apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ include "..fullname" . }}-frontend
  labels: {{- include "..labels" . | nindent 4 }}
spec:
  selector:
    matchLabels:
      {{- include "..selectorLabels" . | nindent 6 }}
      component: frontend
  template:
    metadata:
      labels:
        {{- include "..selectorLabels" . | nindent 8 }}
        component: frontend
    spec:
      hostPID: true
      containers:
      - name: strongswan
        image: {{ .Values.image | quote }}
        command: ["/bin/strongswan.sh"]
        securityContext:
          capabilities:
            add: ["NET_ADMIN"]
        volumeMounts:
        - name: config
          mountPath: "/etc/swanctl/swanctl.conf"
          subPath: "swanctl.conf"
          readOnly: true
      - name: cilium-setup
        image: {{ .Values.image | quote }}
        command: ["/bin/sidecar.sh"]
        env: {{- include "..commonEnv" . | nindent 10 }}
        securityContext:
          privileged: true
      volumes:
      - name: config
        secret:
          secretName: {{ include "..fullname" . }}-strongswan