Add test-connectivity

firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: fortigate-lb-test
+  namespace: ${TENANT_NAMESPACE}
+  labels:
+    app.kubernetes.io/component: fortigate-lb
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - port: 4500
+      name: ipsec-nat
+      targetPort: 4500
+      protocol: UDP
+    - port: 500
+      name: key-management
+      targetPort: 500
+      protocol: UDP
+    #- port: 22
+    #  name: ssh
+    #  targetPort: 22
+    #  protocol: TCP
+    - port: 443
+      name: https
+      targetPort: 443
+      protocol: TCP
+  selector:
+    kubevirt.io/domain: fortigate-ksd

firewall-s3/test-connectivity/network-definitions/lan.yaml

@@ -0,0 +1,20 @@
+# apiVersion: "k8s.cni.cncf.io/v1"
+# kind: NetworkAttachmentDefinition
+# metadata:
+#   name: lan-net
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   config: '{
+#     "cniVersion": "0.3.1",
+#     "type": "bridge",
+#     "bridge": "br-lan",
+#     "ipam": {
+#       "type": "static",
+#       "addresses": [
+#         {
+#           "address": "172.168.100.2/24",
+#           "gateway": "172.168.100.1"
+#         }
+#       ]
+#     }
+#   }'

firewall-s3/test-connectivity/network-definitions/mgmt.yaml

@@ -0,0 +1,20 @@
+# apiVersion: "k8s.cni.cncf.io/v1"
+# kind: NetworkAttachmentDefinition
+# metadata:
+#   name: mgmt-net
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   config: '{
+#     "cniVersion": "0.3.1",
+#     "type": "bridge",
+#     "bridge": "br-mgmt",
+#     "ipam": {
+#       "type": "static",
+#       "addresses": [
+#         {
+#           "address": "192.168.10.100/24",
+#           "gateway": "192.168.10.1"
+#         }
+#       ]
+#     }
+#   }'

firewall-s3/test-connectivity/vm/fortigate.yaml

@@ -0,0 +1,77 @@
+# apiVersion: kubevirt.io/v1
+# kind: VirtualMachine
+# metadata:
+#   name: fortigate-ksd
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   dataVolumeTemplates:
+#     - metadata:
+#         name: fortigate-rootdisk-ksd
+#       spec:
+#         source:
+#           http:
+#             url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2"
+#             #secretRef: s3-virt-credentials
+#         storage:
+#           resources:
+#             requests:
+#               storage: 30Gi
+#   runStrategy: Always
+#   template:
+#     metadata:
+#       labels:
+#         kubevirt.io/domain: fortigate-ksd
+#     spec:
+#       domain:
+#         cpu:
+#           cores: 1
+#         memory:
+#           guest: 2Gi
+#         features:
+#           acpi: {}
+#           smm:
+#             enabled: true
+#         firmware:
+#           bootloader:
+#             efi:
+#               secureBoot: false
+#         devices:
+#           rng: {}
+#           networkInterfaceMultiqueue: true
+#           interfaces:
+#             - name: wan
+#               masquerade: {}
+#               ports:
+#               - port: 4500
+#               - port: 443
+#               - port: 22
+#               - port: 500
+#             - name: mgmt
+#               bridge: {}
+#             - name: lan
+#               bridge: {}
+#           disks:
+#             - disk:
+#                 bus: sata
+#               name: rootdisk
+#         resources:
+#           requests:
+#             memory: 2Gi
+#             cpu: 1
+#           limits:
+#             memory: 2Gi
+#             cpu: 1
+#       networks:
+#         - name: wan
+#           pod: {}
+#         - name: mgmt
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/mgmt-net
+#         - name: lan
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/lan-net
+#       terminationGracePeriodSeconds: 180
+#       volumes:
+#         - name: rootdisk
+#           dataVolume:
+#             name: fortigate-rootdisk-ksd

firewall-s3/test-connectivity/vm/strongswan.yaml

@@ -0,0 +1,73 @@
+# apiVersion: kubevirt.io/v1
+# kind: VirtualMachine
+# metadata:
+#   name: strongswan
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   running: true
+#   template:
+#     metadata:
+#       labels:
+#         kubevirt.io/domain: strongswan
+#     spec:
+#       domain:
+#         cpu:
+#           cores: 2
+#         resources:
+#           requests:
+#             memory: 2Gi
+#             cpu: 1
+#           limits:
+#             memory: 2Gi
+#             cpu: 2
+#         memory:
+#           guest: 2Gi
+#         devices:
+#           rng: {}
+#           networkInterfaceMultiqueue: true
+#           disks:
+#             - name: containerdisk
+#               disk:
+#                 bus: virtio
+#             - name: cloudinitdisk
+#               disk:
+#                 bus: virtio
+#           interfaces:
+#             - name: wan
+#               masquerade: {}
+#               ports:
+#                 - port: 4500
+#                 - port: 443
+#                 - port: 22
+#                 - port: 500
+#             - name: mgmt
+#               bridge: {}
+#             - name: lan
+#               bridge: {}
+#       networks:
+#         - name: wan
+#           pod: {}
+#         - name: mgmt
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/mgmt-net
+#         - name: lan
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/lan-net
+#       terminationGracePeriodSeconds: 180
+#       volumes:
+#         - name: containerdisk
+#           containerDisk:
+#             image: quay.io/containerdisks/ubuntu:22.04
+#         - name: cloudinitdisk
+#           cloudInitNoCloud:
+#             userData: |
+#               #cloud-config
+#               users:
+#                 - name: testuser
+#                   groups: [sudo]
+#                   sudo: "ALL=(ALL) NOPASSWD:ALL"
+#                   lock_passwd: false
+#                   passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
+#               chpasswd:
+#                 expire: false
+#               ssh_pwauth: true