From c2c39eaa5c0c8eaa58cf6909114f06fa8ccd4e92 Mon Sep 17 00:00:00 2001
From: Fabian Kramm <fab.kramm@googlemail.com>
Date: Tue, 26 Apr 2022 13:27:07 +0200
Subject: [PATCH] fix: refresh managed endpoints

---
 pkg/controllers/resources/endpoints/syncer.go | 31 +++++++++++++++++--
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/pkg/controllers/resources/endpoints/syncer.go b/pkg/controllers/resources/endpoints/syncer.go
index 78e567d60f..fb5d39a417 100644
--- a/pkg/controllers/resources/endpoints/syncer.go
+++ b/pkg/controllers/resources/endpoints/syncer.go
@@ -7,6 +7,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/klog"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -41,15 +42,39 @@ func (s *endpointsSyncer) ReconcileStart(ctx *synccontext.SyncContext, req ctrl.
 		Namespace: req.Namespace,
 		Name:      req.Name,
 	}, svc)
-
 	if err != nil {
 		if kerrors.IsNotFound(err) {
 			return true, nil
 		}
+
 		return true, err
-	}
+	} else if svc.Spec.Selector != nil {
+		// check if it was a managed endpoints object before and delete it
+		endpoints := &corev1.Endpoints{}
+		err := ctx.PhysicalClient.Get(ctx.Context, s.NamespacedTranslator.VirtualToPhysical(req.NamespacedName, nil), endpoints)
+		if err != nil {
+			if !kerrors.IsNotFound(err) {
+				klog.Infof("Error retrieving endpoints: %v", err)
+			}
+
+			return true, nil
+		}
+
+		// check if endpoints were created by us
+		if endpoints.Annotations != nil && endpoints.Annotations[translator.NameAnnotation] != "" {
+			// Deleting the endpoints is necessary here as some clusters would not correctly maintain
+			// the endpoints if they were managed by us previously and now should be managed by Kubernetes.
+			// In the worst case we would end up in a state where we have multiple endpoint slices pointing
+			// to the same endpoints resulting in wrong DNS and cluster networking. Hence deleting the previously
+			// managed endpoints signals the Kubernetes controller to recreate the endpoints from the selector.
+			klog.Infof("Refresh endpoints in physical cluster because they shouldn't be managed by vcluster anymore")
+			err = ctx.PhysicalClient.Delete(ctx.Context, endpoints)
+			if err != nil {
+				klog.Infof("Error deleting endpoints %s/%s: %v", endpoints.Namespace, endpoints.Name, err)
+				return true, err
+			}
+		}
 
-	if svc.Spec.Selector != nil {
 		return true, nil
 	}