use headless service for upload server (#4052)

akalenyu · web-flow · commit 2924a9b1a7dd · 2026-03-16T22:29:20.000Z
apparently there's no k8s API that says "kube-proxy has synced iptables rules for this service on all nodes" so pod readiness/healthz (even endpointslices) could all report success but the client would still face a connection refused. we faced something similar in virtctl #3545 arguably, a headless service was the right fit for us anyway and cuts the above overhead out of the equation. Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
diff --git a/pkg/controller/upload-controller.go b/pkg/controller/upload-controller.go
@@ -592,14 +592,12 @@ func (r *UploadReconciler) makeUploadServiceSpec(name string, pvc *corev1.Persis
 			},
 		},
 		Spec: corev1.ServiceSpec{
+			ClusterIP: corev1.ClusterIPNone,
 			Ports: []corev1.ServicePort{
 				{
-					Protocol: "TCP",
-					Port:     443,
-					TargetPort: intstr.IntOrString{
-						Type:   intstr.Int,
-						IntVal: 8443,
-					},
+					Protocol:   corev1.ProtocolTCP,
+					Port:       8443,
+					TargetPort: intstr.FromInt32(8443),
 				},
 			},
 			Selector: map[string]string{
@@ -765,7 +763,7 @@ func UploadPossibleForPVC(pvc *corev1.PersistentVolumeClaim) error {
 // GetUploadServerURL returns the url the proxy should post to for a particular pvc
 func GetUploadServerURL(namespace, pvc, uploadPath string) string {
 	serviceName := createUploadServiceNameFromPvcName(pvc)
-	return fmt.Sprintf("https://%s.%s.svc%s", serviceName, namespace, uploadPath)
+	return fmt.Sprintf("https://%s.%s.svc:8443%s", serviceName, namespace, uploadPath)
 }
 
 // createUploadServiceName returns the name given to upload service shortened if needed
diff --git a/pkg/controller/upload-controller_test.go b/pkg/controller/upload-controller_test.go
@@ -867,14 +867,12 @@ func createUploadService(pvc *corev1.PersistentVolumeClaim) *corev1.Service {
 			},
 		},
 		Spec: corev1.ServiceSpec{
+			ClusterIP: corev1.ClusterIPNone,
 			Ports: []corev1.ServicePort{
 				{
-					Protocol: "TCP",
-					Port:     443,
-					TargetPort: intstr.IntOrString{
-						Type:   intstr.Int,
-						IntVal: 8443,
-					},
+					Protocol:   corev1.ProtocolTCP,
+					Port:       8443,
+					TargetPort: intstr.FromInt32(8443),
 				},
 			},
 			Selector: map[string]string{
