apiVersion: v1
data:
  calico-ns.yaml: |
    apiVersion: v1
    kind: Namespace
    metadata:
      name: tigera-operator
      labels:
        name: tigera-operator
        pod-security.kubernetes.io/enforce: privileged
kind: ConfigMap
metadata:
  name: calico-namespace
  namespace: default
---
# Create calico-namespace with label pod-security.kubernetes.io/enforce: privileged
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
  name: create-calico-ns
spec:
  clusterSelector:
    matchLabels:
      cni: calico
  policyRefs:
  - name: calico-namespace
    namespace: default
    kind: ConfigMap
---
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
  name: deploy-calico
spec:
  dependsOn:
  - create-calico-ns
  syncMode: Continuous
  clusterSelector:
    matchLabels:
      cni: calico
  helmCharts:
  - repositoryURL:    https://projectcalico.docs.tigera.io/charts
    repositoryName:   projectcalico
    chartName:        projectcalico/tigera-operator
    chartVersion:     v3.31.3
    releaseName:      calico
    releaseNamespace: tigera-operator
    helmChartAction:  Install
    values: |
      installation:
        calicoNetwork:
          ipPools:
          {{ range $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }}
            - cidr: {{ $cidr }}
              encapsulation: VXLAN
          {{ end }}