addons/virt/cdi/operator_workload.tf

resource "kubectl_manifest" "Deployment_cdi-operator" {
  yaml_body  = <<-EOF
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels: ${jsonencode(local.common-labels)}
      name: cdi-operator
      namespace: ${var.namespace}
      ownerReferences: ${jsonencode(var.install_owner)}
    spec:
      replicas: 1
      selector:
        matchLabels:
          name: cdi-operator
          operator.cdi.kubevirt.io: ''
      strategy: {}
      template:
        metadata:
          labels:
            cdi.kubevirt.io: cdi-operator
            name: cdi-operator
            operator.cdi.kubevirt.io: ''
            prometheus.cdi.kubevirt.io: 'true'
        spec:
          affinity:
            podAffinity:
              preferredDuringSchedulingIgnoredDuringExecution:
              - podAffinityTerm:
                  labelSelector:
                    matchExpressions:
                    - key: cdi.kubevirt.io
                      operator: In
                      values:
                      - cdi-operator
                  topologyKey: kubernetes.io/hostname
                weight: 1
          containers:
          - env:
            - name: DEPLOY_CLUSTER_RESOURCES
              value: 'true'
            - name: OPERATOR_VERSION
              value: ${var.images.apiserver.tag}
            - name: CONTROLLER_IMAGE
              value: ${var.images.controller.registry}/${var.images.controller.repository}:${var.images.controller.tag}
            - name: IMPORTER_IMAGE
              value: ${var.images.importer.registry}/${var.images.importer.repository}:${var.images.importer.tag}
            - name: CLONER_IMAGE
              value: ${var.images.cloner.registry}/${var.images.cloner.repository}:${var.images.cloner.tag}
            - name: APISERVER_IMAGE
              value: ${var.images.apiserver.registry}/${var.images.apiserver.repository}:${var.images.apiserver.tag}
            - name: UPLOAD_SERVER_IMAGE
              value: ${var.images.uploadserver.registry}/${var.images.uploadserver.repository}:${var.images.uploadserver.tag}
            - name: UPLOAD_PROXY_IMAGE
              value: ${var.images.uploadproxy.registry}/${var.images.uploadproxy.repository}:${var.images.uploadproxy.tag}
            - name: VERBOSITY
              value: '1'
            - name: PULL_POLICY
              value: ${var.images.apiserver.pull_policy}
            - name: MONITORING_NAMESPACE
            image: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag}
            imagePullPolicy: ${var.images.operator.pull_policy}
            name: cdi-operator
            ports:
            - containerPort: 8080
              name: metrics
              protocol: TCP
            resources:
              requests:
                cpu: 100m
                memory: 150Mi
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop:
                - ALL
              runAsNonRoot: true
              seccompProfile:
                type: RuntimeDefault
          nodeSelector:
            kubernetes.io/os: linux
          securityContext:
            runAsNonRoot: true
          serviceAccountName: cdi-operator
          tolerations:
          - key: CriticalAddonsOnly
            operator: Exists
EOF
}