From 5dc662ae9762fa2e78a38a9c7aa7b467fa59f51e Mon Sep 17 00:00:00 2001
From: Kevin Leimkuhler <kevin@kleimkuhler.com>
Date: Mon, 15 Feb 2021 10:21:20 -0500
Subject: [PATCH] Remove namespace inheritance of opaque ports annotation
 (#5739)

This change removes the namespace inheritance of the opaque ports annotation.
Now when setting opaque port related fields in destination profile responses, we
only look at the pod annotations.

This prepares for #5736 where the proxy-injector will add the annotation from
the namespace if the pod does not have it already.

Closes #5735

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
---
 controller/api/destination/server.go          |  1 -
 .../destination/watcher/endpoints_watcher.go  | 20 -------------------
 2 files changed, 21 deletions(-)

diff --git a/controller/api/destination/server.go b/controller/api/destination/server.go
index 1f7ef3e4d..275749592 100644
--- a/controller/api/destination/server.go
+++ b/controller/api/destination/server.go
@@ -210,7 +210,6 @@ func (s *server) GetProfile(dest *pb.GetDestination, stream pb.Destination_GetPr
 					Namespace: pod.Namespace,
 					Name:      pod.Name,
 				}
-				err := watcher.SetPodOpaquePortAnnotation(s.k8sAPI, pod, pod.Namespace)
 				if err != nil {
 					log.Errorf("failed to set opaque port annotation on pod: %s", err)
 				}
diff --git a/controller/api/destination/watcher/endpoints_watcher.go b/controller/api/destination/watcher/endpoints_watcher.go
index 4df6a7ce4..8ea8ab6bb 100644
--- a/controller/api/destination/watcher/endpoints_watcher.go
+++ b/controller/api/destination/watcher/endpoints_watcher.go
@@ -805,7 +805,6 @@ func (pp *portPublisher) endpointsToAddresses(endpoints *corev1.Endpoints) Addre
 					pp.log.Errorf("Unable to create new address:%v", err)
 					continue
 				}
-				err = SetPodOpaquePortAnnotation(pp.k8sAPI, address.Pod, endpoints.Namespace)
 				if err != nil {
 					pp.log.Errorf("failed to set opaque port annotation on pod: %s", err)
 				}
@@ -1091,22 +1090,3 @@ func isValidSlice(es *discovery.EndpointSlice) bool {
 
 	return true
 }
-
-// SetPodOpaquePortAnnotation ensures that if there is no opaque port
-// annotation on the pod, then it inherits the annotation from the namespace.
-// If there is also no annotation on the namespace, then it remains unset.
-func SetPodOpaquePortAnnotation(k8sAPI *k8s.API, pod *corev1.Pod, ns string) error {
-	if _, ok := pod.Annotations[consts.ProxyOpaquePortsAnnotation]; !ok {
-		ns, err := k8sAPI.NS().Lister().Get(ns)
-		if err != nil {
-			return fmt.Errorf("failed to get namespace annotation: %s", err)
-		}
-		if annotation, ok := ns.Annotations[consts.ProxyOpaquePortsAnnotation]; ok {
-			if pod.Annotations == nil {
-				pod.Annotations = make(map[string]string)
-			}
-			pod.Annotations[consts.ProxyOpaquePortsAnnotation] = annotation
-		}
-	}
-	return nil
-}