apiVersion: apps/v1
kind: Deployment
metadata:
  name: network-operator
  namespace: openshift-network-operator
  labels:
    name: network-operator
  annotations:
    include.release.openshift.io/self-managed-high-availability: "true"
    include.release.openshift.io/single-node-developer: "true"
spec:
  replicas: 1
  selector:
    matchLabels:
      name: network-operator
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
      labels:
        name: network-operator
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchLabels:
                  name: network-operator
              topologyKey: kubernetes.io/hostname
            weight: 100
      containers:
      - name: network-operator
        ports:
          - containerPort: 9104
            hostPort: 9104
            name: cno
            protocol: TCP
        image: quay.io/openshift/origin-cluster-network-operator:latest
        command:
        - /bin/bash
        - -c
        - |
          #!/bin/bash
          set -o allexport
          if [[ -f /etc/kubernetes/apiserver-url.env ]]; then
            source /etc/kubernetes/apiserver-url.env
          else
            echo "Error: /etc/kubernetes/apiserver-url.env is missing"
            exit 1
          fi
          exec /usr/bin/cluster-network-operator start --listen=0.0.0.0:9104
        resources:
          requests:
            cpu: 10m
            memory: 50Mi
        env:
        - name: RELEASE_VERSION
          value: "0.0.1-snapshot"
        - name: KUBE_PROXY_IMAGE
          value: "quay.io/openshift/origin-kube-proxy:latest"
        - name: KUBE_RBAC_PROXY_IMAGE
          value: "quay.io/openshift/origin-kube-rbac-proxy:latest"
        - name: MULTUS_IMAGE
          value: "quay.io/openshift/origin-multus-cni:latest"
        - name: MULTUS_ADMISSION_CONTROLLER_IMAGE
          value: "quay.io/openshift/origin-multus-admission-controller:latest"
        - name: CNI_PLUGINS_IMAGE
          value: "quay.io/openshift/origin-container-networking-plugins:latest"
        - name: BOND_CNI_PLUGIN_IMAGE
          value: "quay.io/openshift/origin-network-interface-bond-cni:latest"
        - name: WHEREABOUTS_CNI_IMAGE
          value: "quay.io/openshift/origin-multus-whereabouts-ipam-cni:latest"
        - name: ROUTE_OVERRRIDE_CNI_IMAGE
          value: "quay.io/openshift/origin-multus-route-override-cni:latest"
        - name: MULTUS_NETWORKPOLICY_IMAGE
          value: "quay.io/openshift/origin-multus-networkpolicy:latest"
        - name: OVN_IMAGE
          value: "quay.io/openshift/origin-ovn-kubernetes:latest"
        - name: OVN_NB_RAFT_ELECTION_TIMER
          value: "10"
        - name: OVN_SB_RAFT_ELECTION_TIMER
          value: "16"
        - name: OVN_NORTHD_PROBE_INTERVAL
          value: "10000"
        - name: OVN_CONTROLLER_INACTIVITY_PROBE
          value: "180000"
        - name: OVN_NB_INACTIVITY_PROBE
          value: "60000"
        - name: EGRESS_ROUTER_CNI_IMAGE
          value: "quay.io/openshift/origin-egress-router-cni:latest"
        - name: NETWORK_METRICS_DAEMON_IMAGE
          value: "quay.io/openshift/origin-network-metrics-daemon:latest"
        - name: NETWORK_CHECK_SOURCE_IMAGE
          value: "quay.io/openshift/origin-cluster-network-operator:latest"
        - name: NETWORK_CHECK_TARGET_IMAGE
          value: "quay.io/openshift/origin-cluster-network-operator:latest"
        - name: NETWORK_OPERATOR_IMAGE
          value: "quay.io/openshift/origin-cluster-network-operator:latest"
        - name: CLOUD_NETWORK_CONFIG_CONTROLLER_IMAGE
          value: "quay.io/openshift/origin-cloud-network-config-controller:latest"
        - name: CLI_IMAGE
          value: "quay.io/openshift/origin-cli:latest"
        - name: FRR_K8S_IMAGE
          value: "quay.io/openshift/origin-metallb-frr:latest"
        - name: NETWORKING_CONSOLE_PLUGIN_IMAGE
          value: "quay.io/openshift/origin-networking-console-plugin:latest"
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        terminationMessagePolicy: FallbackToLogsOnError
        volumeMounts:
        - mountPath: /etc/kubernetes
          name: host-etc-kube
          readOnly: true
        - mountPath: /var/run/secrets/serving-cert
          name: metrics-tls
      hostNetwork: true
      nodeSelector:
        node-role.kubernetes.io/master: ""
      priorityClassName: "system-cluster-critical"
      serviceAccountName: cluster-network-operator
      volumes:
        - name: host-etc-kube
          hostPath:
            path: /etc/kubernetes
            type: Directory
        - name: metrics-tls
          secret:
            secretName: metrics-tls
            optional: true
      restartPolicy: Always
      securityContext:
        runAsNonRoot: true
        runAsUser: 65534
      tolerations:
      - key: "node-role.kubernetes.io/master"
        operator: Exists
        effect: NoSchedule
      - key: "node.kubernetes.io/not-ready"
        operator: Exists
        effect: NoSchedule
      - key: node.kubernetes.io/network-unavailable
        operator: Exists
        effect: NoSchedule