IjMiIGZpbGw9IiMwMGI0YTAiLz4KICA8IS0tIE91dGdvaW5nIGFycm93IC0tPgogIDxsaW5lIHgxPSI2MSIgeTE9IjUwIiB4Mj0iODMiIHkyPSI1MCIgc3Ryb2tlPSIjZmZmZmZmIiBzdHJva2Utd2lkdGg9IjMiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIvPgogIDxwb2x5Z29uIHBvaW50cz0iODgsNTAgNzksNDUgNzksNTUiIGZpbGw9IiNmZmZmZmYiLz4KPC9zdmc+Cg==
diff --git a/charts/envoy-router/templates/role.yaml b/charts/envoy-router/templates/role.yaml
@@ -11,7 +11,10 @@ rules:
   resources: ["pods"]
   verbs: ["get", "list", "watch", "update", "patch"]
 - apiGroups: [""]
-  resources: ["services", "endpoints"]
+  resources: ["services"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["discovery.k8s.io"]
+  resources: ["endpointslices"]
   verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
 - apiGroups: ["gateway.networking.k8s.io"]
   resources: ["httproutes"]
diff --git a/charts/envoy-router/tests/rbac_test.yaml b/charts/envoy-router/tests/rbac_test.yaml
@@ -55,12 +55,22 @@ tests:
             resources: ["httproutes"]
             verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
 
-  - it: Role grants full CRUD on services and endpoints
+  - it: Role grants full CRUD on services
     template: templates/role.yaml
     asserts:
       - contains:
           path: rules
           content:
             apiGroups: [""]
-            resources: ["services", "endpoints"]
+            resources: ["services"]
+            verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+
+  - it: Role grants full CRUD on endpointslices
+    template: templates/role.yaml
+    asserts:
+      - contains:
+          path: rules
+          content:
+            apiGroups: ["discovery.k8s.io"]
+            resources: ["endpointslices"]
             verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
diff --git a/internal/controller/pod_controller.go b/internal/controller/pod_controller.go
@@ -4,6 +4,7 @@ import (
 	"context"
 
 	corev1 "k8s.io/api/core/v1"
+	discoveryv1 "k8s.io/api/discovery/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -25,7 +26,7 @@ const (
 )
 
 // PodReconciler reconciles Pods labelled with envoy-router/enabled=true.
-// For each such pod it maintains a selector-less Service, an Endpoints object,
+// For each such pod it maintains a selector-less Service, an EndpointSlice,
 // and an HTTPRoute that maps /<pod-name> to the pod's IP.
 type PodReconciler struct {
 	client.Client
@@ -53,15 +54,17 @@ func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 			if err := r.cleanup(ctx, pod); err != nil {
 				return ctrl.Result{}, err
 			}
+			patch := client.MergeFrom(pod.DeepCopy())
 			controllerutil.RemoveFinalizer(pod, finalizerName)
-			return ctrl.Result{}, r.Update(ctx, pod)
+			return ctrl.Result{}, r.Patch(ctx, pod, patch)
 		}
 		return ctrl.Result{}, nil
 	}
 
 	if !controllerutil.ContainsFinalizer(pod, finalizerName) {
+		patch := client.MergeFrom(pod.DeepCopy())
 		controllerutil.AddFinalizer(pod, finalizerName)
-		if err := r.Update(ctx, pod); err != nil {
+		if err := r.Patch(ctx, pod, patch); err != nil {
 			return ctrl.Result{}, err
 		}
 	}
@@ -74,7 +77,7 @@ func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 	if err := r.ensureService(ctx, pod); err != nil {
 		return ctrl.Result{}, err
 	}
-	if err := r.ensureEndpoints(ctx, pod); err != nil {
+	if err := r.ensureEndpointSlice(ctx, pod); err != nil {
 		return ctrl.Result{}, err
 	}
 	if err := r.ensureHTTPRoute(ctx, pod); err != nil {
@@ -94,9 +97,9 @@ func (r *PodReconciler) cleanup(ctx context.Context, pod *corev1.Pod) error {
 		}
 	}
 
-	ep := &corev1.Endpoints{}
-	if err := r.Get(ctx, nn, ep); err == nil {
-		if err := r.Delete(ctx, ep); err != nil && !errors.IsNotFound(err) {
+	eps := &discoveryv1.EndpointSlice{}
+	if err := r.Get(ctx, nn, eps); err == nil {
+		if err := r.Delete(ctx, eps); err != nil && !errors.IsNotFound(err) {
 			return err
 		}
 	}
@@ -142,30 +145,43 @@ func (r *PodReconciler) ensureService(ctx context.Context, pod *corev1.Pod) erro
 	return r.Update(ctx, existing)
 }
 
-func (r *PodReconciler) ensureEndpoints(ctx context.Context, pod *corev1.Pod) error {
-	desired := &corev1.Endpoints{
+func (r *PodReconciler) ensureEndpointSlice(ctx context.Context, pod *corev1.Pod) error {
+	ready := true
+	port := r.PodPort
+	protocol := corev1.ProtocolTCP
+	addrType := discoveryv1.AddressTypeIPv4
+
+	desired := &discoveryv1.EndpointSlice{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      pod.Name,
 			Namespace: pod.Namespace,
-			Labels:    map[string]string{managedByLabel: managedByValue},
+			Labels: map[string]string{
+				managedByLabel:                   managedByValue,
+				discoveryv1.LabelServiceName:     pod.Name,
+			},
 		},
-		Subsets: []corev1.EndpointSubset{
+		AddressType: addrType,
+		Endpoints: []discoveryv1.Endpoint{
 			{
-				Addresses: []corev1.EndpointAddress{{IP: pod.Status.PodIP}},
-				Ports:     []corev1.EndpointPort{{Port: r.PodPort, Protocol: corev1.ProtocolTCP}},
+				Addresses:  []string{pod.Status.PodIP},
+				Conditions: discoveryv1.EndpointConditions{Ready: &ready},
 			},
 		},
+		Ports: []discoveryv1.EndpointPort{
+			{Port: &port, Protocol: &protocol},
+		},
 	}
 
-	existing := &corev1.Endpoints{}
+	existing := &discoveryv1.EndpointSlice{}
 	err := r.Get(ctx, types.NamespacedName{Name: pod.Name, Namespace: pod.Namespace}, existing)
 	if errors.IsNotFound(err) {
 		return r.Create(ctx, desired)
 	}
 	if err != nil {
 		return err
 	}
-	existing.Subsets = desired.Subsets
+	existing.Endpoints = desired.Endpoints
+	existing.Ports = desired.Ports
 	return r.Update(ctx, existing)
 }
 
