From c84c1fcd788476ff1d39635753c3c8d17dc8b3f6 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 13:02:04 +0200 Subject: [PATCH] Add test-connectivity --- .../loadbalancers/fortigate-wan.yaml | 30 ++++++++ .../network-definitions/lan.yaml | 20 +++++ .../network-definitions/mgmt.yaml | 20 +++++ .../test-connectivity/vm/fortigate.yaml | 77 +++++++++++++++++++ .../test-connectivity/vm/strongswan.yaml | 73 ++++++++++++++++++ 5 files changed, 220 insertions(+) create mode 100644 firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml create mode 100644 firewall-s3/test-connectivity/network-definitions/lan.yaml create mode 100644 firewall-s3/test-connectivity/network-definitions/mgmt.yaml create mode 100644 firewall-s3/test-connectivity/vm/fortigate.yaml create mode 100644 firewall-s3/test-connectivity/vm/strongswan.yaml diff --git a/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml new file mode 100644 index 0000000..fd0a1db --- /dev/null +++ b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb-test + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + #- port: 22 + # name: ssh + # targetPort: 22 + # protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/test-connectivity/network-definitions/lan.yaml b/firewall-s3/test-connectivity/network-definitions/lan.yaml new file mode 100644 index 0000000..1c32a21 --- /dev/null +++ b/firewall-s3/test-connectivity/network-definitions/lan.yaml @@ -0,0 +1,20 @@ +# apiVersion: "k8s.cni.cncf.io/v1" +# kind: NetworkAttachmentDefinition +# metadata: +# name: lan-net +# namespace: ${TENANT_NAMESPACE} +# spec: +# config: '{ +# "cniVersion": "0.3.1", +# "type": "bridge", +# "bridge": "br-lan", +# "ipam": { +# "type": "static", +# "addresses": [ +# { +# "address": "172.168.100.2/24", +# "gateway": "172.168.100.1" +# } +# ] +# } +# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/network-definitions/mgmt.yaml b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml new file mode 100644 index 0000000..1f18275 --- /dev/null +++ b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml @@ -0,0 +1,20 @@ +# apiVersion: "k8s.cni.cncf.io/v1" +# kind: NetworkAttachmentDefinition +# metadata: +# name: mgmt-net +# namespace: ${TENANT_NAMESPACE} +# spec: +# config: '{ +# "cniVersion": "0.3.1", +# "type": "bridge", +# "bridge": "br-mgmt", +# "ipam": { +# "type": "static", +# "addresses": [ +# { +# "address": "192.168.10.100/24", +# "gateway": "192.168.10.1" +# } +# ] +# } +# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/fortigate.yaml b/firewall-s3/test-connectivity/vm/fortigate.yaml new file mode 100644 index 0000000..d1d61bf --- /dev/null +++ b/firewall-s3/test-connectivity/vm/fortigate.yaml @@ -0,0 +1,77 @@ +# apiVersion: kubevirt.io/v1 +# kind: VirtualMachine +# metadata: +# name: fortigate-ksd +# namespace: ${TENANT_NAMESPACE} +# spec: +# dataVolumeTemplates: +# - metadata: +# name: fortigate-rootdisk-ksd +# spec: +# source: +# http: +# url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" +# #secretRef: s3-virt-credentials +# storage: +# resources: +# requests: +# storage: 30Gi +# runStrategy: Always +# template: +# metadata: +# labels: +# kubevirt.io/domain: fortigate-ksd +# spec: +# domain: +# cpu: +# cores: 1 +# memory: +# guest: 2Gi +# features: +# acpi: {} +# smm: +# enabled: true +# firmware: +# bootloader: +# efi: +# secureBoot: false +# devices: +# rng: {} +# networkInterfaceMultiqueue: true +# interfaces: +# - name: wan +# masquerade: {} +# ports: +# - port: 4500 +# - port: 443 +# - port: 22 +# - port: 500 +# - name: mgmt +# bridge: {} +# - name: lan +# bridge: {} +# disks: +# - disk: +# bus: sata +# name: rootdisk +# resources: +# requests: +# memory: 2Gi +# cpu: 1 +# limits: +# memory: 2Gi +# cpu: 1 +# networks: +# - name: wan +# pod: {} +# - name: mgmt +# multus: +# networkName: ${TENANT_NAMESPACE}/mgmt-net +# - name: lan +# multus: +# networkName: ${TENANT_NAMESPACE}/lan-net +# terminationGracePeriodSeconds: 180 +# volumes: +# - name: rootdisk +# dataVolume: +# name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/strongswan.yaml b/firewall-s3/test-connectivity/vm/strongswan.yaml new file mode 100644 index 0000000..f982232 --- /dev/null +++ b/firewall-s3/test-connectivity/vm/strongswan.yaml @@ -0,0 +1,73 @@ +# apiVersion: kubevirt.io/v1 +# kind: VirtualMachine +# metadata: +# name: strongswan +# namespace: ${TENANT_NAMESPACE} +# spec: +# running: true +# template: +# metadata: +# labels: +# kubevirt.io/domain: strongswan +# spec: +# domain: +# cpu: +# cores: 2 +# resources: +# requests: +# memory: 2Gi +# cpu: 1 +# limits: +# memory: 2Gi +# cpu: 2 +# memory: +# guest: 2Gi +# devices: +# rng: {} +# networkInterfaceMultiqueue: true +# disks: +# - name: containerdisk +# disk: +# bus: virtio +# - name: cloudinitdisk +# disk: +# bus: virtio +# interfaces: +# - name: wan +# masquerade: {} +# ports: +# - port: 4500 +# - port: 443 +# - port: 22 +# - port: 500 +# - name: mgmt +# bridge: {} +# - name: lan +# bridge: {} +# networks: +# - name: wan +# pod: {} +# - name: mgmt +# multus: +# networkName: ${TENANT_NAMESPACE}/mgmt-net +# - name: lan +# multus: +# networkName: ${TENANT_NAMESPACE}/lan-net +# terminationGracePeriodSeconds: 180 +# volumes: +# - name: containerdisk +# containerDisk: +# image: quay.io/containerdisks/ubuntu:22.04 +# - name: cloudinitdisk +# cloudInitNoCloud: +# userData: | +# #cloud-config +# users: +# - name: testuser +# groups: [sudo] +# sudo: "ALL=(ALL) NOPASSWD:ALL" +# lock_passwd: false +# passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" +# chpasswd: +# expire: false +# ssh_pwauth: true \ No newline at end of file