feat: per-deployment internal RPC ClusterIP Service + status.rpcService (#99)

* feat: per-deployment internal RPC ClusterIP Service + status.rpcService

Adds a cluster-internal ClusterIP Service to every SeiNodeDeployment so
in-cluster consumers can dial a single stable DNS name
({deployment}-rpc.{namespace}.svc) rather than chasing ordinals on
per-node headless Services. kube-proxy L4 load-balances across ready
child pods via the existing sei.io/nodedeployment pod label.

Reconciled unconditionally — lives alongside (not replacing) the
.spec.networking / HTTPRoute path.

- API: new RpcServiceStatus / RpcServicePorts types; additive pointer
  field .status.rpcService on SeiNodeDeployment.
- Generator: pure generateInternalRpcService with named ports
  (rpc/evm-http/evm-ws/rest/grpc) per the milestone interface contract.
- Reconcile: new reconcileInternalRpcService invoked from the deployment
  reconcile loop; populates status.rpcService in-memory for the existing
  single Status().Patch() flush.
- Orphan path: retain-policy now strips the internal Service's
  ownerRef alongside the external one.
- Tests: pure-generator and fake-client reconcile coverage (status
  stamping, ownerRef shape, idempotency, orphan path).

Ports use "evm-http" in the Service (not seiconfig's "evm-rpc") because
the milestone interface contract fixes those names for kube-native tools.

Refs: platform#96

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* refactor: rename rpcService → internalService, drop stateful ports

Three concerns folded into one follow-up:

1. Rename `rpcService` → `internalService` (status field, types, Service
   name suffix, tests, godoc). The Service is the single internal access
   point; naming it mode-neutral ages better than "RPC"-scoped naming,
   especially with the stateful ports dropped below.

2. Drop stateful ports (evm-ws 8546, grpc 9090) from the Service and
   status schema. A kube-proxy L4 LB spreads connections across pods,
   which breaks WebSocket subscriptions and pins HTTP/2 gRPC
   per-connection — neither load-balances correctly. Remaining ports:
   rpc (26657), evm-http (8545), rest (1317) — all stateless HTTP
   request/response. Stateful consumers use per-node headless Services.

3. Move internal Service orphan handling out of
   `orphanNetworkingResources` into a new `orphanInternalService` method.
   The internal Service's lifecycle is unconditional; it should not be
   bundled with the networking-resources teardown. Added a test for
   `.spec.networking → nil` transitions confirming the internal Service
   survives.

All tests green (lint + test). CRD + DeepCopy regenerated via
`make manifests generate`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: bdchatham

api/v1alpha1/seinodedeployment_types.go

@@ -248,12 +248,48 @@ type SeiNodeDeploymentStatus struct {
 	// +optional
 	NetworkingStatus *NetworkingStatus `json:"networkingStatus,omitempty"`
 
+	// InternalService reports the in-cluster ClusterIP Service that kube-proxy
+	// load-balances across healthy child pods. Populated unconditionally —
+	// this path is independent of .spec.networking.
+	// +optional
+	InternalService *InternalServiceStatus `json:"internalService,omitempty"`
+
 	// +listType=map
 	// +listMapKey=type
 	// +optional
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }
 
+// InternalServiceStatus reports the resolved in-cluster ClusterIP Service
+// exposed for a SeiNodeDeployment. Consumers resolve the service at
+// {name}.{namespace}.svc and dial the named port from {ports}.
+type InternalServiceStatus struct {
+	// Name is the Kubernetes Service name (always "{deployment-name}-internal").
+	Name string `json:"name"`
+
+	// Namespace is the Service's namespace (always equal to the deployment's
+	// namespace).
+	Namespace string `json:"namespace"`
+
+	// Ports enumerates the named ports on the Service.
+	Ports InternalServicePorts `json:"ports"`
+}
+
+// InternalServicePorts is the set of named ports advertised on the internal
+// ClusterIP Service. Only stateless HTTP request/response protocols are
+// exposed here — stateful protocols (EVM WebSocket, gRPC streaming, P2P
+// gossip) do not load-balance correctly behind a kube-proxy L4 LB, and
+// consumers needing those use the per-node headless Services instead.
+// Field names are part of the public interface contract.
+type InternalServicePorts struct {
+	// Rpc is the Tendermint / CometBFT RPC port (26657).
+	Rpc int32 `json:"rpc"`
+	// EvmHttp is the EVM JSON-RPC HTTP port (8545).
+	EvmHttp int32 `json:"evmHttp"`
+	// Rest is the Cosmos REST (LCD) port (1317).
+	Rest int32 `json:"rest"`
+}
+
 // GroupNodeStatus is a summary of a child SeiNode's state.
 type GroupNodeStatus struct {
 	// Name is the SeiNode resource name.

api/v1alpha1/zz_generated.deepcopy.go

@@ -795,6 +795,45 @@ spec:
                 items:
                   type: string
                 type: array
+              internalService:
+                description: |-
+                  InternalService reports the in-cluster ClusterIP Service that kube-proxy
+                  load-balances across healthy child pods. Populated unconditionally —
+                  this path is independent of .spec.networking.
+                properties:
+                  name:
+                    description: Name is the Kubernetes Service name (always "{deployment-name}-internal").
+                    type: string
+                  namespace:
+                    description: |-
+                      Namespace is the Service's namespace (always equal to the deployment's
+                      namespace).
+                    type: string
+                  ports:
+                    description: Ports enumerates the named ports on the Service.
+                    properties:
+                      evmHttp:
+                        description: EvmHttp is the EVM JSON-RPC HTTP port (8545).
+                        format: int32
+                        type: integer
+                      rest:
+                        description: Rest is the Cosmos REST (LCD) port (1317).
+                        format: int32
+                        type: integer
+                      rpc:
+                        description: Rpc is the Tendermint / CometBFT RPC port (26657).
+                        format: int32
+                        type: integer
+                    required:
+                    - evmHttp
+                    - rest
+                    - rpc
+                    type: object
+                required:
+                - name
+                - namespace
+                - ports
+                type: object
               networkingStatus:
                 description: NetworkingStatus reports the observed state of networking
                   resources.

config/crd/sei.io_seinodedeployments.yaml

@@ -81,6 +81,11 @@ func (r *SeiNodeDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Re
 	statusBase := client.MergeFromWithOptions(group.DeepCopy(), client.MergeFromWithOptimisticLock{})
 	ns, name := group.Namespace, group.Name
 
+	if err := r.reconcileInternalService(ctx, group); err != nil {
+		logger.Error(err, "reconciling internal RPC service")
+		return ctrl.Result{}, fmt.Errorf("reconciling internal RPC service: %w", err)
+	}
+
 	if err := r.reconcileNetworking(ctx, group); err != nil {
 		logger.Error(err, "reconciling networking")
 		return ctrl.Result{}, fmt.Errorf("reconciling networking: %w", err)
@@ -160,6 +165,9 @@ func (r *SeiNodeDeploymentReconciler) handleDeletion(ctx context.Context, group
 		if err := r.orphanNetworkingResources(ctx, group); err != nil {
 			return ctrl.Result{}, fmt.Errorf("orphaning networking resources: %w", err)
 		}
+		if err := r.orphanInternalService(ctx, group); err != nil {
+			return ctrl.Result{}, fmt.Errorf("orphaning internal Service: %w", err)
+		}
 	} else {
 		if err := r.deleteNetworkingResources(ctx, group); err != nil {
 			r.Recorder.Eventf(group, corev1.EventTypeWarning, "DeleteFailed", "Failed to clean up networking resources: %v", err)

internal/controller/nodedeployment/controller.go

@@ -0,0 +1,123 @@
+package nodedeployment
+
+import (
+	"context"
+	"fmt"
+
+	seiconfig "github.com/sei-protocol/sei-config"
+	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/intstr"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	seiv1alpha1 "github.com/sei-protocol/sei-k8s-controller/api/v1alpha1"
+)
+
+// internalServiceName returns the deterministic name of the ClusterIP
+// Service that publishes in-cluster access for a SeiNodeDeployment.
+func internalServiceName(group *seiv1alpha1.SeiNodeDeployment) string {
+	return fmt.Sprintf("%s-internal", group.Name)
+}
+
+// reconcileInternalService applies the cluster-internal ClusterIP Service
+// that kube-proxy load-balances across healthy child pods and stamps
+// status.internalService on the group. This runs unconditionally — it is
+// independent of .spec.networking and lives alongside the external Service /
+// HTTPRoute reconciliation.
+func (r *SeiNodeDeploymentReconciler) reconcileInternalService(ctx context.Context, group *seiv1alpha1.SeiNodeDeployment) error {
+	desired := generateInternalService(group)
+	desired.SetGroupVersionKind(corev1.SchemeGroupVersion.WithKind("Service"))
+	if err := ctrl.SetControllerReference(group, desired, r.Scheme); err != nil {
+		return fmt.Errorf("setting owner reference on internal Service: %w", err)
+	}
+	//nolint:staticcheck // migrating to typed ApplyConfiguration is a separate effort
+	if err := r.Patch(ctx, desired, client.Apply, fieldOwner, client.ForceOwnership); err != nil {
+		return fmt.Errorf("applying internal Service: %w", err)
+	}
+
+	group.Status.InternalService = &seiv1alpha1.InternalServiceStatus{
+		Name:      desired.Name,
+		Namespace: desired.Namespace,
+		Ports: seiv1alpha1.InternalServicePorts{
+			Rpc:     seiconfig.PortRPC,
+			EvmHttp: seiconfig.PortEVMHTTP,
+			Rest:    seiconfig.PortREST,
+		},
+	}
+	return nil
+}
+
+// orphanInternalService strips the owner reference on the internal Service
+// so the resource survives parent deletion under DeletionPolicy=Retain. The
+// internal Service's lifecycle is unconditional — it does not participate
+// in the networking-resources teardown path — so its retain handling lives
+// alongside its create path, not alongside orphanNetworkingResources.
+func (r *SeiNodeDeploymentReconciler) orphanInternalService(ctx context.Context, group *seiv1alpha1.SeiNodeDeployment) error {
+	svc := &corev1.Service{}
+	err := r.Get(ctx, types.NamespacedName{Name: internalServiceName(group), Namespace: group.Namespace}, svc)
+	if apierrors.IsNotFound(err) {
+		return nil
+	}
+	if err != nil {
+		return fmt.Errorf("fetching internal Service for orphan: %w", err)
+	}
+	if err := r.removeOwnerRef(ctx, svc, group); err != nil {
+		return fmt.Errorf("orphaning internal Service: %w", err)
+	}
+	return nil
+}
+
+// generateInternalService is a pure function that produces the desired
+// ClusterIP Service for in-cluster consumers. The Service is always created
+// regardless of .spec.networking. kube-proxy load-balances traffic across
+// ready child pods using the deployment-scoped pod label.
+//
+// Only stateless HTTP request/response ports are exposed (rpc, evm-http,
+// rest). Stateful protocols — EVM WebSocket (8546), gRPC / HTTP/2 streaming
+// (9090), P2P gossip — do not work correctly behind a kube-proxy L4 LB
+// (WebSocket subscriptions pin state to a pod; HTTP/2 connections pin
+// per-connection). Consumers needing those use the per-node headless
+// Services for deterministic per-pod addressing.
+func generateInternalService(group *seiv1alpha1.SeiNodeDeployment) *corev1.Service {
+	return &corev1.Service{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        internalServiceName(group),
+			Namespace:   group.Namespace,
+			Labels:      resourceLabels(group),
+			Annotations: managedByAnnotations(),
+		},
+		Spec: corev1.ServiceSpec{
+			Type: corev1.ServiceTypeClusterIP,
+			// Select by deployment membership only (not revision): during a
+			// rollout, kube-proxy should keep routing to whichever pods are
+			// Ready, irrespective of which generation they belong to.
+			Selector: groupOnlySelector(group),
+			// kube-proxy must exclude not-ready pods so clients never see
+			// partially-bootstrapped nodes.
+			PublishNotReadyAddresses: false,
+			Ports: []corev1.ServicePort{
+				{
+					Name:       "rpc",
+					Port:       seiconfig.PortRPC,
+					TargetPort: intstr.FromInt32(seiconfig.PortRPC),
+					Protocol:   corev1.ProtocolTCP,
+				},
+				{
+					Name:       "evm-http",
+					Port:       seiconfig.PortEVMHTTP,
+					TargetPort: intstr.FromInt32(seiconfig.PortEVMHTTP),
+					Protocol:   corev1.ProtocolTCP,
+				},
+				{
+					Name:       "rest",
+					Port:       seiconfig.PortREST,
+					TargetPort: intstr.FromInt32(seiconfig.PortREST),
+					Protocol:   corev1.ProtocolTCP,
+				},
+			},
+		},
+	}
+}