Gateway readiness probe passthrough
A small, additive operator change.
Added
spec.gateway.readinessProbe(*corev1.Probe) — override the gateway tier's readiness probe. Use it to supply a custom serving-aware gate, e.g. an exec probe that keeps a gateway in service as long as it can reach a read quorum. When unset, behavior is unchanged.
Why the default is a bind-only TCP check (and not admin /health)
A serving-aware /health readiness probe was prototyped and deliberately not made the default. /health is a cluster-wide consistent write-quorum signal: at replication.factor=2, losing a single storage node drops every partition below write-quorum, so /health returns 503 on every node (likewise during federation bootstrap before remote peers join). Behind a publishNotReadyAddresses: false Service (e.g. a Tailscale anycast), that would mark all gateways NotReady and withdraw the whole anycast — taking down reads too, even though read_quorum=1 means reads still work. So gateway readiness stays bind-only TCP (gateways keep serving reads), and the serving/quorum signal belongs in monitoring, not readiness. The passthrough is for operators who have a genuine read-capability gate.
Upgrade notes
- Operator-only, non-disruptive: no Garage pod restart, gateway readiness default unchanged.
- No API break — additive optional field;
v1beta1(gateway-as-bool) is unaffected.