{{- $olmCRDFound := false }} 
{{- $nsLookup := len (lookup "v1" "Namespace" "" "") }} 
{{- range $index, $crdLookup := (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "").items -}}{{ if eq $crdLookup.metadata.name "operators.operators.coreos.com"}}{{ $olmCRDFound = true }}{{ end }}{{end}} 
{{ if and (not $olmCRDFound) (not (eq $nsLookup 0))}}{{ fail "CRDs missing! Please deploy CRDs from https://github.com/pixie-io/pixie/tree/main/k8s/operator/helm/crds to continue with deploy." }}{{end}} 
{{- $lookupLen := 0 -}}{{- $opLookup := (lookup "operators.coreos.com/v1" "OperatorGroup" "" "").items -}}{{if $opLookup }}{{ $lookupLen = len $opLookup }}{{ end }}
{{ if (or (eq (.Values.deployOLM | toString) "true") (and (not (eq (.Values.deployOLM | toString) "false")) (eq $lookupLen 0))) }}
{{ if not (eq .Values.olmNamespace .Release.Namespace) }}
---
apiVersion: v1
kind: Namespace
metadata:
  name: {{ .Values.olmNamespace }}
{{ end }}
---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: olm-operator-serviceaccount
  namespace: {{ .Values.olmNamespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:controller:operator-lifecycle-manager
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]
- nonResourceURLs: ["*"]
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: olm-operator-cluster-binding-olm
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:controller:operator-lifecycle-manager
subjects:
- kind: ServiceAccount
  name: olm-operator-serviceaccount
  namespace: {{ .Values.olmNamespace }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: olm-operator
  namespace: {{ .Values.olmNamespace }}
  labels:
    app: olm-operator
spec:
  strategy:
    type: RollingUpdate
  replicas: 1
  selector:
    matchLabels:
      app: olm-operator
  template:
    metadata:
      labels:
        app: olm-operator
    spec:
      serviceAccountName: olm-operator-serviceaccount
      containers:
        - name: olm-operator
          command:
          - /bin/olm
          args:
          - --namespace
          - $(OPERATOR_NAMESPACE)
          - --writeStatusName
          - ""
          image: {{ if .Values.registry }}{{ .Values.registry }}/quay.io-operator-framework-{{ else }}quay.io/operator-framework/{{ end }}olm@sha256:1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
          ports:
            - containerPort: 8080
            - containerPort: 8081
              name: metrics
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8080
          readinessProbe:
            httpGet:
              path: /healthz
              port: 8080
          terminationMessagePolicy: FallbackToLogsOnError
          env:
          - name: OPERATOR_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: OPERATOR_NAME
            value: olm-operator
          resources:
            requests:
              cpu: 10m
              memory: 160Mi
      nodeSelector:
        kubernetes.io/os: linux
      tolerations:
      - key: "kubernetes.io/arch"
        operator: "Equal"
        value: "amd64"
        effect: "NoSchedule"
      - key: "kubernetes.io/arch"
        operator: "Equal"
        value: "amd64"
        effect: "NoExecute"
      - key: "kubernetes.io/arch"
        operator: "Equal"
        value: "arm64"
        effect: "NoSchedule"
      - key: "kubernetes.io/arch"
        operator: "Equal"
        value: "arm64"
        effect: "NoExecute"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: catalog-operator
  namespace: {{ .Values.olmNamespace }}
  labels:
    app: catalog-operator
spec:
  strategy:
    type: RollingUpdate
  replicas: 1
  selector:
    matchLabels:
      app: catalog-operator
  template:
    metadata:
      labels:
        app: catalog-operator
    spec:
      serviceAccountName: olm-operator-serviceaccount
      containers:
        - name: catalog-operator
          command:
          - /bin/catalog
          args:
          - '--namespace'
          - {{ .Values.olmNamespace }}
          - --configmapServerImage={{ if .Values.registry }}{{ .Values.registry }}/quay.io-operator-framework-{{ else }}quay.io/operator-framework/{{ end }}configmap-operator-registry:latest
          - --util-image
          -  {{ if .Values.registry }}{{ .Values.registry }}/quay.io-operator-framework-{{ else }}quay.io/operator-framework/{{ end }}olm@sha256:1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
          - --opmImage
          -  {{ if .Values.registry }}{{ .Values.registry }}/quay.io-operator-framework-{{ else }}quay.io/operator-framework/{{ end }}opm@sha256:d999588bd4e9509ec9e75e49adfb6582d256e9421e454c7fb5e9fe57e7b1aada
          image: {{ if .Values.registry }}{{ .Values.registry }}/quay.io-operator-framework-{{ else }}quay.io/operator-framework/{{ end }}olm@sha256:1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 8080
            - containerPort: 8081
              name: metrics
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8080
          readinessProbe:
            httpGet:
              path: /healthz
              port: 8080
          terminationMessagePolicy: FallbackToLogsOnError
          env:
          resources:
            requests:
              cpu: 10m
              memory: 80Mi
      nodeSelector:
        kubernetes.io/os: linux
      tolerations:
      - key: "kubernetes.io/arch"
        operator: "Equal"
        value: "amd64"
        effect: "NoSchedule"
      - key: "kubernetes.io/arch"
        operator: "Equal"
        value: "amd64"
        effect: "NoExecute"
      - key: "kubernetes.io/arch"
        operator: "Equal"
        value: "arm64"
        effect: "NoSchedule"
      - key: "kubernetes.io/arch"
        operator: "Equal"
        value: "arm64"
        effect: "NoExecute"
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: aggregate-olm-edit
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups: ["operators.coreos.com"]
  resources: ["subscriptions"]
  verbs: ["create", "update", "patch", "delete"]
- apiGroups: ["operators.coreos.com"]
  resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"]
  verbs: ["delete"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: aggregate-olm-view
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups: ["operators.coreos.com"]
  resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["packages.operators.coreos.com"]
  resources: ["packagemanifests", "packagemanifests/icon"]
  verbs: ["get", "list", "watch"]
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: olm-operators
  namespace: {{ .Values.olmNamespace }}
spec:
  targetNamespaces:
    - {{ .Values.olmNamespace }}
{{- end}}