apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: kubevirt
    app.kubernetes.io/managed-by: virt-operator
    app.kubernetes.io/name: virt-api
    app.kubernetes.io/version: v1.0.1
    kubevirt.io: virt-api
  name: virt-api
  namespace: "{{ namespace }}"
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      kubevirt.io: virt-api
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/component: kubevirt
        app.kubernetes.io/managed-by: virt-operator
        app.kubernetes.io/version: v1.0.1
        kubevirt.io: virt-api
        prometheus.kubevirt.io: "true"
      name: virt-api
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: kubevirt.io
                      operator: In
                      values:
                        - virt-api
                topologyKey: kubernetes.io/hostname
              weight: 1
      containers:
        - args:
            - --port
            - "8443"
            - --console-server-port
            - "8186"
            - --subresources-only
            - -v
            - "2"
          command:
            - virt-api
          image: quay.io/kubevirt/virt-api@sha256:707003b221496b4432da2f507d1e36e528b45888b5d321e06d460f0678da44ae
          imagePullPolicy: IfNotPresent
          name: virt-api
          ports:
            - containerPort: 8443
              name: virt-api
              protocol: TCP
            - containerPort: 8443
              name: metrics
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /apis/subresources.kubevirt.io/v1/healthz
              port: 8443
              scheme: HTTPS
            initialDelaySeconds: 15
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          resources:
            requests:
              cpu: 5m
              memory: 500Mi
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            seccompProfile:
              type: RuntimeDefault
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /etc/virt-api/certificates
              name: kubevirt-virt-api-certs
              readOnly: true
            - mountPath: /etc/virt-handler/clientcertificates
              name: kubevirt-virt-handler-certs
              readOnly: true
            - mountPath: /profile-data
              name: profile-data
      dnsPolicy: ClusterFirst
      nodeSelector:
        kubernetes.io/os: linux
      priorityClassName: kubevirt-cluster-critical
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      serviceAccount: kubevirt-apiserver
      serviceAccountName: kubevirt-apiserver
      terminationGracePeriodSeconds: 30
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
      volumes:
        - name: kubevirt-virt-api-certs
          secret:
            defaultMode: 420
            optional: true
            secretName: kubevirt-virt-api-certs
        - name: kubevirt-virt-handler-certs
          secret:
            defaultMode: 420
            optional: true
            secretName: kubevirt-virt-handler-certs
        - emptyDir: {}
          name: profile-data