mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-15 02:44:24 -05:00
16c63d57cd
* dev-docs: add 'things to try' section to VPN howto * dev-docs: full L3 connectivity in VPN chart
55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: {{ include "..fullname" . }}-frontend
|
|
labels: {{- include "..labels" . | nindent 4 }}
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
{{- include "..selectorLabels" . | nindent 6 }}
|
|
component: frontend
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "..selectorLabels" . | nindent 8 }}
|
|
component: frontend
|
|
spec:
|
|
hostPID: true
|
|
containers:
|
|
- name: strongswan
|
|
image: {{ .Values.image | quote }}
|
|
command: ["sh", "-x", "/entrypoint.sh"]
|
|
securityContext:
|
|
capabilities:
|
|
add: ["NET_ADMIN"]
|
|
volumeMounts:
|
|
- name: files
|
|
mountPath: "/entrypoint.sh"
|
|
subPath: "entrypoint.sh"
|
|
readOnly: true
|
|
- name: files
|
|
mountPath: "/etc/strongswan.d/charon-logging.conf"
|
|
subPath: "charon-logging.conf"
|
|
readOnly: true
|
|
- name: config
|
|
mountPath: "/etc/swanctl/swanctl.conf"
|
|
subPath: "swanctl.conf"
|
|
readOnly: true
|
|
- name: cilium-setup
|
|
image: {{ .Values.image | quote }}
|
|
command: ["sh", "/scripts/sidecar.sh"]
|
|
env: {{- include "..commonEnv" . | nindent 10 }}
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- name: files
|
|
mountPath: "/scripts"
|
|
readOnly: true
|
|
volumes:
|
|
- name: files
|
|
configMap:
|
|
name: {{ include "..fullname" . }}-strongswan
|
|
- name: config
|
|
secret:
|
|
secretName: {{ include "..fullname" . }}-strongswan
|