apiVersion: apps/v1
kind: Deployment
metadata:
  name: cis-operator
  namespace: {{ template "cis.namespace" . }}
  labels:
    cis.cattle.io/operator: cis-operator
spec:
  selector:
    matchLabels:
      cis.cattle.io/operator: cis-operator
  template:
    metadata:
      labels:
        cis.cattle.io/operator: cis-operator
    spec:
      serviceAccountName: cis-operator-serviceaccount
      containers:
      - name: cis-operator
        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
        imagePullPolicy: Always
        ports:
        - name: cismetrics
          containerPort: {{ .Values.alerts.metricsPort }}
        env:
        - name: SECURITY_SCAN_IMAGE
          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
        - name: SECURITY_SCAN_IMAGE_TAG
          value: {{ .Values.image.securityScan.tag }}
        - name: SONOBUOY_IMAGE
          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
        - name: SONOBUOY_IMAGE_TAG
          value: {{ .Values.image.sonobuoy.tag }}
        - name: CIS_ALERTS_METRICS_PORT
          value: '{{ .Values.alerts.metricsPort }}'
        - name: CIS_ALERTS_SEVERITY
          value: {{ .Values.alerts.severity }}
        - name: CIS_ALERTS_ENABLED
          value: {{ .Values.alerts.enabled | default "false" | quote }}
        - name: CLUSTER_NAME
          value: {{ .Values.global.cattle.clusterName }}
        resources:
          {{- toYaml .Values.resources | nindent 12 }}
      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
{{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
      {{- with .Values.affinity }}
      affinity:
      {{- toYaml . | nindent 8 }}
      {{- end }}