From 917a6f354d09215d1a65cd28778a13bc4fa35278 Mon Sep 17 00:00:00 2001
From: Timofei Larkin <lllamnyp@gmail.com>
Date: Thu, 24 Jul 2025 17:00:34 +0300
Subject: [PATCH] [platform] Autodetect RobotLB

If running in Hetzner and using Hetzner's cloud load balancers, node
ports need to be allocated for the load balancer to function correctly.
Therefore if RobotLB is enabled, we probably need to assign node ports.

Release note:
[platform] Autodetect if node ports should be assigned to load balancer
services.

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
---
 .../apps/ferretdb/templates/external-svc.yaml |  2 ++
 .../http-cache/templates/haproxy/service.yaml |  2 ++
 .../apps/postgres/templates/external-svc.yaml |  2 ++
 packages/apps/redis/templates/service.yaml    |  2 ++
 .../apps/tcp-balancer/templates/service.yaml  |  2 ++
 .../virtual-machine/templates/service.yaml    |  2 ++
 .../apps/vm-instance/templates/service.yaml   |  2 ++
 .../library/cozy-lib/templates/_network.tpl   | 23 +++++++++++++++++++
 8 files changed, 37 insertions(+)
 create mode 100644 packages/library/cozy-lib/templates/_network.tpl

diff --git a/packages/apps/ferretdb/templates/external-svc.yaml b/packages/apps/ferretdb/templates/external-svc.yaml
index 31d54695..b4550cce 100644
--- a/packages/apps/ferretdb/templates/external-svc.yaml
+++ b/packages/apps/ferretdb/templates/external-svc.yaml
@@ -8,7 +8,9 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
+    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
+    {{- end }}
   {{- end }}
   ports:
   - name: ferretdb
diff --git a/packages/apps/http-cache/templates/haproxy/service.yaml b/packages/apps/http-cache/templates/haproxy/service.yaml
index 39659212..9286a8b5 100644
--- a/packages/apps/http-cache/templates/haproxy/service.yaml
+++ b/packages/apps/http-cache/templates/haproxy/service.yaml
@@ -10,7 +10,9 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
+    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
+    {{- end }}
   {{- end }}
   selector:
     app: {{ .Release.Name }}-haproxy
diff --git a/packages/apps/postgres/templates/external-svc.yaml b/packages/apps/postgres/templates/external-svc.yaml
index 2f4e8b91..a243dccd 100644
--- a/packages/apps/postgres/templates/external-svc.yaml
+++ b/packages/apps/postgres/templates/external-svc.yaml
@@ -7,7 +7,9 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
+    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
+    {{- end }}
   {{- end }}
   ports:
   - name: postgres
diff --git a/packages/apps/redis/templates/service.yaml b/packages/apps/redis/templates/service.yaml
index 05729a4a..81a73761 100644
--- a/packages/apps/redis/templates/service.yaml
+++ b/packages/apps/redis/templates/service.yaml
@@ -11,7 +11,9 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
+    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
+    {{- end }}
   {{- end }}
   selector:
     app.kubernetes.io/component: redis
diff --git a/packages/apps/tcp-balancer/templates/service.yaml b/packages/apps/tcp-balancer/templates/service.yaml
index 030b8e7e..8384cc85 100644
--- a/packages/apps/tcp-balancer/templates/service.yaml
+++ b/packages/apps/tcp-balancer/templates/service.yaml
@@ -10,7 +10,9 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
+    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
+    {{- end }}
   {{- end }}
   selector:
     app: {{ .Release.Name }}-haproxy
diff --git a/packages/apps/virtual-machine/templates/service.yaml b/packages/apps/virtual-machine/templates/service.yaml
index 77df7058..e1e43912 100644
--- a/packages/apps/virtual-machine/templates/service.yaml
+++ b/packages/apps/virtual-machine/templates/service.yaml
@@ -13,7 +13,9 @@ metadata:
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
+    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
+    {{- end }}
   selector:
     {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
   ports:
diff --git a/packages/apps/vm-instance/templates/service.yaml b/packages/apps/vm-instance/templates/service.yaml
index 77df7058..e1e43912 100644
--- a/packages/apps/vm-instance/templates/service.yaml
+++ b/packages/apps/vm-instance/templates/service.yaml
@@ -13,7 +13,9 @@ metadata:
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
+    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
+    {{- end }}
   selector:
     {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
   ports:
diff --git a/packages/library/cozy-lib/templates/_network.tpl b/packages/library/cozy-lib/templates/_network.tpl
new file mode 100644
index 00000000..f8c15713
--- /dev/null
+++ b/packages/library/cozy-lib/templates/_network.tpl
@@ -0,0 +1,23 @@
+{{- define "cozy-lib.network.defaultDisableLoadBalancerNodePorts" }}
+{{/* Default behavior prior to introduction */}}
+{{-   `true` }}
+{{- end }}
+
+{{/* 
+Invoke as {{ include "cozy-lib.network.disableLoadBalancerNodePorts" $ }}.
+Detects whether the current load balancer class requires nodeports to function
+correctly. Currently just checks if Hetzner's RobotLB is enabled, which does
+require nodeports, and so, returns `false`. Otherwise assumes that metallb is
+in use and returns `true`.
+*/}}
+
+{{- define "cozy-lib.network.disableLoadBalancerNodePorts" }}
+{{-   include "cozy-lib.loadCozyConfig" (list "" .) }}
+{{-   $cozyConfig := index . 1 "cozyConfig" }}
+{{-   if not $cozyConfig }}
+{{-     include "cozy-lib.network.defaultDisableLoadBalancerNodePorts" . }}
+{{-   else }}
+{{-     $enabledComponents := splitList "," ((index $cozyConfig.data "bundle-enable") | default "") }}
+{{-     not (has "robotlb" $enabledComponents) }}
+{{-   end }}
+{{- end }}