{{with .Values -}}
---
###
### Service Profile Validator
###
---
kind: Service
apiVersion: v1
metadata:
  name: linkerd-sp-validator
  namespace: {{.Namespace}}
  labels:
    {{.ControllerComponentLabel}}: sp-validator
  annotations:
    {{.CreatedByAnnotation}}: {{.CliVersion}}
spec:
  type: ClusterIP
  selector:
    {{.ControllerComponentLabel}}: sp-validator
  ports:
  - name: sp-validator
    port: 443
    targetPort: sp-validator
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: linkerd-sp-validator
  namespace: {{.Namespace}}
  labels:
    {{.ControllerComponentLabel}}: sp-validator
  annotations:
    {{.CreatedByAnnotation}}: {{.CliVersion}}
spec:
  replicas: {{.ControllerReplicas}}
  selector:
    matchLabels:
      {{.ControllerComponentLabel}}: sp-validator
  template:
    metadata:
      labels:
        {{.ControllerComponentLabel}}: sp-validator
      annotations:
        {{.CreatedByAnnotation}}: {{.CliVersion}}
    spec:
      serviceAccountName: linkerd-sp-validator
      containers:
      - name: sp-validator
        image: {{.ControllerImage}}
        imagePullPolicy: {{.ImagePullPolicy}}
        args:
        - "sp-validator"
        - "-log-level={{.ControllerLogLevel}}"
        ports:
        - name: sp-validator
          containerPort: 8443
        volumeMounts:
        - name: tls
          mountPath: /var/run/linkerd/tls
          readOnly: true
        livenessProbe:
          httpGet:
            path: /ping
            port: 9997
          initialDelaySeconds: 10
        readinessProbe:
          httpGet:
            path: /ready
            port: 9997
          failureThreshold: 7
        {{ with .SPValidatorResources -}}
        {{- template "resources" . }}
        {{ end -}}
        securityContext:
          runAsUser: {{.ControllerUID}}
      volumes:
      - name: tls
        secret:
          secretName: linkerd-sp-validator-tls
{{end -}}