apiVersion: v1
kind: ServiceAccount
metadata:
  name: clusterctl
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: clusterctl
data:
  BSL_ENDPOINT: ${bsl_endpoint}
  BSL_ROOT_ORG: ${bsl_root_org}
  BSP_ORGANIZATION_PREFIX: ${bsl_edge_env_prefix}
  CLUSTER_CONCURRENCY: "24"
  DATASYNC_DNS_NAME: ${datasync_dns_name}
  DATASYNC_DNS_ZONE: ${datasync_dns_zone}
  DOMAIN: ${domain}
  EDGE_API: https://${domain}/api/v2
  EDGE_SEC_MAX_LEASE_PERIOD: ${edge_sec_max_lease_period}
  EDGE_SEC_MAX_VALIDITY_PERIOD: ${edge_sec_max_validity_period}
  GCP_REGION: ${gcp_region}
  GCP_ZONE: ${gcp_zone}
  GKECLUSTER_CONCURRENCY: "6"
  HELM_CACHE_LIMIT: "1200"
  PLUGIN_CONCURRENCY: "24"
  SQL_CONNECTION_NAME: ${foreman_gcp_project_id}:${gcp_region}:${edge_sql_db_name}-migrated
  SQL_DB_NAME: ${edge_sql_db_name}
  SQL_USER: cctl-${cluster_hash}@${gcp_project_id}.iam
  TOP_LEVEL_CNRM_SA: foreman-cnrm-system@plat-infra-project-id.iam.gserviceaccount.com
  TOP_LEVEL_PROJECT_ID: ${foreman_gcp_project_id}
  WAIT_FOR_SET_CONCURRENCY: "5"
  WAIT_FOR_SET_INTERVAL: "5s"
  WAIT_FOR_SET_TIMEOUT: "2m"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: clusterctl
  labels:
    platform.edge.ncr.com/component: clusterctl
spec:
  replicas: 1
  selector:
    matchLabels:
      platform.edge.ncr.com/component: clusterctl
  template:
    metadata:
      labels:
        platform.edge.ncr.com/component: clusterctl
    spec:
      serviceAccount: clusterctl
      containers:
      - name: clusterctl
        image: bzl://cmd/edge/clusterctl:container_push
        ports:
        - name: metrics
          containerPort: 8080
        envFrom:
        - configMapRef:
            name: clusterctl
        - secretRef:
            name: ldkey
        - secretRef:
            name: edge-totp-secret-key
        - secretRef:
            name: edge-bsl
        resources:
          limits:
            cpu: "2000m"
            memory: "8Gi"
          requests:
            cpu: "1024m"
            memory: "2Gi"
        imagePullPolicy: IfNotPresent
      imagePullSecrets:
      - name: edge-docker-pull-secret
---
apiVersion: v1
kind: Service
metadata:
  name: clusterctl
  labels:
    platform.edge.ncr.com/component: clusterctl
spec:
  selector:
    platform.edge.ncr.com/component: clusterctl
  ports:
  - name: metrics
    port: 8080
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: clusterctl
  labels:
    platform.edge.ncr.com/component: clusterctl
  annotations:
    monitoring.edge.ncr.com/allowed-metrics: |
      edge_clusterctl_reconcile_condition_status
      edge_clusterctl_reconcile_duration_seconds_sum
      edge_clusterctl_reconcile_duration_seconds_count
      edge_clusterctl_reconcile_duration_seconds_bucket
      edge_clusterctl_db_status_writes_total
      edge_clusterctl_db_errors_total
      edge_clusterctl_plugin_execution_time
      edge_clusterctl_plugin_execution_error
      edge_clusterctl_plugin_finalizer_time
      edge_clusterctl_plugin_finalizer_error
      edge_clusterctl_registered_plugins_count
      edge_gke_clusterctl_reconcile_condition_status
      edge_gke_clusterctl_reconcile_duration_seconds_sum
      edge_gke_clusterctl_reconcile_duration_seconds_count
      edge_gke_clusterctl_reconcile_duration_seconds_bucket
      workqueue_depth
      workqueue_adds_total
      workqueue_queue_duration_seconds
      workqueue_work_duration_seconds
      workqueue_unfinished_work_seconds
      workqueue_longest_running_processor_seconds
      workqueue_retries_total
      controller_runtime_reconcile_errors_total
      controller_runtime_reconcile_time_seconds
      controller_runtime_max_concurrent_reconciles
      controller_runtime_reconcile_total
spec:
  selector:
    matchLabels:
      platform.edge.ncr.com/component: clusterctl
  endpoints:
  - port: metrics