Copy over kah library

2025-07-03 16:37:04 +02:00 · 2022-07-26 16:08:37 +02:00 · 2022-07-26 16:08:37 +02:00 · 61626834fe
commit 61626834fe
parent c922af6065
57 changed files with 3583 additions and 0 deletions
--- a/charts/library/common/templates/addons/code-server/_codeserver.tpl
+++ b/charts/library/common/templates/addons/code-server/_codeserver.tpl
@ -0,0 +1,50 @@
+{{/*
+Template to render code-server addon
+It will include / inject the required templates based on the given values.
+*/}}
+{{- define "common.addon.codeserver" -}}
+{{- if .Values.addons.codeserver.enabled -}}
+  {{/* Append the code-server container to the additionalContainers */}}
+  {{- $container := include "common.addon.codeserver.container" . | fromYaml -}}
+  {{- if $container -}}
+    {{- $_ := set .Values.additionalContainers "addon-codeserver" $container -}}
+  {{- end -}}
+
+  {{/* Include the deployKeySecret if not empty */}}
+  {{- $secret := include "common.addon.codeserver.deployKeySecret" . -}}
+  {{- if $secret -}}
+    {{- $secret | nindent 0 -}}
+  {{- end -}}
+
+  {{/* Append the secret volume to the volumes */}}
+  {{- $volume := include "common.addon.codeserver.deployKeyVolumeSpec" . | fromYaml -}}
+  {{- if $volume -}}
+    {{- $_ := set .Values.persistence "deploykey" (dict "enabled" "true" "mountPath" "-" "type" "custom" "volumeSpec" $volume) -}}
+  {{- end -}}
+
+  {{/* Add the code-server service */}}
+  {{- if .Values.addons.codeserver.service.enabled -}}
+    {{- $serviceValues := .Values.addons.codeserver.service -}}
+    {{- $_ := set $serviceValues "nameOverride" "codeserver" -}}
+    {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
+    {{- include "common.classes.service" $ -}}
+    {{- $_ := unset $ "ObjectValues" -}}
+  {{- end -}}
+
+  {{/* Add the code-server ingress */}}
+  {{- if .Values.addons.codeserver.ingress.enabled -}}
+    {{- $ingressValues := .Values.addons.codeserver.ingress -}}
+    {{- $_ := set $ingressValues "nameOverride" "codeserver" -}}
+
+    {{/* Determine the target service name & port */}}
+    {{- $svcName := printf "%v-codeserver" (include "common.names.fullname" .) -}}
+    {{- $svcPort := .Values.addons.codeserver.service.ports.codeserver.port -}}
+    {{- range $_, $host := $ingressValues.hosts -}}
+      {{- $_ := set (index $host.paths 0) "service" (dict "name" $svcName "port" $svcPort) -}}
+    {{- end -}}
+    {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
+    {{- include "common.classes.ingress" $ -}}
+    {{- $_ := unset $ "ObjectValues" -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/code-server/_container.tpl
+++ b/charts/library/common/templates/addons/code-server/_container.tpl
@ -0,0 +1,46 @@
+{{/*
+The code-server sidecar container to be inserted.
+*/}}
+{{- define "common.addon.codeserver.container" -}}
+{{- if lt (len .Values.addons.codeserver.volumeMounts) 1 }}
+{{- fail "At least 1 volumeMount is required for codeserver container" }}
+{{- end -}}
+name: codeserver
+image: "{{ .Values.addons.codeserver.image.repository }}:{{ .Values.addons.codeserver.image.tag }}"
+imagePullPolicy: {{ .Values.addons.codeserver.pullPolicy }}
+{{- with .Values.addons.codeserver.securityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.codeserver.env }}
+env:
+{{- range $k, $v := . }}
+  - name: {{ $k }}
+    value: {{ $v | quote }}
+{{- end }}
+{{- end }}
+ports:
+- name: codeserver
+  containerPort: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
+  protocol: TCP
+args:
+{{- range .Values.addons.codeserver.args }}
+- {{ . | quote }}
+{{- end }}
+- "--port"
+- "{{ .Values.addons.codeserver.service.ports.codeserver.port }}"
+- {{ .Values.addons.codeserver.workingDir | default (first .Values.addons.codeserver.volumeMounts).mountPath }}
+volumeMounts:
+{{- with .Values.addons.codeserver.volumeMounts }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 .Values.addons.codeserver.git.deployKeySecret }}
+  - name: deploykey
+    mountPath: /root/.ssh/id_rsa
+    subPath: id_rsa
+{{- end }}
+{{- with .Values.addons.codeserver.resources }}
+resources:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}
--- a/charts/library/common/templates/addons/code-server/_secret.tpl
+++ b/charts/library/common/templates/addons/code-server/_secret.tpl
@ -0,0 +1,22 @@
+{{/*
+The OpenVPN credentials secrets to be included.
+*/}}
+{{- define "common.addon.codeserver.deployKeySecret" -}}
+{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "common.names.fullname" . }}-deploykey
+  labels: {{- include "common.labels" $ | nindent 4 }}
+  annotations: {{- include "common.annotations" $ | nindent 4 }}
+type: Opaque
+{{- if .Values.addons.codeserver.git.deployKey }}
+stringData:
+  id_rsa: {{ .Values.addons.codeserver.git.deployKey | quote }}
+{{- else }}
+data:
+  id_rsa: {{ .Values.addons.codeserver.git.deployKeyBase64 | quote }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- a/charts/library/common/templates/addons/code-server/_volume.tpl
+++ b/charts/library/common/templates/addons/code-server/_volume.tpl
@ -0,0 +1,17 @@
+{{/*
+The volume (referencing git deploykey) to be inserted into additionalVolumes.
+*/}}
+{{- define "common.addon.codeserver.deployKeyVolumeSpec" -}}
+{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 .Values.addons.codeserver.git.deployKeySecret }}
+secret:
+  {{- if .Values.addons.codeserver.git.deployKeySecret }}
+  secretName: {{ .Values.addons.codeserver.git.deployKeySecret }}
+  {{- else }}
+  secretName: {{ include "common.names.fullname" . }}-deploykey
+  {{- end }}
+  defaultMode: 256
+  items:
+    - key: id_rsa
+      path: id_rsa
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/netshoot/_container.tpl
+++ b/charts/library/common/templates/addons/netshoot/_container.tpl
@ -0,0 +1,27 @@
+{{/*
+The netshoot sidecar container to be inserted.
+*/}}
+{{- define "common.addon.netshoot.container" -}}
+name: netshoot
+image: "{{ .Values.addons.netshoot.image.repository }}:{{ .Values.addons.netshoot.image.tag }}"
+imagePullPolicy: {{ .Values.addons.netshoot.pullPolicy }}
+{{- with .Values.addons.netshoot.securityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.netshoot.env }}
+env:
+{{- range $k, $v := . }}
+  - name: {{ $k }}
+    value: {{ $v | quote }}
+{{- end }}
+{{- end }}
+command:
+  - /bin/sh
+  - -c
+  - sleep infinity
+{{- with .Values.addons.netshoot.resources }}
+resources:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}
--- a/charts/library/common/templates/addons/netshoot/_netshoot.tpl
+++ b/charts/library/common/templates/addons/netshoot/_netshoot.tpl
@ -0,0 +1,13 @@
+{{/*
+Template to render netshoot addon
+It will include / inject the required templates based on the given values.
+*/}}
+{{- define "common.addon.netshoot" -}}
+{{- if .Values.addons.netshoot.enabled -}}
+  {{/* Append the netshoot container to the additionalContainers */}}
+  {{- $container := include "common.addon.netshoot.container" . | fromYaml -}}
+  {{- if $container -}}
+    {{- $_ := set .Values.additionalContainers "addon-netshoot" $container -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/promtail/_configmap.tpl
+++ b/charts/library/common/templates/addons/promtail/_configmap.tpl
@ -0,0 +1,35 @@
+{{/*
+The promtail config to be included.
+*/}}
+{{- define "common.addon.promtail.configmap" -}}
+{{- if .Values.addons.promtail.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.fullname" . }}-promtail
+  labels: {{- include "common.labels" $ | nindent 4 }}
+  annotations: {{- include "common.annotations" $ | nindent 4 }}
+data:
+  promtail.yaml: |
+    server:
+      http_listen_port: 9080
+      grpc_listen_port: 0
+    positions:
+      filename: /tmp/positions.yaml
+    {{- with .Values.addons.promtail.loki }}
+    client:
+      url: {{ . }}
+    {{- end }}
+    scrape_configs:
+    {{- range .Values.addons.promtail.logs }}
+    - job_name: {{ .name }}
+      static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: {{ .name }}
+          __path__: "{{ .path }}"
+    {{- end }}
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/promtail/_container.tpl
+++ b/charts/library/common/templates/addons/promtail/_container.tpl
@ -0,0 +1,39 @@
+{{/*
+The promtail sidecar container to be inserted.
+*/}}
+{{- define "common.addon.promtail.container" -}}
+{{- if lt (len .Values.addons.promtail.volumeMounts) 1 }}
+{{- fail "At least 1 volumeMount is required for the promtail container" }}
+{{- end -}}
+name: promtail
+image: "{{ .Values.addons.promtail.image.repository }}:{{ .Values.addons.promtail.image.tag }}"
+imagePullPolicy: {{ .Values.addons.promtail.pullPolicy }}
+{{- with .Values.addons.promtail.securityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.promtail.env }}
+env:
+{{- range $k, $v := . }}
+  - name: {{ $k }}
+    value: {{ $v | quote }}
+{{- end }}
+{{- end }}
+args:
+{{- range .Values.addons.promtail.args }}
+- {{ . | quote }}
+{{- end }}
+- "-config.file=/etc/promtail/promtail.yaml"
+volumeMounts:
+  - name: promtail-config
+    mountPath: /etc/promtail/promtail.yaml
+    subPath: promtail.yaml
+    readOnly: true
+{{- with .Values.addons.promtail.volumeMounts }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.promtail.resources }}
+resources:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}
--- a/charts/library/common/templates/addons/promtail/_promtail.tpl
+++ b/charts/library/common/templates/addons/promtail/_promtail.tpl
@ -0,0 +1,25 @@
+{{/*
+Template to render promtail addon
+It will include / inject the required templates based on the given values.
+*/}}
+{{- define "common.addon.promtail" -}}
+{{- if .Values.addons.promtail.enabled -}}
+  {{/* Append the promtail container to the additionalContainers */}}
+  {{- $container := include "common.addon.promtail.container" . | fromYaml -}}
+  {{- if $container -}}
+    {{- $_ := set .Values.additionalContainers "addon-promtail" $container -}}
+  {{- end -}}
+
+  {{/* Include the configmap if not empty */}}
+  {{- $configmap := include "common.addon.promtail.configmap" . -}}
+  {{- if $configmap -}}
+    {{- $configmap | nindent 0 -}}
+  {{- end -}}
+
+  {{/* Append the promtail config volume to the volumes */}}
+  {{- $volume := include "common.addon.promtail.volumeSpec" . | fromYaml -}}
+  {{- if $volume -}}
+    {{- $_ := set .Values.persistence "promtail-config" (dict "enabled" "true" "mountPath" "-" "type" "custom" "volumeSpec" $volume) -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/promtail/_volume.tpl
+++ b/charts/library/common/templates/addons/promtail/_volume.tpl
@ -0,0 +1,7 @@
+{{/*
+The volume (referencing config) to be inserted into additionalVolumes.
+*/}}
+{{- define "common.addon.promtail.volumeSpec" -}}
+configMap:
+  name: {{ include "common.names.fullname" . }}-promtail
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/_configmap.tpl
+++ b/charts/library/common/templates/addons/vpn/_configmap.tpl
@ -0,0 +1,23 @@
+{{/*
+The VPN config and scripts to be included.
+*/}}
+{{- define "common.addon.vpn.configmap" -}}
+{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.fullname" . }}-vpn
+  labels: {{- include "common.labels" $ | nindent 4 }}
+  annotations: {{- include "common.annotations" $ | nindent 4 }}
+data:
+{{- with .Values.addons.vpn.scripts.up }}
+  up.sh: |-
+    {{- . | nindent 4}}
+{{- end }}
+{{- with .Values.addons.vpn.scripts.down }}
+  down.sh: |-
+    {{- . | nindent 4}}
+{{- end }}
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/_networkpolicy.tpl
+++ b/charts/library/common/templates/addons/vpn/_networkpolicy.tpl
@ -0,0 +1,29 @@
+{{/*
+Blueprint for the NetworkPolicy object that can be included in the addon.
+*/}}
+{{- define "common.addon.vpn.networkpolicy" -}}
+{{- if .Values.addons.vpn.networkPolicy.enabled }}
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  {{- with (merge (.Values.addons.vpn.networkPolicy.labels | default dict) (include "common.labels" $ | fromYaml)) }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (merge (.Values.addons.vpn.networkPolicy.annotations | default dict) (include "common.annotations" $ | fromYaml)) }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  podSelector:
+    {{- with (merge .Values.addons.vpn.networkPolicy.podSelectorLabels (include "common.labels.selectorLabels" . | fromYaml)) }}
+    matchLabels: {{- toYaml . | nindent 6 }}
+    {{- end }}
+  policyTypes:
+    - Egress
+  egress:
+    {{- with .Values.addons.vpn.networkPolicy.egress }}
+      {{- . | toYaml | nindent 4 }}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/_secret.tpl
+++ b/charts/library/common/templates/addons/vpn/_secret.tpl
@ -0,0 +1,19 @@
+{{/*
+The OpenVPN config secret to be included.
+*/}}
+{{- define "common.addon.vpn.secret" -}}
+{{- if and .Values.addons.vpn.configFile (not .Values.addons.vpn.configFileSecret) }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.names.fullname" . }}-vpnconfig
+  labels: {{- include "common.labels" $ | nindent 4 }}
+  annotations: {{- include "common.annotations" $ | nindent 4 }}
+stringData:
+  {{- with .Values.addons.vpn.configFile }}
+  vpnConfigfile: |-
+    {{- . | nindent 4}}
+  {{- end }}
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/_volume.tpl
+++ b/charts/library/common/templates/addons/vpn/_volume.tpl
@ -0,0 +1,37 @@
+{{/*
+The volume (referencing VPN scripts) to be inserted into additionalVolumes.
+*/}}
+{{- define "common.addon.vpn.scriptsVolumeSpec" -}}
+{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
+configMap:
+  name: {{ include "common.names.fullname" . }}-vpn
+  items:
+    {{- if .Values.addons.vpn.scripts.up }}
+    - key: up.sh
+      path: up.sh
+      mode: 0777
+    {{- end }}
+    {{- if .Values.addons.vpn.scripts.down }}
+    - key: down.sh
+      path: down.sh
+      mode: 0777
+    {{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+The volume (referencing VPN config) to be inserted into additionalVolumes.
+*/}}
+{{- define "common.addon.vpn.configVolumeSpec" -}}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret -}}
+secret:
+  {{- if .Values.addons.vpn.configFileSecret }}
+  secretName: {{ .Values.addons.vpn.configFileSecret }}
+  {{- else }}
+  secretName: {{ include "common.names.fullname" . }}-vpnconfig
+  {{- end }}
+  items:
+    - key: vpnConfigfile
+      path: vpnConfigfile
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/_vpn.tpl
+++ b/charts/library/common/templates/addons/vpn/_vpn.tpl
@ -0,0 +1,45 @@
+{{/*
+Template to render VPN addon
+It will include / inject the required templates based on the given values.
+*/}}
+{{- define "common.addon.vpn" -}}
+{{- if .Values.addons.vpn.enabled -}}
+  {{- if eq "openvpn" .Values.addons.vpn.type -}}
+    {{- include "common.addon.openvpn" . }}
+  {{- end -}}
+
+  {{- if eq "wireguard" .Values.addons.vpn.type -}}
+    {{- include "common.addon.wireguard" . }}
+  {{- end -}}
+
+  {{/* Include the configmap if not empty */}}
+  {{- $configmap := include "common.addon.vpn.configmap" . -}}
+  {{- if $configmap -}}
+    {{- $configmap | nindent 0 -}}
+  {{- end -}}
+
+  {{/* Include the secret if not empty */}}
+  {{- $secret := include "common.addon.vpn.secret" . -}}
+  {{- if $secret -}}
+    {{- $secret | nindent 0 -}}
+  {{- end -}}
+
+  {{/* Append the vpn scripts volume to the volumes */}}
+  {{- $scriptVolume := include "common.addon.vpn.scriptsVolumeSpec" . | fromYaml -}}
+  {{- if $scriptVolume -}}
+    {{- $_ := set .Values.persistence "vpnscript" (dict "enabled" "true" "mountPath" "-" "type" "custom" "volumeSpec" $scriptVolume) -}}
+  {{- end -}}
+
+  {{/* Append the vpn config volume to the volumes */}}
+  {{- $configVolume := include "common.addon.vpn.configVolumeSpec" . | fromYaml }}
+  {{ if $configVolume -}}
+    {{- $_ := set .Values.persistence "vpnconfig" (dict "enabled" "true" "mountPath" "-" "type" "custom" "volumeSpec" $configVolume) -}}
+  {{- end -}}
+
+  {{/* Include the networkpolicy if not empty */}}
+  {{- $networkpolicy := include "common.addon.vpn.networkpolicy" . -}}
+  {{- if $networkpolicy -}}
+    {{- $networkpolicy | nindent 0 -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/openvpn/_addon.tpl
+++ b/charts/library/common/templates/addons/vpn/openvpn/_addon.tpl
@ -0,0 +1,17 @@
+{{/*
+Template to render OpenVPN addon. It will add the container to the list of additionalContainers
+and add a credentials secret if speciffied.
+*/}}
+{{- define "common.addon.openvpn" -}}
+  {{/* Append the openVPN container to the additionalContainers */}}
+  {{- $container := include "common.addon.openvpn.container" . | fromYaml -}}
+  {{- if $container -}}
+    {{- $_ := set .Values.additionalContainers "addon-openvpn" $container -}}
+  {{- end -}}
+
+  {{/* Include the secret if not empty */}}
+  {{- $secret := include "common.addon.openvpn.secret" . -}}
+  {{- if $secret -}}
+    {{- $secret | nindent 0 -}}
+  {{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/openvpn/_container.tpl
+++ b/charts/library/common/templates/addons/vpn/openvpn/_container.tpl
@ -0,0 +1,65 @@
+{{/*
+The OpenVPN sidecar container to be inserted.
+*/}}
+{{- define "common.addon.openvpn.container" -}}
+name: openvpn
+image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}"
+imagePullPolicy: {{ .Values.addons.vpn.openvpn.pullPolicy }}
+{{- with .Values.addons.vpn.securityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.vpn.env }}
+env:
+{{- range $k, $v := . }}
+  - name: {{ $k }}
+    value: {{ $v | quote }}
+{{- end }}
+{{- end }}
+args:
+{{- range .Values.addons.vpn.args }}
+- {{ . | quote }}
+{{- end }}
+{{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }}
+envFrom:
+  - secretRef:
+    {{- if .Values.addons.vpn.openvpn.authSecret }}
+      name: {{ .Values.addons.vpn.openvpn.authSecret }}
+    {{- else }}
+      name: {{ include "common.names.fullname" . }}-openvpn
+    {{- end }}
+{{- end }}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
+volumeMounts:
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret }}
+  - name: vpnconfig
+    mountPath: /vpn/vpn.conf
+    subPath: vpnConfigfile
+{{- end }}
+{{- if .Values.addons.vpn.scripts.up }}
+  - name: vpnscript
+    mountPath: /vpn/up.sh
+    subPath: up.sh
+{{- end }}
+{{- if .Values.addons.vpn.scripts.down }}
+  - name: vpnscript
+    mountPath: /vpn/down.sh
+    subPath: down.sh
+{{- end }}
+{{- if .Values.persistence.shared.enabled }}
+  - mountPath: {{ .Values.persistence.shared.mountPath }}
+    name: shared
+{{- end }}
+{{- with .Values.addons.vpn.additionalVolumeMounts }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- with .Values.addons.vpn.livenessProbe }}
+livenessProbe:
+  {{- toYaml . | nindent 2 }}
+{{- end -}}
+{{- with .Values.addons.vpn.resources }}
+resources:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/openvpn/_secret.tpl
+++ b/charts/library/common/templates/addons/vpn/openvpn/_secret.tpl
@ -0,0 +1,16 @@
+{{/*
+The OpenVPN credentials secrets to be included.
+*/}}
+{{- define "common.addon.openvpn.secret" -}}
+{{- with .Values.addons.vpn.openvpn.auth }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.names.fullname" $ }}-openvpn
+  labels: {{- include "common.labels" $ | nindent 4 }}
+  annotations: {{- include "common.annotations" $ | nindent 4 }}
+data:
+  VPN_AUTH: {{ . | b64enc }}
+{{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/wireguard/_addon.tpl
+++ b/charts/library/common/templates/addons/vpn/wireguard/_addon.tpl
@ -0,0 +1,11 @@
+{{/*
+Template to render Wireguard addon. It will add the container to the list of additionalContainers.
+*/}}
+*/}}
+{{- define "common.addon.wireguard" -}}
+  {{/* Append the Wireguard container to the additionalContainers */}}
+  {{- $container := fromYaml (include "common.addon.wireguard.container" .) -}}
+  {{- if $container -}}
+    {{- $_ := set .Values.additionalContainers "addon-wireguard" $container -}}
+  {{- end -}}
+{{- end -}}
--- a/charts/library/common/templates/addons/vpn/wireguard/_container.tpl
+++ b/charts/library/common/templates/addons/vpn/wireguard/_container.tpl
@ -0,0 +1,56 @@
+{{/*
+The Wireguard sidecar container to be inserted.
+*/}}
+{{- define "common.addon.wireguard.container" -}}
+name: wireguard
+image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}"
+imagePullPolicy: {{ .Values.addons.vpn.wireguard.pullPolicy }}
+{{- with .Values.addons.vpn.securityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.vpn.env }}
+env:
+{{- range $k, $v := . }}
+  - name: {{ $k }}
+    value: {{ $v | quote }}
+{{- end }}
+{{- end }}
+args:
+{{- range .Values.addons.vpn.args }}
+- {{ . | quote }}
+{{- end }}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
+volumeMounts:
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret }}
+  - name: vpnconfig
+    mountPath: /etc/wireguard/wg0.conf
+    subPath: vpnConfigfile
+{{- end }}
+{{- if .Values.addons.vpn.scripts.up }}
+  - name: vpnscript
+    mountPath: /config/up.sh
+    subPath: up.sh
+{{- end }}
+{{- if .Values.addons.vpn.scripts.down }}
+  - name: vpnscript
+    mountPath: /config/down.sh
+    subPath: down.sh
+{{- end }}
+{{- if .Values.persistence.shared.enabled }}
+  - mountPath: {{ .Values.persistence.shared.mountPath }}
+    name: shared
+{{- end }}
+{{- with .Values.addons.vpn.additionalVolumeMounts }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- with .Values.addons.vpn.livenessProbe }}
+livenessProbe:
+  {{- toYaml . | nindent 2 }}
+{{- end -}}
+{{- with .Values.addons.vpn.resources }}
+resources:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}