{{- if .Values.backgroundController.enabled -}}
{{- if not .Values.templating.debug -}}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "kyverno.background-controller.name" . }}
  namespace: {{ template "kyverno.namespace" . }}
  labels:
    {{- include "kyverno.background-controller.labels" . | nindent 4 }}
spec:
  replicas: {{ template "kyverno.deployment.replicas" .Values.backgroundController.replicas }}
  {{- with .Values.backgroundController.updateStrategy }}
  strategy:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "kyverno.background-controller.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyverno.background-controller.labels" . | nindent 8 }}
        {{- with .Values.backgroundController.podLabels }}
        {{- tpl (toYaml .) $ | nindent 8 }}
        {{- end }}
      {{- with .Values.backgroundController.podAnnotations }}
      annotations: {{ tpl (toYaml .) $ | nindent 8 }}
      {{- end }}
    spec:
      {{- with .Values.backgroundController.imagePullSecrets }}
      imagePullSecrets: 
        {{- tpl (toYaml .) $ | nindent 8 }}
      {{- end }}
      {{- with .Values.backgroundController.podSecurityContext }}
      securityContext:
        {{- tpl (toYaml .) $ | nindent 8 }}
      {{- end }}
      {{- with .Values.backgroundController.nodeSelector }}
      nodeSelector:
        {{- tpl (toYaml .) $ | nindent 8 }}
      {{- end }}
      {{- with .Values.backgroundController.tolerations }}
      tolerations:
        {{- tpl (toYaml .) $ | nindent 8 }}
      {{- end }}
      {{- with .Values.backgroundController.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- tpl (toYaml .) $ | nindent 8 }}
      {{- end }}
      {{- with .Values.backgroundController.priorityClassName }}
      priorityClassName: {{ . | quote }}
      {{- end }}
      {{- with .Values.backgroundController.hostNetwork }}
      hostNetwork: {{ . }}
      {{- end }}
      {{- with .Values.backgroundController.dnsPolicy }}
      dnsPolicy: {{ . }}
      {{- end }}
      {{- if or .Values.backgroundController.antiAffinity.enabled .Values.backgroundController.podAffinity .Values.backgroundController.nodeAffinity }}
      affinity:
        {{- if .Values.backgroundController.antiAffinity.enabled }}
        {{- with .Values.backgroundController.podAntiAffinity }}
        podAntiAffinity:
          {{- tpl (toYaml .) $ | nindent 10 }}
        {{- end }}
        {{- end }}
        {{- with .Values.backgroundController.podAffinity }}
        podAffinity:
          {{- tpl (toYaml .) $ | nindent 10 }}
        {{- end }}
        {{- with .Values.backgroundController.nodeAffinity }}
        nodeAffinity:
          {{- tpl (toYaml .) $ | nindent 10 }}
        {{- end }}
      {{- end }}
      serviceAccountName: {{ template "kyverno.background-controller.serviceAccountName" . }}
      containers:
        - name: controller
          image: {{ include "kyverno.background-controller.image" (dict "image" .Values.backgroundController.image "defaultTag" .Chart.AppVersion) | quote }}
          ports:
          - containerPort: 9443
            name: https
            protocol: TCP
          - containerPort: 8000
            name: metrics
            protocol: TCP
          args:
            {{- if .Values.backgroundController.tracing.enabled }}
            - --enableTracing
            - --tracingAddress={{ .Values.backgroundController.tracing.address }}
            - --tracingPort={{ .Values.backgroundController.tracing.port }}
            {{- with .Values.backgroundController.tracing.creds }}
            - --tracingCreds={{ . }}
            {{- end }}
            {{- end }}
            - --disableMetrics={{ .Values.backgroundController.metering.disabled }}
            {{- if not .Values.backgroundController.metering.disabled }}
            - --otelConfig={{ .Values.backgroundController.metering.config }}
            - --metricsPort={{ .Values.backgroundController.metering.port }}
            {{- with .Values.backgroundController.metering.collector }}
            - --otelCollector={{ . }}
            {{- end }}
            {{- with .Values.backgroundController.metering.creds }}
            - --transportCreds={{ . }}
            {{- end }}
            {{- end }}
            {{- if or .Values.imagePullSecrets .Values.existingImagePullSecrets }}
            - --imagePullSecrets={{- join "," (concat (keys .Values.imagePullSecrets) .Values.existingImagePullSecrets) }}
            {{- end }}
            {{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.backgroundController.featuresOverride)
              "configMapCaching"
              "logging"
              "omitEvents"
              "policyExceptions"
            ) | nindent 12 }}
            {{- range $key, $value := .Values.backgroundController.extraArgs }}
            {{- if $value }}
            - --{{ $key }}={{ $value }}
            {{- end }}
            {{- end }}
          env:
          - name: INIT_CONFIG
            value: {{ template "kyverno.config.configMapName" . }}
          - name: METRICS_CONFIG
            value: {{ template "kyverno.config.metricsConfigMapName" . }}
          - name: KYVERNO_POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: KYVERNO_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          {{- with .Values.backgroundController.resources }}
          resources: {{ tpl (toYaml .) $ | nindent 12 }}
          {{- end }}
          {{- with .Values.backgroundController.securityContext }}
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
{{- end -}}
{{- end -}}