apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ include "..fullname" . }}-frontend
  labels: {{- include "..labels" . | nindent 4 }}
spec:
  selector:
    matchLabels:
      {{- include "..selectorLabels" . | nindent 6 }}
      component: frontend
  template:
    metadata:
      labels:
        {{- include "..selectorLabels" . | nindent 8 }}
        component: frontend
    spec:
      hostPID: true
      containers:
      - name: strongswan
        image: {{ .Values.image | quote }}
        command: ["sh", "-x", "/entrypoint.sh"]
        securityContext:
          capabilities:
            add: ["NET_ADMIN"]
        volumeMounts:
        - name: files
          mountPath: "/entrypoint.sh"
          subPath: "entrypoint.sh"
          readOnly: true
        - name: files
          mountPath: "/etc/strongswan.d/charon-logging.conf"
          subPath: "charon-logging.conf"
          readOnly: true
        - name: config
          mountPath: "/etc/swanctl/swanctl.conf"
          subPath: "swanctl.conf"
          readOnly: true
      - name: cilium-setup
        image: {{ .Values.image | quote }}
        command: ["sh", "/scripts/sidecar.sh"]
        env: {{- include "..commonEnv" . | nindent 10 }}
        securityContext:
          privileged: true
        volumeMounts:
        - name: files
          mountPath: "/scripts"
          readOnly: true
      volumes:
      - name: files
        configMap:
          name: {{ include "..fullname" . }}-strongswan
      - name: config
        secret:
          secretName: {{ include "..fullname" . }}-strongswan