diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml new file mode 100644 index 0000000..827133e --- /dev/null +++ b/firewall-s3/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall-s3 + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml new file mode 100644 index 0000000..fd0a1db --- /dev/null +++ b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb-test + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + #- port: 22 + # name: ssh + # targetPort: 22 + # protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/test-connectivity/network-definitions/lan.yaml b/firewall-s3/test-connectivity/network-definitions/lan.yaml new file mode 100644 index 0000000..1c32a21 --- /dev/null +++ b/firewall-s3/test-connectivity/network-definitions/lan.yaml @@ -0,0 +1,20 @@ +# apiVersion: "k8s.cni.cncf.io/v1" +# kind: NetworkAttachmentDefinition +# metadata: +# name: lan-net +# namespace: ${TENANT_NAMESPACE} +# spec: +# config: '{ +# "cniVersion": "0.3.1", +# "type": "bridge", +# "bridge": "br-lan", +# "ipam": { +# "type": "static", +# "addresses": [ +# { +# "address": "172.168.100.2/24", +# "gateway": "172.168.100.1" +# } +# ] +# } +# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/network-definitions/mgmt.yaml b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml new file mode 100644 index 0000000..1f18275 --- /dev/null +++ b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml @@ -0,0 +1,20 @@ +# apiVersion: "k8s.cni.cncf.io/v1" +# kind: NetworkAttachmentDefinition +# metadata: +# name: mgmt-net +# namespace: ${TENANT_NAMESPACE} +# spec: +# config: '{ +# "cniVersion": "0.3.1", +# "type": "bridge", +# "bridge": "br-mgmt", +# "ipam": { +# "type": "static", +# "addresses": [ +# { +# "address": "192.168.10.100/24", +# "gateway": "192.168.10.1" +# } +# ] +# } +# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/fortigate.yaml b/firewall-s3/test-connectivity/vm/fortigate.yaml new file mode 100644 index 0000000..d1d61bf --- /dev/null +++ b/firewall-s3/test-connectivity/vm/fortigate.yaml @@ -0,0 +1,77 @@ +# apiVersion: kubevirt.io/v1 +# kind: VirtualMachine +# metadata: +# name: fortigate-ksd +# namespace: ${TENANT_NAMESPACE} +# spec: +# dataVolumeTemplates: +# - metadata: +# name: fortigate-rootdisk-ksd +# spec: +# source: +# http: +# url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" +# #secretRef: s3-virt-credentials +# storage: +# resources: +# requests: +# storage: 30Gi +# runStrategy: Always +# template: +# metadata: +# labels: +# kubevirt.io/domain: fortigate-ksd +# spec: +# domain: +# cpu: +# cores: 1 +# memory: +# guest: 2Gi +# features: +# acpi: {} +# smm: +# enabled: true +# firmware: +# bootloader: +# efi: +# secureBoot: false +# devices: +# rng: {} +# networkInterfaceMultiqueue: true +# interfaces: +# - name: wan +# masquerade: {} +# ports: +# - port: 4500 +# - port: 443 +# - port: 22 +# - port: 500 +# - name: mgmt +# bridge: {} +# - name: lan +# bridge: {} +# disks: +# - disk: +# bus: sata +# name: rootdisk +# resources: +# requests: +# memory: 2Gi +# cpu: 1 +# limits: +# memory: 2Gi +# cpu: 1 +# networks: +# - name: wan +# pod: {} +# - name: mgmt +# multus: +# networkName: ${TENANT_NAMESPACE}/mgmt-net +# - name: lan +# multus: +# networkName: ${TENANT_NAMESPACE}/lan-net +# terminationGracePeriodSeconds: 180 +# volumes: +# - name: rootdisk +# dataVolume: +# name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/strongswan.yaml b/firewall-s3/test-connectivity/vm/strongswan.yaml new file mode 100644 index 0000000..f982232 --- /dev/null +++ b/firewall-s3/test-connectivity/vm/strongswan.yaml @@ -0,0 +1,73 @@ +# apiVersion: kubevirt.io/v1 +# kind: VirtualMachine +# metadata: +# name: strongswan +# namespace: ${TENANT_NAMESPACE} +# spec: +# running: true +# template: +# metadata: +# labels: +# kubevirt.io/domain: strongswan +# spec: +# domain: +# cpu: +# cores: 2 +# resources: +# requests: +# memory: 2Gi +# cpu: 1 +# limits: +# memory: 2Gi +# cpu: 2 +# memory: +# guest: 2Gi +# devices: +# rng: {} +# networkInterfaceMultiqueue: true +# disks: +# - name: containerdisk +# disk: +# bus: virtio +# - name: cloudinitdisk +# disk: +# bus: virtio +# interfaces: +# - name: wan +# masquerade: {} +# ports: +# - port: 4500 +# - port: 443 +# - port: 22 +# - port: 500 +# - name: mgmt +# bridge: {} +# - name: lan +# bridge: {} +# networks: +# - name: wan +# pod: {} +# - name: mgmt +# multus: +# networkName: ${TENANT_NAMESPACE}/mgmt-net +# - name: lan +# multus: +# networkName: ${TENANT_NAMESPACE}/lan-net +# terminationGracePeriodSeconds: 180 +# volumes: +# - name: containerdisk +# containerDisk: +# image: quay.io/containerdisks/ubuntu:22.04 +# - name: cloudinitdisk +# cloudInitNoCloud: +# userData: | +# #cloud-config +# users: +# - name: testuser +# groups: [sudo] +# sudo: "ALL=(ALL) NOPASSWD:ALL" +# lock_passwd: false +# passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" +# chpasswd: +# expire: false +# ssh_pwauth: true \ No newline at end of file diff --git a/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml b/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml new file mode 100644 index 0000000..00ea2c3 --- /dev/null +++ b/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + #- port: 22 + # name: ssh + # targetPort: 22 + # protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/vm/ksd/network-definitions/lan.yaml b/firewall-s3/vm/ksd/network-definitions/lan.yaml new file mode 100644 index 0000000..ccc343b --- /dev/null +++ b/firewall-s3/vm/ksd/network-definitions/lan.yaml @@ -0,0 +1,20 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: lan-net + namespace: ${TENANT_NAMESPACE} +spec: + config: '{ + "cniVersion": "0.3.1", + "type": "bridge", + "bridge": "br-lan", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "172.168.100.2/24", + "gateway": "172.168.100.1" + } + ] + } + }' \ No newline at end of file diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml new file mode 100644 index 0000000..7be17a8 --- /dev/null +++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml @@ -0,0 +1,20 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: mgmt-net + namespace: ${TENANT_NAMESPACE} +spec: + config: '{ + "cniVersion": "0.3.1", + "type": "bridge", + "bridge": "br-mgmt", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "192.168.10.100/24", + "gateway": "192.168.10.1" + } + ] + } + }' \ No newline at end of file diff --git a/firewall-s3/vm/ksd/vm/fortigate.yaml b/firewall-s3/vm/ksd/vm/fortigate.yaml new file mode 100644 index 0000000..83562dd --- /dev/null +++ b/firewall-s3/vm/ksd/vm/fortigate.yaml @@ -0,0 +1,77 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate-ksd + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk-ksd + spec: + source: + http: + url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" + #secretRef: s3-virt-credentials + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate-ksd + spec: + domain: + cpu: + cores: 1 + memory: + guest: 2Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: false + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: wan + masquerade: {} + ports: + - port: 4500 + - port: 443 + - port: 22 + - port: 500 + - name: mgmt + bridge: {} + - name: lan + bridge: {} + disks: + - disk: + bus: sata + name: rootdisk + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 1 + networks: + - name: wan + pod: {} + - name: mgmt + multus: + networkName: ${TENANT_NAMESPACE}/mgmt-net + - name: lan + multus: + networkName: ${TENANT_NAMESPACE}/lan-net + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/firewall-s3/vm/ksd/vm/strongswan.yaml b/firewall-s3/vm/ksd/vm/strongswan.yaml new file mode 100644 index 0000000..8ef5371 --- /dev/null +++ b/firewall-s3/vm/ksd/vm/strongswan.yaml @@ -0,0 +1,73 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: strongswan + namespace: ${TENANT_NAMESPACE} +spec: + running: true + template: + metadata: + labels: + kubevirt.io/domain: strongswan + spec: + domain: + cpu: + cores: 2 + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 + memory: + guest: 2Gi + devices: + rng: {} + networkInterfaceMultiqueue: true + disks: + - name: containerdisk + disk: + bus: virtio + - name: cloudinitdisk + disk: + bus: virtio + interfaces: + - name: wan + masquerade: {} + ports: + - port: 4500 + - port: 443 + - port: 22 + - port: 500 + - name: mgmt + bridge: {} + - name: lan + bridge: {} + networks: + - name: wan + pod: {} + - name: mgmt + multus: + networkName: ${TENANT_NAMESPACE}/mgmt-net + - name: lan + multus: + networkName: ${TENANT_NAMESPACE}/lan-net + terminationGracePeriodSeconds: 180 + volumes: + - name: containerdisk + containerDisk: + image: quay.io/containerdisks/ubuntu:24.04 + - name: cloudinitdisk + cloudInitNoCloud: + userData: | + #cloud-config + users: + - name: testuser + groups: [sudo] + sudo: "ALL=(ALL) NOPASSWD:ALL" + lock_passwd: false + passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" + chpasswd: + expire: false + ssh_pwauth: true \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index ca06816..8aec8be 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -3,6 +3,14 @@ kind: Kustomization resources: - vars/ks.yaml - repos/ks.yaml + - network/ks-lb.yaml + - firewall/ks-vm.yaml + - firewall-dev/ks-vm.yaml + - firewall-s3/ks-vm.yaml + - windows-vm-standard/ks-vm.yaml + - windows-vm-standard/ks-pvc.yaml + - windows-vm-standard-dev/ks-vm.yaml + - windows-vm-standard-dev/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml - container/ks-debug.yaml diff --git a/network/ks-lb.yaml b/network/ks-lb.yaml new file mode 100644 index 0000000..25ae3ef --- /dev/null +++ b/network/ks-lb.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app lb + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./network/loadbalancers + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/network/loadbalancers/fortigate-lb.yaml b/network/loadbalancers/fortigate-lb.yaml new file mode 100644 index 0000000..13f8eae --- /dev/null +++ b/network/loadbalancers/fortigate-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + - port: 22 + name: ssh + targetPort: 22 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-s3 \ No newline at end of file diff --git a/network/loadbalancers/windows-lb.yaml b/network/loadbalancers/windows-lb.yaml new file mode 100644 index 0000000..3a20507 --- /dev/null +++ b/network/loadbalancers/windows-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: windows-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: windows-lb +spec: + type: LoadBalancer + ports: + - port: 8080 + name: http + targetPort: 8080 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + - port: 65022 + name: ssh + targetPort: 22 + protocol: TCP + - port: 3389 + name: rdp + targetPort: 3389 + protocol: TCP + selector: + kubevirt.io/domain: windows-vm-standard diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 2822a7e..0937d41 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -17,11 +17,10 @@ spec: values: service: type: ClusterIP - ports: - http: 8080 ingress: enabled: true - hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud + hostname: nginx.${TENANT_DOMAIN} + ingressClassName: external extraVolumes: - name: ${TENANT_NAMESPACE}-image-storage persistentVolumeClaim: diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml index 9e4793b..70bacca 100644 --- a/templates/windowsserver-rh/flavor/small.yaml +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -77,7 +77,7 @@ objects: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/win2022.qcow2 + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 pvc: accessModes: - ReadWriteOnce diff --git a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml index af8a38c..0591d23 100644 --- a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml @@ -33,16 +33,18 @@ spec: volumes: - name: containerdisk containerDisk: - image: quay.io/containerdisks/ubuntu:22.04 + image: quay.io/containerdisks/ubuntu:24.04 - name: cloudinitdisk cloudInitNoCloud: userData: | #cloud-config - hostname: ubuntu-vm-1 - ssh_pwauth: True users: - - name: ubuntu - ssh-authorized-keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu - sudo: ['ALL=(ALL) NOPASSWD:ALL'] - shell: /bin/bash \ No newline at end of file + - name: testuser + groups: [sudo] + sudo: "ALL=(ALL) NOPASSWD:ALL" + lock_passwd: false + passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" + + chpasswd: + expire: false + ssh_pwauth: true \ No newline at end of file diff --git a/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml index 78e909a..85e3a0d 100644 --- a/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml @@ -33,7 +33,7 @@ spec: volumes: - name: containerdisk containerDisk: - image: quay.io/containerdisks/ubuntu:22.04 + image: quay.io/containerdisks/ubuntu:24.04 - name: cloudinitdisk cloudInitNoCloud: userData: | diff --git a/vars/demo/s3-secret.yaml b/vars/demo/s3-secret.yaml new file mode 100644 index 0000000..d47fd4a --- /dev/null +++ b/vars/demo/s3-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-virt-credentials + namespace: ${TENANT_NAMESPACE} +type: Opaque +data: + accessKeyId: WWozQTdUdHgzbjNOa3NsS2VodzM= + secretKey: SUZJRWtSbnJnWDRPcnlNWmtSSjlheG41UlpnSTZhMjBvVW82Tm1lRA== \ No newline at end of file diff --git a/windows-vm-standard-dev/ks-pvc.yaml b/windows-vm-standard-dev/ks-pvc.yaml new file mode 100644 index 0000000..4602a8e --- /dev/null +++ b/windows-vm-standard-dev/ks-pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-pvc-dev + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-dev/pvc + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-dev/ks-vm.yaml b/windows-vm-standard-dev/ks-vm.yaml new file mode 100644 index 0000000..c9fb291 --- /dev/null +++ b/windows-vm-standard-dev/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-standard-dev + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-dev/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-dev/pvc/datadisk.yaml b/windows-vm-standard-dev/pvc/datadisk.yaml new file mode 100644 index 0000000..86461b8 --- /dev/null +++ b/windows-vm-standard-dev/pvc/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-vm-datadisk-dev +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Gi diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml new file mode 100644 index 0000000..df3b980 --- /dev/null +++ b/windows-vm-standard-dev/vm/server.yaml @@ -0,0 +1,83 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard-dev + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: windows-rootdisk-dev + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + storage: + resources: + requests: + storage: 80Gi + sourceRef: + kind: DataSource + name: win2k22 + namespace: kubevirt-os-images + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: windows-vm-standard-dev + spec: + domain: + cpu: + cores: 4 + memory: + guest: 8Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: true + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: + - disk: + bus: sata + name: rootdisk-dev + - disk: + bus: sata + name: datadisk-dev + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk-dev + dataVolume: + name: windows-rootdisk-dev + - name: datadisk-dev + persistentVolumeClaim: + claimName: windows-vm-datadisk-dev + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init diff --git a/windows-vm-standard/ks-pvc.yaml b/windows-vm-standard/ks-pvc.yaml new file mode 100644 index 0000000..62a22e6 --- /dev/null +++ b/windows-vm-standard/ks-pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-pvc + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard/pvc + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard/ks-vm.yaml b/windows-vm-standard/ks-vm.yaml new file mode 100644 index 0000000..3243954 --- /dev/null +++ b/windows-vm-standard/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-standard + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard/pvc/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml new file mode 100644 index 0000000..80074c7 --- /dev/null +++ b/windows-vm-standard/pvc/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-vm-datadisk +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Gi diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml new file mode 100644 index 0000000..8e381e4 --- /dev/null +++ b/windows-vm-standard/vm/server.yaml @@ -0,0 +1,82 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: windows-rootdisk + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + storage: + resources: + requests: + storage: 80Gi + sourceRef: + kind: DataSource + name: win2k22 + namespace: kubevirt-os-images + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: windows-vm-standard + spec: + domain: + cpu: + cores: 4 + memory: + guest: 8Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: + - disk: + bus: sata + name: rootdisk + - disk: + bus: sata + name: datadisk + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: windows-rootdisk + - name: datadisk + persistentVolumeClaim: + claimName: windows-vm-datadisk + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init