---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubevirt-ssp-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubevirt-ssp-operator
rules:
- apiGroups:
  - kubevirt.io
  - oauth.openshift.io
  - template.openshift.io
  resources:
  - '*'
  verbs:
  - '*'
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterroles
  verbs:
  - create
  - get
  - list
  - watch
  - patch
  - update
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterrolebindings
  verbs:
  - create
  - get
  - list
  - watch
  - patch
  - update
- apiGroups:
  - extensions
  - apps
  resources:
  - deployments
  - replicasets
  - daemonsets
  - statefulsets
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - serviceaccounts
  - configmaps
  - nodes
  - endpoints
  - events
  - secrets
  verbs:
  - create
  - get
  - patch
  - update
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - create
  - get
  - list
  - patch
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - admissionregistration.k8s.io
  resources:
  - validatingwebhookconfigurations
  verbs:
  - create
  - get
  - list
  - patch
  - watch
- apiGroups:
  - security.openshift.io
  resources:
  - securitycontextconstraints
  verbs:
  - '*'
  resourceNames:
  - privileged

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubevirt-ssp-operator
subjects:
- kind: ServiceAccount
  name: kubevirt-ssp-operator
  namespace: default 
roleRef:
  kind: ClusterRole
  name: kubevirt-ssp-operator
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubevirt-ssp-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      name: kubevirt-ssp-operator
  template:
    metadata:
      labels:
        name: kubevirt-ssp-operator
    spec:
      serviceAccountName: kubevirt-ssp-operator
      containers:
        - name: kubevirt-ssp-operator
          #FIXME Replace this with the built image name
          image: quay.io/fromani/kubevirt-ssp-operator-container:latest
          ports:
          - containerPort: 60000
            name: metrics
          imagePullPolicy: Always
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: WATCH_NAMESPACE
              value: ""
            - name: VIRT_LAUNCHER_TAG
              value: v0.17.0
            - name: OPERATOR_NAME
              value: "kubevirt-ssp-operator"

     
