Summary of Changes

Hello @lllamnyp, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical issue where Virtual Machines provisioned without a public IP address lacked an associated Kubernetes Service, consequently preventing them from having an in-cluster DNS name. By modifying the service templates, all VMs will now consistently be exposed with at least a ClusterIP service, ensuring proper internal discoverability and DNS resolution within the cluster.

Highlights

• Service Creation Logic: The conditional logic that prevented a Kubernetes Service from being created for Virtual Machines (VMs) without a public IP has been removed. Services will now always be created for all VMs.
• In-cluster DNS Resolution: This change ensures that all VMs, including those without public IPs, will have an in-cluster DNS name, resolving an issue where such VMs were not discoverable within the cluster.
• Default Service Port: For VMs that are not exposed externally (i.e., without a public IP), a default service port of 65535 has been added to ensure the ClusterIP service is properly defined.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Walkthrough

Two Helm Service templates were updated to gate annotations, LoadBalancer settings, and ports behind an .Values.external flag. When external: true the templates emit LoadBalancer-specific fields and dynamic ports (or fallback 65535); when external: false they emit a headless/internal Service with clusterIP: None and a single port 65535.

Changes

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Areas to check:
  • Correct branching between external: true (LoadBalancer) and external: false (headless ClusterIP)
  • Templates that render ports: name/port/targetPort generation and the WholeIP fallback
  • That annotations and allocateLoadBalancerNodePorts are only emitted when intended

Poem

🐇 I hopped through templates, tidy and neat,

External gates open, internal ones meet.
Ports now decide to shout or stay small,
ClusterIP None gives names to them all. 🥕

Pre-merge checks and finishing touches

Learnt from: lllamnyp
Repo: cozystack/cozystack PR: 1160
File: packages/system/hetzner-robotlb/charts/robotlb/templates/role.yaml:6-8
Timestamp: 2025-07-11T06:28:13.696Z
Learning: In Helm templates, the `{{-` directive chomps all leading whitespace including newlines back to the previous content, so `{{- toYaml .Values.something | nindent 2 }}` will render correctly even with apparent indentation issues. However, for better style, it's cleaner to put the template directive on the same line as the parent key (e.g., `rules: {{- toYaml .Values.serviceAccount.permissions | nindent 2 }}`).

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Successfully created backport PR for release-0.39:

• [Backport release-0.39] [vm] Always expose VMs with a service #1751