diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 582ec8e..5fd7914 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -3,6 +3,8 @@ kind: VirtualMachine metadata: name: fortigate-s3 namespace: ${TENANT_NAMESPACE} + annotations: + #kubevirt.io/allow-pod-bridge-network-live-migration: spec: dataVolumeTemplates: - metadata: @@ -29,26 +31,17 @@ spec: guest: 4Gi features: acpi: {} - smm: + smm: enabled: true firmware: bootloader: efi: - secureBoot: true devices: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: internal - masquerade: {} - ports: - - port: 500 - - port: 4500 - #- name: external - # masquerade: {} - # ports: - # - port: 500 - # - port: 4500 + - name: external + bridge: {} disks: - disk: bus: sata @@ -61,9 +54,7 @@ spec: memory: 4Gi cpu: 2 networks: - #- name: external - # pod: {} - - name: internal + - name: external pod: {} terminationGracePeriodSeconds: 180 volumes: diff --git a/network/ks-lb.yaml b/network/ks-lb.yaml index bfb3107..25ae3ef 100644 --- a/network/ks-lb.yaml +++ b/network/ks-lb.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app windows-lb + name: &app lb namespace: ${TENANT_NAMESPACE} spec: commonMetadata: diff --git a/network/loadbalancers/fortigate-lb.yaml b/network/loadbalancers/fortigate-lb.yaml new file mode 100644 index 0000000..13f8eae --- /dev/null +++ b/network/loadbalancers/fortigate-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + - port: 22 + name: ssh + targetPort: 22 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-s3 \ No newline at end of file