apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "sink.fullname" . }}
  labels:
    release: {{ .Release.Name }}
    app: {{ include "sink.name" . }}
    chart: {{ .Chart.Name }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: {{ include "sink.name" . }}
      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ include "sink.name" . }}
        release: {{ .Release.Name }}
      annotations:
        k8s.v1.cni.cncf.io/networks: '[
          { "name": "host-device-{{ .Values.global.protectedNetPortVsn }}",
            "interface": "veth22" }
          ]'
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              {{- range .Values.global.nodeAffinity }}
              - key: {{ .label.labelkey }}
                operator: {{ .label.op }}
                values:
                {{- range .label.labelvalues }}
                - {{ . }}
                {{- end }}
              {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          tty: true
          stdin: true
          env:
            - name: unprotectedNetCidr
              value: "{{.Values.global.unprotectedNetCidr}}"
            - name: unprotectedNetGwIp
              value: "{{.Values.global.unprotectedNetGwIp}}"
            - name: protectedNetCidr
              value: "{{.Values.global.protectedNetCidr}}"
            - name: protectedNetGwIp
              value: "{{.Values.global.protectedNetGwIp}}"
            - name: dcaeCollectorIp
              value: "{{.Values.global.dcaeCollectorIp}}"
            - name: dcaeCollectorPort
              value: "{{.Values.global.dcaeCollectorPort}}"
          command: ["/bin/bash", "/opt/vsn_start.sh"]
          securityContext:
              privileged: true
              capabilities:
                  add:
                  - CAP_SYS_ADMIN
          volumeMounts:
            - name: scripts
              mountPath: /opt
          resources:
            requests:
              cpu: {{ .Values.resources.cpu }}
              memory: {{ .Values.resources.memory }}
            limits:
              cpu: {{ .Values.resources.cpu }}
              memory: {{ .Values.resources.memory }}
      volumes:
        - name: scripts
          configMap:
            name: {{ .Chart.Name }}-scripts-configmap
      imagePullSecrets:
      - name: admin-registry-secret