109 lines
3.4 KiB
HCL
109 lines
3.4 KiB
HCL
resource "kubectl_manifest" "Deployment_virt-operator" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels: ${jsonencode(local.common-labels)}
|
|
name: virt-operator
|
|
namespace: ${var.namespace}
|
|
ownerReferences: ${jsonencode(var.install_owner)}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
kubevirt.io: virt-operator
|
|
strategy:
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
kubevirt.io: virt-operator
|
|
name: virt-operator
|
|
prometheus.kubevirt.io: 'true'
|
|
name: virt-operator
|
|
spec:
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: kubevirt.io
|
|
operator: In
|
|
values:
|
|
- virt-operator
|
|
topologyKey: kubernetes.io/hostname
|
|
weight: 1
|
|
containers:
|
|
- args:
|
|
- --port
|
|
- '8443'
|
|
- -v
|
|
- '2'
|
|
command:
|
|
- virt-operator
|
|
env:
|
|
- name: VIRT_OPERATOR_IMAGE
|
|
value: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag}
|
|
- name: WATCH_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.annotations['olm.targetNamespaces']
|
|
- name: KUBEVIRT_VERSION
|
|
value: ${var.images.operator.tag}
|
|
image: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag}
|
|
imagePullPolicy: ${var.images.operator.pull_policy}
|
|
name: virt-operator
|
|
ports:
|
|
- containerPort: 8443
|
|
name: metrics
|
|
protocol: TCP
|
|
- containerPort: 8444
|
|
name: webhooks
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /metrics
|
|
port: 8443
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 5
|
|
timeoutSeconds: 10
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 450Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
volumeMounts:
|
|
- mountPath: /etc/virt-operator/certificates
|
|
name: kubevirt-operator-certs
|
|
readOnly: true
|
|
- mountPath: /profile-data
|
|
name: profile-data
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
priorityClassName: kubevirt-cluster-critical
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
serviceAccountName: kubevirt-operator
|
|
tolerations:
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
volumes:
|
|
- name: kubevirt-operator-certs
|
|
secret:
|
|
optional: true
|
|
secretName: kubevirt-operator-certs
|
|
- emptyDir: {}
|
|
name: profile-data
|
|
EOF
|
|
}
|
|
|