diff --git a/helm/templates/strimzi/zookeeper-entrance-deployment.yaml b/helm/templates/strimzi/zookeeper-entrance-deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a0c2841760aa641b1f1105863465a08069d164bd
--- /dev/null
+++ b/helm/templates/strimzi/zookeeper-entrance-deployment.yaml
@@ -0,0 +1,71 @@
+{{- if .Values.strimzi.zookeeper.zooEntrance.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "theodolite.fullname" . }}-kafka-zoo-entrance
+ labels:
+ app: zoo-entrance
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: zoo-entrance
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app: zoo-entrance
+ spec:
+ containers:
+ - name: zoo-entrance
+ image: 'ghcr.io/scholzj/zoo-entrance:latest'
+ command:
+ - /opt/stunnel/stunnel_run.sh
+ ports:
+ - containerPort: 2181
+ name: zoo
+ protocol: TCP
+ env:
+ - name: LOG_LEVEL
+ value: notice
+ - name: STRIMZI_ZOOKEEPER_CONNECT
+ value: {{ template "theodolite.fullname" . }}-kafka-zookeeper-client:2181
+ imagePullPolicy: Always
+ livenessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '2181'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '2181'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ volumeMounts:
+ - mountPath: /etc/cluster-operator-certs/
+ name: cluster-operator-certs
+ - mountPath: /etc/cluster-ca-certs/
+ name: cluster-ca-certs
+ restartPolicy: Always
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - name: cluster-operator-certs
+ secret:
+ defaultMode: 288
+ secretName: {{ template "theodolite.fullname" . }}-kafka-cluster-operator-certs
+ - name: cluster-ca-certs
+ secret:
+ defaultMode: 288
+ secretName: {{ template "theodolite.fullname" . }}-kafka-cluster-ca-cert
+{{- end }}
diff --git a/helm/templates/strimzi/zookeeper-entrance-network.yaml b/helm/templates/strimzi/zookeeper-entrance-network.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..604095c1ab3f5e207666383e23dfb8f006b196ae
--- /dev/null
+++ b/helm/templates/strimzi/zookeeper-entrance-network.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.strimzi.zookeeper.zooEntrance.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app: zoo-entrance
+ name: {{ template "theodolite.fullname" . }}-kafka-zoo-entrance
+spec:
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ app: zoo-entrance
+ ports:
+ - port: 2181
+ protocol: TCP
+ podSelector:
+ matchLabels:
+ strimzi.io/name: {{ template "theodolite.fullname" . }}-kafka-zookeeper
+ policyTypes:
+ - Ingress
+{{- end }}
diff --git a/helm/templates/strimzi/zookeeper-entrance-service.yaml b/helm/templates/strimzi/zookeeper-entrance-service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..bbb466c3d9ad4e7ff9cb012aaaa95ad9a5380a6e
--- /dev/null
+++ b/helm/templates/strimzi/zookeeper-entrance-service.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.strimzi.zookeeper.zooEntrance.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: zoo-entrance
+ name: {{ template "theodolite.fullname" . }}-kafka-zoo-entrance
+spec:
+ ports:
+ - name: zoo
+ port: 2181
+ protocol: TCP
+ targetPort: 2181
+ selector:
+ app: zoo-entrance
+ type: ClusterIP
+{{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
index cc27be1d6d02331631ac9836d54ab91c1d015785..9bb2cc264bc99b5dd65d0b9f6f0c41595af51af7 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -176,6 +176,8 @@ strimzi:
zookeeper:
replicas: 3
+ zooEntrance:
+ enabled: true
###