{{- if eq .Values.installMode "agent" }}
{{- $name := include "karmada.name" . -}}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ $name }}
  namespace: {{ include "karmada.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ $name }}
rules:
  - apiGroups: ['*']
    resources: ['*']
    verbs: ['*']
  - nonResourceURLs: ['*']
    verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: {{ $name }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ $name }}
subjects:
  - kind: ServiceAccount
    name: {{ $name }}
    namespace: {{ include "karmada.namespace" . }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ $name }}-kubeconfig
  namespace: {{ include "karmada.namespace" . }}
stringData:
  kubeconfig: |-
    apiVersion: v1
    kind: Config
    clusters:
      - cluster:
          certificate-authority-data: {{ b64enc .Values.agent.kubeconfig.caCrt }}
          insecure-skip-tls-verify: false
          server: {{ .Values.agent.kubeconfig.server }}
        name: {{ $name }}-apiserver
    users:
      - user:
          client-certificate-data: {{ b64enc .Values.agent.kubeconfig.crt }}
          client-key-data: {{ b64enc .Values.agent.kubeconfig.key }}
        name: {{ $name }}-apiserver
    contexts:
      - context:
          cluster: {{ $name }}-apiserver
          user: {{ $name }}-apiserver
        name: {{ $name }}-apiserver
    current-context: {{ $name }}-apiserver
---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ $name }}
  namespace: {{ include "karmada.namespace" . }}
  labels:
  {{- include "karmada.agent.labels" . | indent 4}}
spec:
  replicas: {{ .Values.agent.replicaCount }}
  selector:
    matchLabels:
      {{- include "karmada.agent.labels" . | indent 6}}
  {{- with .Values.agent.strategy }}
  strategy:
  {{- toYaml . | nindent 8 }}
  {{- end }}
  template:
    metadata:
      {{- with .Values.agent.podAnnotations}}
      annotations:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "karmada.agent.labels" . | indent 8}}
        {{- include "karmada.agent.podLabels" . | indent 8}}
    spec:
      {{- with .Values.agent.imagePullSecrets }}
      imagePullSecrets:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.agent.nodeSelector }}
      nodeSelector:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.agent.affinity }}
      affinity:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.agent.tolerations}}
      tolerations:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ $name }}
      containers:
        - name: {{ $name }}
          image: {{ .Values.agent.image.repository}}:{{ .Values.agent.image.tag | default "latest" }}
          imagePullPolicy: {{ .Values.agent.image.pullPolicy }}
          command:
            - /bin/karmada-agent
            - --karmada-kubeconfig=/etc/kubeconfig/kubeconfig
            - --cluster-name={{ .Values.agent.clusterName }}
            - --cluster-status-update-frequency=10s
            - --v=4
          volumeMounts:
            - name: kubeconfig
              mountPath: /etc/kubeconfig
          resources:
          {{- toYaml .Values.agent.resources | nindent 12 }}
      volumes:
        - name: kubeconfig
          secret:
            secretName: {{ $name }}-kubeconfig
{{- end }}