generated from phoenix-oss/tenant-tpl
added s3 secret base64 encoded and S3 Firewall
This commit is contained in:
parent
d5f8404835
commit
eeaece034f
4 changed files with 94 additions and 0 deletions
18
firewall-s3/ks-vm.yaml
Normal file
18
firewall-s3/ks-vm.yaml
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &app fortigate-s3
|
||||||
|
namespace: ${TENANT_NAMESPACE}
|
||||||
|
spec:
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
|
path: ./firewall-s3/vm
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: tenant-repos
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
66
firewall-s3/vm/fortigate.yaml
Normal file
66
firewall-s3/vm/fortigate.yaml
Normal file
|
|
@ -0,0 +1,66 @@
|
||||||
|
apiVersion: kubevirt.io/v1
|
||||||
|
kind: VirtualMachine
|
||||||
|
metadata:
|
||||||
|
name: fortigate-s3
|
||||||
|
namespace: ${TENANT_NAMESPACE}
|
||||||
|
spec:
|
||||||
|
dataVolumeTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: fortigate-rootdisk-s3
|
||||||
|
spec:
|
||||||
|
source:
|
||||||
|
http:
|
||||||
|
url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2
|
||||||
|
secretRef:
|
||||||
|
name: s3-virt-credentials
|
||||||
|
storage:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 30Gi
|
||||||
|
runStrategy: Always
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
kubevirt.io/domain: fortigate-s3
|
||||||
|
spec:
|
||||||
|
domain:
|
||||||
|
cpu:
|
||||||
|
cores: 2
|
||||||
|
memory:
|
||||||
|
guest: 4Gi
|
||||||
|
features:
|
||||||
|
acpi: {}
|
||||||
|
smm:
|
||||||
|
enabled: true
|
||||||
|
firmware:
|
||||||
|
bootloader:
|
||||||
|
efi:
|
||||||
|
secureBoot: true
|
||||||
|
devices:
|
||||||
|
rng: {}
|
||||||
|
networkInterfaceMultiqueue: true
|
||||||
|
interfaces:
|
||||||
|
- name: default
|
||||||
|
masquerade: {}
|
||||||
|
ports:
|
||||||
|
- port: 443
|
||||||
|
- port: 22
|
||||||
|
disks:
|
||||||
|
- disk:
|
||||||
|
bus: sata
|
||||||
|
name: rootdisk
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: 4Gi
|
||||||
|
cpu: 2
|
||||||
|
limits:
|
||||||
|
memory: 4Gi
|
||||||
|
cpu: 2
|
||||||
|
networks:
|
||||||
|
- name: default
|
||||||
|
pod: {}
|
||||||
|
terminationGracePeriodSeconds: 180
|
||||||
|
volumes:
|
||||||
|
- name: rootdisk
|
||||||
|
dataVolume:
|
||||||
|
name: fortigate-rootdisk-s3
|
||||||
|
|
@ -6,6 +6,7 @@ resources:
|
||||||
- network/ks-lb.yaml
|
- network/ks-lb.yaml
|
||||||
- firewall/ks-vm.yaml
|
- firewall/ks-vm.yaml
|
||||||
- firewall-dev/ks-vm.yaml
|
- firewall-dev/ks-vm.yaml
|
||||||
|
- firewall-s3/ks-vm.yaml
|
||||||
- windows-vm-standard/ks-vm.yaml
|
- windows-vm-standard/ks-vm.yaml
|
||||||
- windows-vm-standard/ks-pvc.yaml
|
- windows-vm-standard/ks-pvc.yaml
|
||||||
- windows-vm-standard-dev/ks-vm.yaml
|
- windows-vm-standard-dev/ks-vm.yaml
|
||||||
|
|
|
||||||
9
vars/demo/s3-secret.yaml
Normal file
9
vars/demo/s3-secret.yaml
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: s3-virt-credentials
|
||||||
|
namespace: ${TENANT_NAMESPACE}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
accessKeyId: WWozQTdUdHgzbjNOa3NsS2VodzM=
|
||||||
|
secretKey: SUZJRWtSbnJnWDRPcnlNWmtSSjlheG41UlpnSTZhMjBvVW82Tm1lRA==
|
||||||
Loading…
Add table
Add a link
Reference in a new issue