twingate-helm-deploy

Purpose

Deploy the Twingate Connector into Kubernetes using Helm charts and declarative values.

Part of the FlatRacoon Network Stack.

Architecture

                    ┌─────────────────────┐
                    │   Twingate Cloud    │
                    └──────────┬──────────┘
                               │
                    ┌──────────▼──────────┐
                    │  Twingate Connector │
                    │    (This Module)    │
                    └──────────┬──────────┘
                               │
              ┌────────────────┼────────────────┐
              │                │                │
     ┌────────▼────────┐ ┌─────▼─────┐ ┌───────▼───────┐
     │   ZeroTier      │ │   IPFS    │ │   Services    │
     │   Overlay       │ │   Nodes   │ │   (K8s)       │
     └─────────────────┘ └───────────┘ └───────────────┘

Components

• Helm chart configuration - Declarative Twingate Connector deployment

• Values templates - Environment-specific configurations

• Deployment scripts - Automated rollout via Just/mustfile

• RBAC manifests - Kubernetes role bindings

• Network policies - Ingress/egress rules

Directory Structure

twingate-helm-deploy/
├── charts/
│   └── twingate-connector/
│       ├── Chart.yaml
│       ├── values.yaml
│       ├── templates/
│       │   ├── deployment.yaml
│       │   ├── service.yaml
│       │   ├── serviceaccount.yaml
│       │   ├── rbac.yaml
│       │   └── networkpolicy.yaml
│       └── README.md
├── configs/
│   ├── base.ncl           # Nickel base configuration
│   ├── production.ncl
│   └── staging.ncl
├── Justfile
├── README.adoc
├── .machine_readable/6a2/STATE.a2ml
├── .machine_readable/6a2/META.a2ml
└── .machine_readable/6a2/ECOSYSTEM.a2ml

Inputs

Input	Description	Source
TWINGATE_ACCESS_TOKEN	Connector authentication token	poly-secret-mcp / Vault
TWINGATE_REFRESH_TOKEN	Token refresh credential	poly-secret-mcp / Vault
KUBERNETES_CONTEXT	Target cluster context	kubeconfig
Helm values	Configuration overrides	configs/*.ncl

Outputs

Output	Description
Running Twingate Connector pod	Establishes secure tunnel to Twingate network
Secure access layer	Enables zero-trust access to cluster resources
Health metrics	Prometheus-compatible metrics endpoint
Audit logs	Access logs for compliance

Integration Points

With FlatRacoon Stack

• zerotier-k8s-link - Connector routes traffic to ZeroTier overlay

• ipfs-overlay - IPFS nodes accessible via Twingate

• poly-secret-mcp - Credentials retrieved from Vault

• poly-k8s-mcp - Deployment orchestrated via MCP

Machine-Readable Manifest

{
  "module": "twingate-helm-deploy",
  "version": "0.1.0",
  "layer": "access",
  "requires": ["kubernetes", "helm"],
  "provides": ["secure-access", "zero-trust-ingress"],
  "config_schema": "configs/schema.ncl",
  "health_endpoint": "/health",
  "metrics_endpoint": "/metrics"
}

Quick Start

# 1. Set credentials (via poly-secret-mcp or directly)
export TWINGATE_ACCESS_TOKEN="..."
export TWINGATE_REFRESH_TOKEN="..."

# 2. Deploy with Just
just deploy production

# 3. Verify
just health-check

Status

Phase	Production-ready
Completion	100%
Next	Helm chart alternatives, automated failover testing

License

PMPL-1.0-or-later

Architecture

See TOPOLOGY.md for a visual architecture map and completion dashboard.