{{- if .Values.installTVK.enabled }}
{{- if not (lookup "triliovault.trilio.io/v1" "TrilioVaultManager" "" "").items }}
    {{template "k8s-triliovault-operator.tlsSecretValidation" .}}
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
  name: "triliovault-manager"
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/hook": pre-install
spec:
  applicationScope: {{ .Values.installTVK.applicationScope }}
  {{- if .Values.installTVK.tvkInstanceName }}
  tvkInstanceName: {{ .Values.installTVK.tvkInstanceName }}
  {{- end }}
  {{- if or .Values.imagePullSecret .Values.svcAccountName .Values.observability.enabled }}
  helmValues:
    {{- if .Values.observability.enabled }}
    observability:
      name: {{ .Values.observability.name }}
      namespace: {{ default .Release.Namespace  }}
    {{- end }}
    {{- if include "k8s-triliovault-operator.imagePullSecret" . }}
    imagePullSecret: {{ template "k8s-triliovault-operator.imagePullSecret" . }}
    {{- end }}
    {{- if .Values.svcAccountName }}
    svcAccountName: {{ .Values.svcAccountName }}
    {{- end }}
  {{- end }}
  {{- if .Values.nodeSelector }}
  nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 4 }}
  {{- end }}
  {{- if .Values.affinity }}
  affinity:
  {{- toYaml .Values.affinity | nindent 4 }}
  {{- end }}
  {{- if .Values.tolerations }}
  tolerations:
  {{- toYaml .Values.tolerations | nindent 4 }}
  {{- end }}
  # User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
  ingressConfig:
    {{- if and (gt (len .Values.installTVK.ingressConfig.annotations) 0) (not .Values.installTVK.ComponentConfiguration.ingressController.enabled) }}
    annotations:
    {{- range $key, $value := .Values.installTVK.ingressConfig.annotations }}
      {{ $key }}: {{ $value | quote }}
    {{- end -}}
    {{- end }}
    host: {{ .Values.installTVK.ingressConfig.host | quote }}
    {{- if not .Values.installTVK.ComponentConfiguration.ingressController.enabled }}
    ingressClass: {{ .Values.installTVK.ingressConfig.ingressClass | quote }}
    {{- end }}
    {{- if .Values.installTVK.ingressConfig.tlsSecretName }}
    tlsSecretName: {{ .Values.installTVK.ingressConfig.tlsSecretName | quote }}
    {{- end }}
  # TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
  # User can configure resources for all componentes and can configure service type and host for the ingress-controller
  componentConfiguration:
    ingress-controller:
      enabled: {{ .Values.installTVK.ComponentConfiguration.ingressController.enabled }}
      service:
        type: {{ .Values.installTVK.ComponentConfiguration.ingressController.service.type }}
{{- end -}}
{{- end -}}