feat(helm): add WireGuard deployment and service templates

Privileged deployment with NET_ADMIN, sysctl ip_forward, tun device mount, and UDP LoadBalancer service on port 51820. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 18:48:02 -05:00
parent e3130059b6
commit 491f314b7d
2 changed files with 90 additions and 0 deletions
--- a/infrastructure/helm/templates/wireguard-service.yaml
+++ b/infrastructure/helm/templates/wireguard-service.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.wireguard.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "tod.fullname" . }}-wireguard
+  labels:
+    {{- include "tod.componentLabels" (dict "context" . "component" "wireguard") | nindent 4 }}
+spec:
+  type: {{ .Values.wireguard.service.type | default "LoadBalancer" }}
+  ports:
+    - name: wireguard
+      port: {{ .Values.wireguard.service.port }}
+      targetPort: wireguard
+      protocol: UDP
+  selector:
+    {{- include "tod.componentSelectorLabels" (dict "context" . "component" "wireguard") | nindent 4 }}
+{{- end }}