apiVersion: apps/v1
kind: Deployment
metadata:
  name: vm-operator
  labels:
    app.kubernetes.io/name: vm-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: vm-operator
      app.kubernetes.io/component: manager
  template:
    metadata:
      name: vm-operator
      labels:
        app.kubernetes.io/name: vm-operator
        app.kubernetes.io/component: manager
    spec:
      containers:
        - name: vm-operator
          image: >-
            registry.mnl.de/org/jdrupes/vm-operator/org.jdrupes.vmoperator.manager:testing
          imagePullPolicy: Always
          env:
          - name: JAVA_OPTS
            # The VM operator needs about 25 MB of memory, plus 1 MB for
            # each VM. The reason is that for the sake of effeciency, we
            # have to keep a parsed representation of the CRD in memory,
            # which requires about 512 KB per VM. While handling updates,
            # we temporarily have the old and the new version of the CRD
            # in memory, so we need another 512 KB per VM.
            value: "-Xmx128m"
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
          volumeMounts:
            - name: config
              mountPath: /etc/opt/vmoperator
            - name: vmop-image-repository
              mountPath: /var/local/vmop-image-repository
          securityContext:
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
      volumes:
      - name: config
        configMap:
          name: vm-operator
      - name: vmop-image-repository
        persistentVolumeClaim:
          claimName: vmop-image-repository
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: vm-operator
      securityContext:
        runAsUser: 65534
        runAsNonRoot: true