{{- if not (.Capabilities.APIVersions.Has "k8s.cni.cncf.io/v1/NetworkAttachmentDefinition") -}}
{{- required "rke2-multus is required but not found" "" -}}
{{- end -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "sriov-network-operator.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
  {{- include "sriov-network-operator.labels" . | nindent 4 }}
spec:
  replicas: 1
  selector:
    matchLabels:
      name: sriov-network-operator
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 33%
  template:
    metadata:
      annotations:
        openshift.io/required-scc: restricted-v2
      labels:
        name: sriov-network-operator
    spec:
      {{- with .Values.operator.nodeSelector }}
      nodeSelector:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.operator.affinity }}
      affinity:
        {{- toYaml . | nindent 8}}
      {{- end }}
      {{- with .Values.operator.tolerations }}
      tolerations:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "sriov-network-operator.fullname" . }}
      priorityClassName: "system-node-critical"
      {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
      {{- range .Values.imagePullSecrets }}
      - name: {{ . }}
      {{- end }}
      {{- end }}
      containers:
        - name: {{ include "sriov-network-operator.fullname" . }}
          image: {{ include "system_default_registry" . }}{{ .Values.images.operator.repository }}:{{ .Values.images.operator.tag }}
          command:
            - sriov-network-operator
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
          env:
            - name: WATCH_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: SRIOV_CNI_IMAGE
              value: {{ include "system_default_registry" . }}{{ .Values.images.sriovCni.repository }}:{{ .Values.images.sriovCni.tag }}
            - name: SRIOV_INFINIBAND_CNI_IMAGE
              value: {{ include "system_default_registry" . }}{{ .Values.images.ibSriovCni.repository }}:{{ .Values.images.ibSriovCni.tag }}
            - name: SRIOV_DEVICE_PLUGIN_IMAGE
              value: {{ include "system_default_registry" . }}{{ .Values.images.sriovDevicePlugin.repository }}:{{ .Values.images.sriovDevicePlugin.tag }}
            - name: NETWORK_RESOURCES_INJECTOR_IMAGE
              value: {{ include "system_default_registry" . }}{{ .Values.images.resourcesInjector.repository }}:{{ .Values.images.resourcesInjector.tag }}
            - name: OPERATOR_NAME
              value: sriov-network-operator
            - name: SRIOV_NETWORK_CONFIG_DAEMON_IMAGE
              value: {{ include "system_default_registry" . }}{{ .Values.images.sriovConfigDaemon.repository }}:{{ .Values.images.sriovConfigDaemon.tag }}
            - name: SRIOV_NETWORK_WEBHOOK_IMAGE
              value: {{ include "system_default_registry" . }}{{ .Values.images.webhook.repository }}:{{ .Values.images.webhook.tag }}
            - name: RESOURCE_PREFIX
              value: {{ .Values.operator.resourcePrefix }}
            - name: IMAGE_PULL_SECRETS
              value: {{ join "," .Values.imagePullSecrets }}
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: RELEASE_VERSION
              value: {{ .Release.AppVersion }}
            - name: SRIOV_CNI_BIN_PATH
              value: {{ .Values.operator.cniBinPath }}
            - name: CLUSTER_TYPE
              value: {{ .Values.operator.clusterType }}
        {{- if .Values.operator.admissionControllers.enabled }}
            - name: ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_SECRET_NAME
              value: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
            - name: ADMISSION_CONTROLLERS_CERTIFICATES_INJECTOR_SECRET_NAME
              value: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
        {{- if .Values.operator.admissionControllers.certificates.certManager.enabled }}
            - name: ADMISSION_CONTROLLERS_CERTIFICATES_CERT_MANAGER_ENABLED
              value: {{ .Values.operator.admissionControllers.certificates.certManager.enabled | quote }}
        {{- else }}
            - name: ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_CA_CRT
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
                  key: ca.crt
            - name: ADMISSION_CONTROLLERS_CERTIFICATES_INJECTOR_CA_CRT
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
                  key: ca.crt
        {{- end }}
        {{- end }}