Headless service: retrieve endpoints via Endpoints resource; evaluate spec.publishNotReadyAddresses

[alfredkrohmer]

Currently, the endpoints of headless services are retrieved
by querying pods using the pod selector of the service.
Instead, we now query for an Endpoints resource with the
same name as the Service object to get the endpoints for the
service. This is needed in order to support the
spec.publishNotReadyPods attribute of a service.

• needs documentation and manifest/helm chart update to include permissions to retrieve endpoints resources

[alfredkrohmer]

/assign @Raffo

[alfredkrohmer]

Note: this will change the default behaviour. Before, the IPs of all Running pods of a headless services were published; now this is only the case when the .spec.publishNotReadyAddresses is set to true.

[alfredkrohmer]

@Raffo @njuettner any chance to get this reviewed?

[Raffo]

@devkid I added one minor comment and I have two requests:

1. Add a comment to the function extractHeadlessEndpoints to specify what it does. I know there was no comment before but this was IMO bad and we now have a chance to fix it, especially with the changed behaviour.
2. Write a little sentence that we can add to future release notes on how the behaviour has changed.

Additionally, I'm thinking wether we should add a flag to enable/disable the changed behaviour. I think we could add it and keep it around for a few releases before getting rid of it. WDYT? /cc @linki @njuettner

[alfredkrohmer]

@Raffo added an option to restore the old behavior via CLI flag and added a comment for extractHeadlessEndpoints.

[alfredkrohmer]

Failing test is fixed now.

Description for release:

Breaking change: Endpoints (pod IPs) for the service source are now retrieved using the Endpoints kubernetes resource instead of using the selector of the service to query for pods and their IPs. The implication is that unready pods will not be picked up anymore by external-dns by default. In order to restore the old behavior and also register IPs of unready pods with DNS:

• for a single service, set .spec.publishNotReadyAddresses to true
• to restore the old behavior globally, start external-dns with --always-publish-not-ready-addresses

[judofyr]

Any update on this?

[alfredkrohmer]

Conflict resolved, documentation with inline RBAC permissions updated. I will create a pull request in https://github.com/helm/charts to up the version and add the endpoints resources permissions when there is a new release.

[vivekgarg20]

When is this targeted?

[ashley]

Any update on this?

[njuettner]

added some comments, PTAL.

[njuettner]

/lgtm
/cc @Raffo @linki

[njuettner]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: devkid, njuettner

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [njuettner]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment