feat(common): add settings property to addons schema (#44937)

The addons schema structure needed explicit support for addon-specific
settings as a sub-key, allowing consistent configuration patterns across
all addon types.

## Changes

- **addons.json**: Added `settings` property to the main addon schema
definition with `additionalProperties: true` for flexibility across
addon types
- **tailscale.json**: Already contains complete settings schema with all
11 configuration keys (config, authkey, userspace, auth_once,
accept_dns, routes, dest_ip, sock5_server, extra_args,
daemon_extra_args, outbound_http_proxy_listen)

## Schema Structure

```yaml
addons:
  tailscale:
    enabled: true
    container: { ... }
    settings:           # Now explicitly recognized in schema
      authkey: "..."
      userspace: true
      routes: "..."
      # ... other addon-specific settings
```

The settings property provides a standardized location for
addon-specific configuration while maintaining backward compatibility
through `additionalProperties`.

<!-- START COPILOT CODING AGENT TIPS -->
---

💡 You can make Copilot smarter by setting up custom instructions,
customizing its development environment and configuring Model Context
Protocol (MCP) servers. Learn more [Copilot coding agent
tips](https://gh.io/copilot-coding-agent-tips) in the docs.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: PrivatePuffin <7613738+PrivatePuffin@users.noreply.github.com>

Author: Copilot

charts/library/common-test/tests/addons/tailscale_test.yaml

@@ -32,9 +32,8 @@ tests:
       addons:
         tailscale:
           enabled: true
-          container:
-            env:
-              TS_AUTH_KEY: something
+          settings:
+            authkey: something
     asserts:
       - hasDocuments:
           count: 2
@@ -143,10 +142,9 @@ tests:
       addons:
         tailscale:
           enabled: true
-          container:
-            env:
-              TS_AUTH_KEY: something
-              TS_USERSPACE: false
+          settings:
+            authkey: something
+            userspace: false
     asserts:
       - hasDocuments:
           count: 2
@@ -238,9 +236,8 @@ tests:
       addons:
         tailscale:
           enabled: true
-          container:
-            env:
-              TS_AUTH_KEY: something
+          settings:
+            authkey: something
     asserts:
       - hasDocuments:
           count: 2

charts/library/common/complete-values-structure.yaml

@@ -1647,17 +1647,18 @@ addons:
     enabled: false
     targetSelector:
       - "main"
-    config: ""
-    authkey: ""
-    userspace: true
-    auth_once: true
-    accept_dns: false
-    routes: ""
-    dest_ip: ""
-    sock5_server: ""
-    extra_args: ""
-    daemon_extra_args: ""
-    outbound_http_proxy_listen: ""
+    settings:
+      config: ""
+      authkey: ""
+      userspace: true
+      auth_once: true
+      accept_dns: false
+      routes: ""
+      dest_ip: ""
+      sock5_server: ""
+      extra_args: ""
+      daemon_extra_args: ""
+      outbound_http_proxy_listen: ""
     annotations: {}
     container:
       enabled: true
@@ -1677,16 +1678,6 @@ addons:
         TS_KUBE_SECRET: ""
         TS_SOCKET: "/var/run/tailscale/tailscaled.sock"
         TS_STATE_DIR: "/var/lib/tailscale/state"
-        TS_USERSPACE: true
-        TS_AUTH_ONCE: true
-        TS_ACCEPT_DNS: false
-        TS_AUTH_KEY: ""
-        TS_TAILSCALED_EXTRA_ARGS: ""
-        TS_EXTRA_ARGS: ""
-        TS_SOCKS5_SERVER: ""
-        TS_DEST_IP: ""
-        TS_ROUTES: ""
-        TS_OUTBOUND_HTTP_PROXY_LISTEN: ""
       securityContext:
         capabilities:
           add:

charts/library/common/schemas/addons.json

@@ -48,6 +48,12 @@
             "properties": {},
             "additionalProperties": true,
             "description": "Define additional options for the ingress See ingress options in the [ingress](/truecharts-common/ingress) section."
+          },
+          "settings": {
+            "type": "object",
+            "properties": {},
+            "additionalProperties": true,
+            "description": "Addon-specific settings that vary by addon type"
           }
         },
         "additionalProperties": true,

charts/library/common/schemas/addons/tailscale.json

@@ -17,10 +17,6 @@
       },
       "description": "Addons to the workloads"
     },
-    "config": {
-      "type": "string",
-      "description": "Configuration for `addons.tailscale.config`."
-    },
     "container": {
       "type": "object",
       "properties": {
@@ -133,45 +129,56 @@
       "additionalProperties": true,
       "description": "Addons to the workloads"
     },
-    "authkey": {
-      "type": "string",
-      "description": "Configuration for `addons.tailscale.authkey`."
-    },
-    "userspace": {
-      "type": "boolean",
-      "description": "Configuration for `addons.tailscale.userspace`."
-    },
-    "auth_once": {
-      "type": "boolean",
-      "description": "Configuration for `addons.tailscale.auth_once`."
-    },
-    "accept_dns": {
-      "type": "boolean",
-      "description": "Configuration for `addons.tailscale.accept_dns`."
-    },
-    "routes": {
-      "type": "string",
-      "description": "Configuration for `addons.tailscale.routes`."
-    },
-    "dest_ip": {
-      "type": "string",
-      "description": "Configuration for `addons.tailscale.dest_ip`."
-    },
-    "sock5_server": {
-      "type": "string",
-      "description": "Configuration for `addons.tailscale.sock5_server`."
-    },
-    "extra_args": {
-      "type": "string",
-      "description": "Configuration for `addons.tailscale.extra_args`."
-    },
-    "daemon_extra_args": {
-      "type": "string",
-      "description": "Configuration for `addons.tailscale.daemon_extra_args`."
-    },
-    "outbound_http_proxy_listen": {
-      "type": "string",
-      "description": "Configuration for `addons.tailscale.outbound_http_proxy_listen`."
+    "settings": {
+      "type": "object",
+      "properties": {
+        "config": {
+          "type": "string",
+          "description": "Configuration for `addons.tailscale.settings.config`."
+        },
+        "authkey": {
+          "type": "string",
+          "description": "Configuration for `addons.tailscale.settings.authkey`."
+        },
+        "userspace": {
+          "type": "boolean",
+          "description": "Configuration for `addons.tailscale.settings.userspace`."
+        },
+        "auth_once": {
+          "type": "boolean",
+          "description": "Configuration for `addons.tailscale.settings.auth_once`."
+        },
+        "accept_dns": {
+          "type": "boolean",
+          "description": "Configuration for `addons.tailscale.settings.accept_dns`."
+        },
+        "routes": {
+          "type": "string",
+          "description": "Configuration for `addons.tailscale.settings.routes`."
+        },
+        "dest_ip": {
+          "type": "string",
+          "description": "Configuration for `addons.tailscale.settings.dest_ip`."
+        },
+        "sock5_server": {
+          "type": "string",
+          "description": "Configuration for `addons.tailscale.settings.sock5_server`."
+        },
+        "extra_args": {
+          "type": "string",
+          "description": "Configuration for `addons.tailscale.settings.extra_args`."
+        },
+        "daemon_extra_args": {
+          "type": "string",
+          "description": "Configuration for `addons.tailscale.settings.daemon_extra_args`."
+        },
+        "outbound_http_proxy_listen": {
+          "type": "string",
+          "description": "Configuration for `addons.tailscale.settings.outbound_http_proxy_listen`."
+        }
+      },
+      "additionalProperties": true,
+      "description": "Tailscale settings"
     },
     "annotations": {
       "type": "object",

charts/library/common/templates/addons/_tailscale.tpl

@@ -5,13 +5,52 @@ It will include / inject the required templates based on the given values.
 {{- define "tc.v1.common.addon.tailscale" -}}
   {{- $ts := $.Values.addons.tailscale -}}
   {{- if $ts.enabled -}}
+    {{- $settings := $ts.settings | default dict -}}
+    
+    {{/* Merge settings into environment variables */}}
+    {{- $env := $ts.container.env | default dict -}}
+    {{- if $settings.config -}}
+      {{- $_ := set $env "TS_CONFIG" $settings.config -}}
+    {{- end -}}
+    {{- if $settings.authkey -}}
+      {{- $_ := set $env "TS_AUTH_KEY" $settings.authkey -}}
+    {{- end -}}
+    {{- if hasKey $settings "userspace" -}}
+      {{- $_ := set $env "TS_USERSPACE" $settings.userspace -}}
+    {{- end -}}
+    {{- if hasKey $settings "auth_once" -}}
+      {{- $_ := set $env "TS_AUTH_ONCE" $settings.auth_once -}}
+    {{- end -}}
+    {{- if hasKey $settings "accept_dns" -}}
+      {{- $_ := set $env "TS_ACCEPT_DNS" $settings.accept_dns -}}
+    {{- end -}}
+    {{- if $settings.routes -}}
+      {{- $_ := set $env "TS_ROUTES" $settings.routes -}}
+    {{- end -}}
+    {{- if $settings.dest_ip -}}
+      {{- $_ := set $env "TS_DEST_IP" $settings.dest_ip -}}
+    {{- end -}}
+    {{- if $settings.sock5_server -}}
+      {{- $_ := set $env "TS_SOCKS5_SERVER" $settings.sock5_server -}}
+    {{- end -}}
+    {{- if $settings.extra_args -}}
+      {{- $_ := set $env "TS_EXTRA_ARGS" $settings.extra_args -}}
+    {{- end -}}
+    {{- if $settings.daemon_extra_args -}}
+      {{- $_ := set $env "TS_TAILSCALED_EXTRA_ARGS" $settings.daemon_extra_args -}}
+    {{- end -}}
+    {{- if $settings.outbound_http_proxy_listen -}}
+      {{- $_ := set $env "TS_OUTBOUND_HTTP_PROXY_LISTEN" $settings.outbound_http_proxy_listen -}}
+    {{- end -}}
+    {{- $_ := set $ts.container "env" $env -}}
+
     {{- $secContext := dict -}}
     {{- $_ := set $secContext "runAsUser" 0 -}}
     {{- $_ := set $secContext "runAsGroup" 0 -}}
     {{- $_ := set $secContext "runAsNonRoot" true -}}
     {{- $_ := set $secContext "readOnlyRootFilesystem" false -}}
 
-    {{- if and $ts.container.env ($ts.container.env.TS_USERSPACE) -}}
+    {{- if and $env ($env.TS_USERSPACE) -}}
       {{- $_ := set $secContext "runAsUser" 1000 -}}
       {{- $_ := set $secContext "runAsGroup" 1000 -}}
       {{- $_ := set $secContext "runAsNonRoot" false -}}

charts/library/common/values.yaml

@@ -1021,8 +1021,6 @@ addons:
     enabled: false
     targetSelector:
       - main
-    # -- you can directly specify the config file here
-    config: ""
     container:
       enabled: true
       imageSelector: "tailscaleImage"
@@ -1046,34 +1044,28 @@ addons:
         TS_KUBE_SECRET: ""
         TS_SOCKET: /var/run/tailscale/tailscaled.sock
         TS_STATE_DIR: /var/lib/tailscale/state
-        TS_USERSPACE: true
-        TS_AUTH_ONCE: true
-        TS_ACCEPT_DNS: false
-        TS_AUTH_KEY: ""
-        TS_TAILSCALED_EXTRA_ARGS: ""
-        TS_EXTRA_ARGS: ""
-        TS_SOCKS5_SERVER: ""
-        TS_DEST_IP: ""
-        TS_ROUTES: ""
-        TS_OUTBOUND_HTTP_PROXY_LISTEN: ""
       securityContext:
         capabilities:
           add:
             - NET_ADMIN
             - NET_RAW
 
-    # -- Auth key to connect to the VPN Service
-    authkey: ""
-    # As a sidecar, it should only need to run in userspace
-    userspace: true
-    auth_once: true
-    accept_dns: false
-    routes: ""
-    dest_ip: ""
-    sock5_server: ""
-    extra_args: ""
-    daemon_extra_args: ""
-    outbound_http_proxy_listen: ""
+    # -- Tailscale settings
+    settings:
+      # -- you can directly specify the config file here
+      config: ""
+      # -- Auth key to connect to the VPN Service
+      authkey: ""
+      # As a sidecar, it should only need to run in userspace
+      userspace: true
+      auth_once: true
+      accept_dns: false
+      routes: ""
+      dest_ip: ""
+      sock5_server: ""
+      extra_args: ""
+      daemon_extra_args: ""
+      outbound_http_proxy_listen: ""
     # -- Annotations for tailscale sidecar
     annotations: {}