Skip to content

fix(uploader): sync ingress with publicDomainTemplate via server-side apply#2527

Open
fl64 wants to merge 3 commits into
mainfrom
fix/uploader-ingress-public-domain-sync
Open

fix(uploader): sync ingress with publicDomainTemplate via server-side apply#2527
fl64 wants to merge 3 commits into
mainfrom
fix/uploader-ingress-public-domain-sync

Conversation

@fl64

@fl64 fl64 commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown
Member

Description

Changing the cluster domain (publicDomainTemplate) left existing image-upload endpoints on the old domain, so the upload URL shown for an already-created VirtualImage / VirtualDisk / ClusterVirtualImage (with dataSource.type=Upload) kept pointing at the old host and uploads to it failed.

Why do we need it, and what problem does it solve?

The upload endpoint was created once when an image or disk with Upload source first appeared and was never reconciled afterwards. After an administrator changed the cluster domain, the controller restarted with the new domain, but the already-existing endpoints kept their original host. Users kept seeing the old upload URL, so uploading data to an already-created image broke until the image was deleted and recreated.

The endpoint is now reconciled on every upload-flow pass, so its host, TLS host, and upload URL follow the current cluster domain automatically.

What is the expected result?

  1. Create a VirtualImage with dataSource.type=Upload — the upload URL matches the current cluster domain.
  2. Change publicDomainTemplate and wait for the controller to pick up the new domain.
  3. The upload URL and endpoint host update to the new domain; uploading to the existing image keeps working.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: images
type: fix
summary: "Upload endpoint now follows publicDomainTemplate changes instead of keeping the host it was created with."

@fl64
fix(uploader): sync ingress with publicDomainTemplate via server-side…
1cfce8d 
… apply

Uploader Ingress was created once with client.Create and never updated
on AlreadyExists, so changing publicDomainTemplate left existing upload
Ingresses with a stale host in spec.rules[].host, spec.tls[].hosts and
the AnnUploadURL annotation shown to users.

Replace Create with server-side apply (client.Patch + client.Apply) so
the Ingress is reconciled on every upload-flow reconcile: created when
absent, patched when spec/annotations drift. Field ownership is stable
across controller restarts.

Signed-off-by: Pavel Tishkov <pavel.tishkov@flant.com>
@fl64 fl64 added this to the v1.10.0 milestone Jun 23, 2026
fl64 added 2 commits June 25, 2026 10:19
@fl64
fix(uploader): sync ingress on every upload-flow reconcile
7102b75 
Apply (SSA) was only called in UploaderService.Start, which runs when
uploader supplements are missing. In the steady WaitForUserUpload state
the pod/svc/ingress already exist, so Start was never called and the
Ingress stayed stale when publicDomainTemplate changed.

Add EnsureIngress/IngressHostDrifted/ExpectedIngressHost to UploaderService
and call EnsureIngress in the isUploaderReady branch of the VI/CVI/VD
upload-flows only when the cached Ingress host drifted from the configured
UPLOADER_INGRESS_HOST. Steady-state cost is one string compare per
reconcile; a Patch runs only on actual drift.

Signed-off-by: Pavel Tishkov <pavel.tishkov@flant.com>
@fl64
fix(uploader): sync ingress before readiness probe
03d5a22 
IsUploaderReady HTTPS-probes the Ingress host, so the Ingress must be
synced before the probe runs. Moving the drift check ahead of
IsUploaderReady ensures a stale host (after publicDomainTemplate change)
is corrected first; otherwise readiness fails with a TLS error and the
isUploaderReady branch that updates status.ImageUploadURLs is never
reached.

The drift check is skipped when the uploader pod is absent, so initial
supplement creation still flows through Start.

Signed-off-by: Pavel Tishkov <pavel.tishkov@flant.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner
@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@fl64 fl64

Labels

None yet

Projects

None yet

Milestone

v1.10.0

Development

Successfully merging this pull request may close these issues.

1 participant

@fl64