From b15d8e68826d01e235161fe1664d858837e82946 Mon Sep 17 00:00:00 2001
From: "maximilian.bartz" <maximilian.bartz@phoenix-systems.ch>
Date: Tue, 22 Jul 2025 12:16:37 +0200
Subject: [PATCH] changed NAD to static to test

---
 .../vm/ksd/network-definitions/mgmt.yaml      |  8 +-
 firewall-s3/vm/ksd/vm/strongswan.yaml         | 73 +++++++++++++++++++
 2 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 firewall-s3/vm/ksd/vm/strongswan.yaml

diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml
index a1e6f34..7be17a8 100644
--- a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml
+++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml
@@ -9,6 +9,12 @@ spec:
     "type": "bridge",
     "bridge": "br-mgmt",
     "ipam": {
-      "type": "dhcp"
+      "type": "static",
+      "addresses": [
+        {
+          "address": "192.168.10.100/24",
+          "gateway": "192.168.10.1"
+        }
+      ]
     }
   }'
\ No newline at end of file
diff --git a/firewall-s3/vm/ksd/vm/strongswan.yaml b/firewall-s3/vm/ksd/vm/strongswan.yaml
new file mode 100644
index 0000000..e346a59
--- /dev/null
+++ b/firewall-s3/vm/ksd/vm/strongswan.yaml
@@ -0,0 +1,73 @@
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: strongswan
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  running: true
+  template:
+    metadata:
+      labels:
+        kubevirt.io/domain: strongswan
+    spec:
+      domain:
+        cpu:
+          cores: 2
+        resources:
+          requests:
+            memory: 2Gi
+            cpu: 1
+          limits:
+            memory: 2Gi
+            cpu: 2
+        memory:
+          guest: 2Gi
+        devices:
+          rng: {}
+          networkInterfaceMultiqueue: true
+          disks:
+            - name: containerdisk
+              disk:
+                bus: virtio
+            - name: cloudinitdisk
+              disk:
+                bus: virtio
+          interfaces:
+            - name: wan
+              masquerade: {}
+              ports:
+                - port: 4500
+                - port: 443
+                - port: 22
+                - port: 500
+            - name: mgmt
+              bridge: {}
+            - name: lan
+              bridge: {}
+      networks:
+        - name: wan
+          pod: {}
+        - name: mgmt
+          multus:
+            networkName: ${TENANT_NAMESPACE}/mgmt-net
+        - name: lan
+          multus:
+            networkName: ${TENANT_NAMESPACE}/lan-net
+      terminationGracePeriodSeconds: 180
+      volumes:
+        - name: containerdisk
+          containerDisk:
+            image: quay.io/containerdisks/ubuntu:22.04
+        - name: cloudinitdisk
+          cloudInitNoCloud:
+            userData: |
+              #cloud-config
+              users:
+                - name: testuser
+                  groups: [sudo]
+                  sudo: "ALL=(ALL) NOPASSWD:ALL"
+                  lock_passwd: false
+                  passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
+              chpasswd:
+                expire: false
+              ssh_pwauth: true
\ No newline at end of file