DEPLOY-401 Make it possible to fully replace services without checking if a working replacement is actually available

Author: zlepper

charts/tailscale-outbound-proxy/Chart.yaml

@@ -9,5 +9,5 @@ kubeVersion: ">= 1.30.0-0"
 name: tailscale-outbound-proxy-operator
 sources:
  - https://github.com/digizuite/tailscale-outbound-proxy
-version: 0.0.8
+version: 0.0.9
 icon: https://github.com/digizuite/tailscale-outbound-proxy/raw/master/tailscale-logo-black.png

charts/tailscale-outbound-proxy/templates/crds.yaml

@@ -74,6 +74,13 @@ spec:
               proxyStateSecretName:
                 description: The secret to use for storing tailscales state. You do not have to create this secret yourself.
                 type: string
+              replaceType:
+                description: How to replace the service.
+                enum:
+                - dynamic
+                - full
+                nullable: true
+                type: string
               replacedServiceTailscaleImage:
                 description: A custom image to use for the tailscale proxy
                 nullable: true

src/replace_service_reconciler.rs

@@ -1,5 +1,5 @@
 use crate::finalizers::{ensure_finalizer, remove_finalizer};
-use crate::replaced_service::{ReplacedService, ReplacedServiceResourceStatus, TestProtocol};
+use crate::replaced_service::{ReplacedService, ReplacedServiceResourceStatus, TestProtocol, ReplaceType};
 use crate::{ContextData, Error};
 use anyhow::{anyhow, Result};
 use k8s_openapi::api::apps::v1::{Deployment, DeploymentSpec, DeploymentStrategy, ReplicaSet};
@@ -604,6 +604,11 @@ async fn test_if_proxy_service_works(
     context: Arc<ContextData>,
     test_proxy_service_name: &str,
 ) -> Result<()> {
+    if resource.spec.replace_type == Some(ReplaceType::Full) {
+        debug!("Skipping proxy service test for full replace type");
+        return Ok(());
+    }
+
     debug!("Testing is proxy service for {test_proxy_service_name} works");
     let namespace = resource.namespace().unwrap();
 

src/replaced_service.rs

@@ -58,7 +58,10 @@ pub struct ReplacedServiceSpec {
     /// A pull secret to use for the custom image. Do note proxies are started in the same
     /// namespace as this CRD instance, meaning the pull secret should be in the same
     /// namespace as this CRD instance.
-    pub replaced_service_tailscale_image_pull_secret: Option<String>
+    pub replaced_service_tailscale_image_pull_secret: Option<String>,
+
+    /// How to replace the service.
+    pub replace_type: Option<ReplaceType>
 }
 
 #[derive(Serialize, Deserialize, Debug, PartialEq, Clone, JsonSchema, Default)]
@@ -91,4 +94,15 @@ pub struct ReplacedServiceResourceStatus {
 
     /// If this is actually working yet.
     pub active: Option<bool>,
+}
+
+#[derive(Serialize, Deserialize, Debug, PartialEq, Clone, JsonSchema, Default)]
+#[serde(rename_all = "camelCase")]
+pub enum ReplaceType {
+    /// The service is only replaced if an alternative service is detected that can handle requests.
+    #[default]
+    Dynamic,
+    /// The existing service is completely stopped and replaced with a tailscale proxy.
+    /// WARNING: This will cause downtime for the service.
+    Full
 }