operator:
  tolerations:
    - key: "node-role.kubernetes.io/master"
      operator: "Exists"
      effect: "NoSchedule"
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Exists"
      effect: "NoSchedule"
    - effect: NoExecute
      key: node-role.kubernetes.io/etcd
      operator: Exists
  nodeSelector: {}
  affinity:
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 1
          preference:
            matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: In
                values: [""]
        - weight: 1
          preference:
            matchExpressions:
              - key: "node-role.kubernetes.io/control-plane"
                operator: In
                values: [""]
  nameOverride: ""
  fullnameOverride: ""
  resourcePrefix: "rancher.io"
  cniBinPath: "/opt/cni/bin"
  clusterType: "kubernetes"
  # minimal amount of time (in minutes) the operator will wait before removing
  # stale SriovNetworkNodeState objects (objects that doesn't match node with the daemon)
  # "0" means no extra delay, in this case the CR will be removed by the next reconcilation cycle (may take up to 5 minutes)
  staleNodeStateCleanupDelayMinutes: "30"
  admissionControllers:
    enabled: false
    certificates:
      secretNames:
        operator: "operator-webhook-cert"
        injector: "network-resources-injector-cert"
      certManager:
        # When enabled, makes use of certificates managed by cert-manager.
        enabled: false
        # When enabled, certificates are generated via cert-manager and then name will match the name of the secrets
        # defined above
        generateSelfSigned: false
      # If not specified, no secret is created and secrets with the names defined above are expected to exist in the
      # cluster. In that case, the ca.crt must be base64 encoded twice since it ends up being an env variable.
      custom:
        enabled: false
        #   operator:
        #     caCrt: |
        #       -----BEGIN CERTIFICATE-----
        #       MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
        #       ...
        #       -----END CERTIFICATE-----
        #     tlsCrt: |
        #       -----BEGIN CERTIFICATE-----
        #       MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
        #       ...
        #       -----END CERTIFICATE-----
        #     tlsKey: |
        #       -----BEGIN EC PRIVATE KEY-----
        #       MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
        #       ...
        #      -----END EC PRIVATE KEY-----
        #   injector:
        #     caCrt: |
        #       -----BEGIN CERTIFICATE-----
        #       MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
        #       ...
        #       -----END CERTIFICATE-----
        #     tlsCrt: |
        #       -----BEGIN CERTIFICATE-----
        #       MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
        #       ...
        #       -----END CERTIFICATE-----
        #     tlsKey: |
        #       -----BEGIN EC PRIVATE KEY-----
        #       MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
        #       ...
        #      -----END EC PRIVATE KEY-----
sriovOperatorConfig:
  # deploy sriovOperatorConfig CR with the below values
  deploy: true
  # node selectors for sriov-network-config-daemon
  configDaemonNodeSelector: {feature.node.kubernetes.io/network-sriov.capable: 'true'}
  # log level for both operator and sriov-network-config-daemon
  logLevel: 2
  # disable node draining when configuring SR-IOV, set to true in case of a single node
  # cluster or any other justifiable reason
  disableDrain: false
  # sriov-network-config-daemon configuration mode. either "daemon" or "systemd"
  configurationMode: daemon
  # feature gates to enable/disable
  featureGates: {}
# Example for supportedExtraNICs values ['MyNIC: "8086 1521 1520"']
supportedExtraNICs: []
# Image URIs for sriov-network-operator components
images:
  operator:
    repository: registry.suse.com/rancher/hardened-sriov-network-operator
    tag: v1.5.0-build20250425
  sriovConfigDaemon:
    repository: registry.suse.com/rancher/hardened-sriov-network-config-daemon
    tag: v1.5.0-build20250425
  sriovCni:
    repository: registry.suse.com/rancher/hardened-sriov-cni
    tag: v2.9.0-build20250425
  ibSriovCni:
    repository: registry.suse.com/rancher/hardened-ib-sriov-cni
    tag: v1.2.1-build20250425
  sriovDevicePlugin:
    repository: registry.suse.com/rancher/hardened-sriov-network-device-plugin
    tag: v3.9.0-build20250425
  resourcesInjector:
    repository: registry.suse.com/rancher/hardened-sriov-network-resources-injector
    tag: v1.7.1-build20250425
  webhook:
    repository: registry.suse.com/rancher/hardened-sriov-network-webhook
    tag: v1.5.0-build20250425
imagePullSecrets: []
extraDeploy: []
global:
  cattle:
    systemDefaultRegistry: ""
  rbac:
    userRoles:
      aggregateToDefaultRoles: false