From 691099c24546fcb1658c8640bab263627685bcd5 Mon Sep 17 00:00:00 2001
From: Vincent Boutour <bob@vibioh.fr>
Date: Sat, 30 Dec 2023 10:46:21 +0100
Subject: [PATCH] fix(remote): Providing values in the deployment template

Signed-off-by: Vincent Boutour <bob@vibioh.fr>
---
 charts/cloudflare-tunnel-remote/Chart.yaml    |  2 +-
 .../templates/deployment.yaml                 | 97 +++++++++++++------
 2 files changed, 70 insertions(+), 29 deletions(-)

diff --git a/charts/cloudflare-tunnel-remote/Chart.yaml b/charts/cloudflare-tunnel-remote/Chart.yaml
index 85c403f..c848041 100644
--- a/charts/cloudflare-tunnel-remote/Chart.yaml
+++ b/charts/cloudflare-tunnel-remote/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.1.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/cloudflare-tunnel-remote/templates/deployment.yaml b/charts/cloudflare-tunnel-remote/templates/deployment.yaml
index 354b599..0b1d1a9 100644
--- a/charts/cloudflare-tunnel-remote/templates/deployment.yaml
+++ b/charts/cloudflare-tunnel-remote/templates/deployment.yaml
@@ -21,33 +21,74 @@ spec:
       labels:
         pod: cloudflared
     spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
       serviceAccountName: {{ include "cloudflare-tunnel-remote.fullname" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+
       containers:
-      - name: cloudflared
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        command:
-          - cloudflared
-          - tunnel
-          # We can regulate the cloudflared version via an image tag.
-          - --no-autoupdate
-          # In a k8s environment, the metrics server needs to listen outside the pod it runs on.
-          # The address 0.0.0.0:2000 allows any pod in the namespace.
-          - --metrics
-          - 0.0.0.0:2000
-          - run
-        env:
-        - name: TUNNEL_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "cloudflare-tunnel-remote.fullname" . }}
-              key: tunnelToken
-        livenessProbe:
-          httpGet:
-            # Cloudflared has a /ready endpoint which returns 200 if and only if
-            # it has an active connection to the edge.
-            path: /ready
-            port: 2000
-          failureThreshold: 1
-          initialDelaySeconds: 10
-          periodSeconds: 10
+        - name: cloudflared
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - cloudflared
+            - tunnel
+            # We can regulate the cloudflared version via an image tag.
+            - --no-autoupdate
+            # In a k8s environment, the metrics server needs to listen outside the pod it runs on.
+            # The address 0.0.0.0:2000 allows any pod in the namespace.
+            - --metrics
+            - 0.0.0.0:2000
+            - run
+          env:
+          - name: TUNNEL_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "cloudflare-tunnel-remote.fullname" . }}
+                key: tunnelToken
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          livenessProbe:
+            httpGet:
+              # Cloudflared has a /ready endpoint which returns 200 if and only if
+              # it has an active connection to the edge.
+              path: /ready
+              port: 2000
+            failureThreshold: 1
+            initialDelaySeconds: 10
+            periodSeconds: 10
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      affinity:
+        {{- with .Values.affinity }}
+        {{- toYaml . | nindent 8 }}
+        {{- else }}
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 10
+              podAffinityTerm:
+                topologyKey: kubernetes.io/hostname
+                labelSelector:
+                  matchExpressions:
+                  {{- range $k, $v := include "cloudflare-tunnel-remote.selectorLabels" . | fromYaml }}
+                    - key: {{ $k }}
+                      operator: In
+                      values:
+                        - {{ $v }}
+                  {{- end }}
+      {{- end }}
+
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}