From eeaece034fa600849b888dae0e87208f0f7608fc Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 2 Jul 2025 15:18:01 +0200 Subject: [PATCH] added s3 secret base64 encoded and S3 Firewall --- firewall-s3/ks-vm.yaml | 18 ++++++++++ firewall-s3/vm/fortigate.yaml | 66 +++++++++++++++++++++++++++++++++++ kustomization.yaml | 1 + vars/demo/s3-secret.yaml | 9 +++++ 4 files changed, 94 insertions(+) create mode 100644 firewall-s3/ks-vm.yaml create mode 100644 firewall-s3/vm/fortigate.yaml create mode 100644 vars/demo/s3-secret.yaml diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml new file mode 100644 index 0000000..a365abc --- /dev/null +++ b/firewall-s3/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall-s3/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml new file mode 100644 index 0000000..422038c --- /dev/null +++ b/firewall-s3/vm/fortigate.yaml @@ -0,0 +1,66 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk-s3 + spec: + source: + http: + url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 + secretRef: + name: s3-virt-credentials + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate-s3 + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: true + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 443 + - port: 22 + disks: + - disk: + bus: sata + name: rootdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk-s3 \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index 3214af5..8aec8be 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,7 @@ resources: - network/ks-lb.yaml - firewall/ks-vm.yaml - firewall-dev/ks-vm.yaml + - firewall-s3/ks-vm.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml diff --git a/vars/demo/s3-secret.yaml b/vars/demo/s3-secret.yaml new file mode 100644 index 0000000..d47fd4a --- /dev/null +++ b/vars/demo/s3-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-virt-credentials + namespace: ${TENANT_NAMESPACE} +type: Opaque +data: + accessKeyId: WWozQTdUdHgzbjNOa3NsS2VodzM= + secretKey: SUZJRWtSbnJnWDRPcnlNWmtSSjlheG41UlpnSTZhMjBvVW82Tm1lRA== \ No newline at end of file