feat(init): enable switching between nodeport and proxy mode

[AustinAbro321]

Description

This allows switching between nodeport and proxy mode. When a user runs a secondary zarf init, if no mode is specified, then the mode that this currently in Zarf state will be used. If a mode is specified, then that mode will be used instead

Related Issue

Fixes #4586

Checklist before merging

• Test, docs, adr added or updated as needed
• Contributor Guide Steps followed

[netlify]

✅ Deploy Preview for zarf-docs canceled.

Name	Link
🔨 Latest commit	1c0e873
🔍 Latest deploy log	https://app.netlify.com/projects/zarf-docs/deploys/69aeb53efe45bf0008cf3fbf

[codecov]

Codecov Report

❌ Patch coverage is 31.37255% with 35 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/pkg/state/state.go	0.00%	20 Missing ⚠️
src/pkg/cluster/cluster.go	64.00%	6 Missing and 3 partials ⚠️
src/cmd/initialize.go	0.00%	6 Missing ⚠️

Files with missing lines	Coverage Δ
src/cmd/initialize.go	25.65% <0.00%> (-0.55%)	⬇️
src/pkg/cluster/cluster.go	32.56% <64.00%> (+0.79%)	⬆️
src/pkg/state/state.go	27.53% <0.00%> (-2.43%)	⬇️

... and 9 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[brandtkeller]

One observation - otherwise documentation for switching from one to another as a supported operation could be helpful if not currently planned.

[brandtkeller]

This does not check NodePort - whereas it would have before. Which is intentional in the context of running zarf init and changing the mode from nodeport to proxy.

But does/should a nodeport to nodeport upgrade with a nodeport change silently pass here now? Should we establish a check back in the caller for this case?

[AustinAbro321]

Yeah it does pass where it didn't before, but I think that's a benefit. I don't think there's an advantage to stopping the update of the nodeport. I believe the historical reason we did this is because it was more convenient to use helpers.IsNotZeroAndNotEqual instead of a custom function I created here

[brandtkeller]

That sounds fair. If the nodeport is updated - do we ever hit a scenario where an artifact can not be pulled due to a change in the registry service? Everything GitOps pulls from the internal service (so we're fine there). Pods should be maintained by a cache on the node until another mutation request is sent to update the host.

[AustinAbro321]

Zarf and the kubelet won't because of the situation you described. If the user has something else pulling from the nodeport (discouraged outside of the kubelet case) it's possible, but since the user is opting into the nodeport change, I think that's reasonable.

[brandtkeller]

minor comments - an interesting side effect I didn't see mentioned is that deploying nodeport -> proxy -> nodeport looks to have retained the mtls settings on the nodeport solution. I am thinking about the implications here but I also don't know if this was intended to be a fully supported workflow. Documentation here would be useful - to include the upgrade support on init such that you do not need to re-declare your previous mode.

[brandtkeller]

Slightly misleading function name. We include Address in the comparison but not NodePort or Mode. So it is not strictly creds nor is it a comparison for potential drift between two RegistryInfo Structs (See doccomment).

[brandtkeller]

Initially this feels duplicative of something that could occur in FillInEmptyValues but in tracing I see that this is needed for InitState's opts.RegistryInfo.NodePort != 0 guard to work on mode switches.

This works in the given state but feels a little confusing. My only thought is that being able to discern empty from go default could be handy - but I don't know if we want to change the surface of those fields now... (thinking *int).