LoadBalancer Kill Switch (#581)

* Add option to disable the load balancers (by modifying the selectors)

* Test forced pod restart (to terminate existing connections)

* Disable pod restart

* Add generated crd

---------

Co-authored-by: Ulrich Schreiner <[email protected]>

Author: eberlep

api/v1/postgres_types.go

@@ -69,6 +69,7 @@ const (
 	SpiloRoleLabelValueMaster        = "master"
 	SpiloRoleLabelValueStandbyLeader = "standby_leader"
 	StatefulsetPodNameLabelName      = "statefulset.kubernetes.io/pod-name"
+	ClusterNameLabelName             = "cluster-name"
 
 	teamIDPrefix = "pg"
 
@@ -84,6 +85,7 @@ const (
 	defaultPostgresParamValueWalKeepSegments        = "64"
 	defaultPostgresParamValueWalKeepSize            = "1GB"
 	defaultPostgresParamValuePGStatStatementsMax    = "500"
+	defaultSelectorDisableValue                     = "selector-disabled"
 	defaultPostgresParamValuePasswordEncryption     = "scram-sha-256" // nolint
 	defaultPostgresParamValueLogMinErrorStatement   = "WARNING"
 	defaultPostgresParamValueLogErrorVerbosity      = "VERBOSE"
@@ -211,6 +213,9 @@ type PostgresSpec struct {
 
 	// DedicatedLoadBalancerPort The port to use for the load balancer
 	DedicatedLoadBalancerPort *int32 `json:"dedicatedLoadBalancerPort,omitempty"`
+
+	// DisableLoadBalancers enable or disable the Load Balancers (Services)
+	DisableLoadBalancers *bool `json:"disableLoadBalancers,omitempty"`
 }
 
 // AccessList defines the type of restrictions to access the database
@@ -385,7 +390,7 @@ func (p *Postgres) ToSharedSvcLB(lbIP string, lbPort int32, enableStandbyLeaderS
 
 	lb.Spec.Selector = map[string]string{
 		ApplicationLabelName: ApplicationLabelValue,
-		"cluster-name":       p.ToPeripheralResourceName(),
+		ClusterNameLabelName: p.ToPeripheralResourceName(),
 		"team":               p.generateTeamID(),
 	}
 	if p.IsReplicationPrimaryOrStandalone() {
@@ -401,6 +406,9 @@ func (p *Postgres) ToSharedSvcLB(lbIP string, lbPort int32, enableStandbyLeaderS
 			lb.Spec.Selector[StatefulsetPodNameLabelName] = p.ToPeripheralResourceName() + "-0"
 		}
 	}
+	if p.DisableLoadBalancers() {
+		lb.Spec.Selector[ClusterNameLabelName] = defaultSelectorDisableValue
+	}
 
 	if len(lbIP) > 0 {
 		// if no ip is set, a new loadbalancer will be created automatically
@@ -479,7 +487,7 @@ func (p *Postgres) ToDedicatedSvcLB(lbIP string, lbPort int32, standbyClustersSo
 
 	lb.Spec.Selector = map[string]string{
 		ApplicationLabelName: ApplicationLabelValue,
-		"cluster-name":       p.ToPeripheralResourceName(),
+		ClusterNameLabelName: p.ToPeripheralResourceName(),
 		"team":               p.generateTeamID(),
 	}
 	if p.IsReplicationPrimaryOrStandalone() {
@@ -488,6 +496,9 @@ func (p *Postgres) ToDedicatedSvcLB(lbIP string, lbPort int32, standbyClustersSo
 		// select the first pod in the statefulset
 		lb.Spec.Selector[StatefulsetPodNameLabelName] = p.ToPeripheralResourceName() + "-0"
 	}
+	if p.DisableLoadBalancers() {
+		lb.Spec.Selector[ClusterNameLabelName] = defaultSelectorDisableValue
+	}
 
 	if len(lbIP) > 0 {
 		lb.Spec.LoadBalancerIP = lbIP
@@ -1068,3 +1079,11 @@ func (p *Postgres) ToStandbyClusterEgressCWNP() (*firewall.ClusterwideNetworkPol
 
 	return standbyEgressCWNP, nil
 }
+
+func (p *Postgres) DisableLoadBalancers() bool {
+	if p.Spec.DisableLoadBalancers == nil {
+		return false
+	}
+
+	return *p.Spec.DisableLoadBalancers
+}

api/v1/zz_generated.deepcopy.go

@@ -113,6 +113,10 @@ spec:
               description:
                 description: Description
                 type: string
+              disableLoadBalancers:
+                description: DisableLoadBalancers enable or disable the Load Balancers
+                  (Services)
+                type: boolean
               maintenance:
                 description: |-
                   todo: add default