resource "kubectl_manifest" "Deployment_virt-operator" {
  yaml_body  = <<-EOF
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels: ${jsonencode(local.common-labels)}
      name: virt-operator
      namespace: ${var.namespace}
      ownerReferences: ${jsonencode(var.install_owner)}
    spec:
      replicas: 1
      selector:
        matchLabels:
          kubevirt.io: virt-operator
      strategy:
        type: RollingUpdate
      template:
        metadata:
          labels:
            kubevirt.io: virt-operator
            name: virt-operator
            prometheus.kubevirt.io: 'true'
          name: virt-operator
        spec:
          affinity:
            podAntiAffinity:
              preferredDuringSchedulingIgnoredDuringExecution:
              - podAffinityTerm:
                  labelSelector:
                    matchExpressions:
                    - key: kubevirt.io
                      operator: In
                      values:
                      - virt-operator
                  topologyKey: kubernetes.io/hostname
                weight: 1
          containers:
          - args:
            - --port
            - '8443'
            - -v
            - '2'
            command:
            - virt-operator
            env:
            - name: VIRT_OPERATOR_IMAGE
              value: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag}
            - name: WATCH_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.annotations['olm.targetNamespaces']
            - name: KUBEVIRT_VERSION
              value: ${var.images.operator.tag}
            image: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag}
            imagePullPolicy: ${var.images.operator.pull_policy}
            name: virt-operator
            ports:
            - containerPort: 8443
              name: metrics
              protocol: TCP
            - containerPort: 8444
              name: webhooks
              protocol: TCP
            readinessProbe:
              httpGet:
                path: /metrics
                port: 8443
                scheme: HTTPS
              initialDelaySeconds: 5
              timeoutSeconds: 10
            resources:
              requests:
                cpu: 10m
                memory: 450Mi
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop:
                - ALL
              seccompProfile:
                type: RuntimeDefault
            volumeMounts:
            - mountPath: /etc/virt-operator/certificates
              name: kubevirt-operator-certs
              readOnly: true
            - mountPath: /profile-data
              name: profile-data
          nodeSelector:
            kubernetes.io/os: linux
          priorityClassName: kubevirt-cluster-critical
          securityContext:
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          serviceAccountName: kubevirt-operator
          tolerations:
          - key: CriticalAddonsOnly
            operator: Exists
          volumes:
          - name: kubevirt-operator-certs
            secret:
              optional: true
              secretName: kubevirt-operator-certs
          - emptyDir: {}
            name: profile-data
EOF
}