Properly fix external host value handling

korewaChino · korewaChino · commit db50ee44897c · 2025-07-10T14:44:58.000+07:00
Ported from stable :3
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "chisel-operator"
-version = "0.6.0-beta.1"
+version = "0.6.0-beta.2"
 edition = "2021"
 description = "Chisel tunnel operator for Kubernetes"
 authors = [
diff --git a/charts/chisel-operator/Chart.yaml b/charts/chisel-operator/Chart.yaml
@@ -21,4 +21,4 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.6.0-beta.1"
+appVersion: "v0.6.0-beta.2"
diff --git a/deploy/crd/exit-node.yaml b/deploy/crd/exit-node.yaml
@@ -34,7 +34,12 @@ spec:
                 description: Optional boolean value for whether to make the exit node the default route for the cluster If true, the exit node will be the default route for the cluster default value is false
                 type: boolean
               external_host:
-                description: Optional real external hostname/IP of exit node If not provided, the host field will be used
+                description: |-
+                  Optional real external hostname or IP of the exit node.
+
+                  This field is used to explicitly specify the public-facing endpoint for the exit node. If set to an IP address, it will be used as the `ip` field in the Service's `status.loadBalancer.ingress`, which is what external-dns and other automation will use to create DNS records or inform users of the external endpoint. If set to a DNS name, it will be used as the `hostname` field in the same struct.
+
+                  This is useful when the exit node is only reachable via a specific external IP or hostname, even if the internal service is routed to a private address. If not provided, the value of the `host` field will be used instead.
                 nullable: true
                 type: string
               fingerprint:
diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml
@@ -19,7 +19,7 @@ spec:
       automountServiceAccountToken: true
       containers:
         - name: chisel-operator
-          image: ghcr.io/fyralabs/chisel-operator:v0.6.0-beta.1
+          image: ghcr.io/fyralabs/chisel-operator:v0.6.0-beta.2
           env:
             - name: RUST_LOG
               value: "debug"
diff --git a/src/daemon.rs b/src/daemon.rs
@@ -466,11 +466,28 @@ async fn reconcile_svcs(obj: Arc<Service>, ctx: Arc<Context>) -> Result<Action,
 
     let serverside = PatchParams::apply(OPERATOR_MANAGER).validation_strict();
 
+    let external_host = node.get_external_host();
+
+    // this is kinda hard to read,
+    // but we do want to properly set up the LoadBalancer status properly
+    let (ingress_ip, ingress_hostname) = if !external_host.is_empty() {
+        if external_host.parse::<std::net::IpAddr>().is_ok() {
+            // If the external host is a valid IP address, use it
+            (Some(external_host), None)
+        } else {
+            // if not an IP address, use it as a hostname
+            (None, Some(external_host))
+        }
+    } else {
+        // or if we don't have an external hostname configured, just use the IP
+        (Some(exit_node_ip.clone()), None)
+    };
+
     svc.status = Some(ServiceStatus {
         load_balancer: Some(LoadBalancerStatus {
             ingress: Some(vec![LoadBalancerIngress {
-                ip: Some(exit_node_ip.clone()),
-                // hostname: Some(node.get_external_host()),
+                ip: ingress_ip,
+                hostname: ingress_hostname,
                 ..Default::default()
             }]),
         }),
diff --git a/src/ops.rs b/src/ops.rs
@@ -42,8 +42,17 @@ pub fn parse_provisioner_label_value<'a>(
 pub struct ExitNodeSpec {
     /// Hostname or IP address of the chisel server
     pub host: String,
-    /// Optional real external hostname/IP of exit node
-    /// If not provided, the host field will be used
+    /// Optional real external hostname or IP of the exit node.
+    ///
+    /// This field is used to explicitly specify the public-facing endpoint for the exit node.
+    /// If set to an IP address, it will be used as the `ip` field in the Service's
+    /// `status.loadBalancer.ingress`, which is what external-dns and other automation
+    /// will use to create DNS records or inform users of the external endpoint.
+    /// If set to a DNS name, it will be used as the `hostname` field in the same struct.
+    ///
+    /// This is useful when the exit node is only reachable via a specific external IP or
+    /// hostname, even if the internal service is routed to a private address.
+    /// If not provided, the value of the `host` field will be used instead.
     #[serde(default)]
     pub external_host: Option<String>,
     /// Control plane port of the chisel server
@@ -85,6 +94,15 @@ impl ExitNode {
         }
     }
 
+    /// returns the external host for use in LoadBalancer Ingress hostname
+    /// if external_host is set, use that, otherwise use get_host()
+    pub fn get_external_host(&self) -> String {
+        self.spec
+            .external_host
+            .clone()
+            .unwrap_or_else(|| self.get_host())
+    }
+
     /// For cloud provisioning:
     ///
     /// Generates a new secret with the `auth` key containing the auth string for chisel in the same namespace as the ExitNode
