From 5399f6c817ac717ec7c573ec5569f2665e6c882d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Jun 2025 17:01:02 +0000 Subject: [PATCH 1/4] feat(docker-image)!: Update nginx Docker tag to v21 --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 2822a7e..776a8ea 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: nginx - version: 19.1.1 + version: 21.0.3 sourceRef: kind: HelmRepository name: bitnami From eeaece034fa600849b888dae0e87208f0f7608fc Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 2 Jul 2025 15:18:01 +0200 Subject: [PATCH 2/4] added s3 secret base64 encoded and S3 Firewall --- firewall-s3/ks-vm.yaml | 18 ++++++++++ firewall-s3/vm/fortigate.yaml | 66 +++++++++++++++++++++++++++++++++++ kustomization.yaml | 1 + vars/demo/s3-secret.yaml | 9 +++++ 4 files changed, 94 insertions(+) create mode 100644 firewall-s3/ks-vm.yaml create mode 100644 firewall-s3/vm/fortigate.yaml create mode 100644 vars/demo/s3-secret.yaml diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml new file mode 100644 index 0000000..a365abc --- /dev/null +++ b/firewall-s3/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall-s3/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml new file mode 100644 index 0000000..422038c --- /dev/null +++ b/firewall-s3/vm/fortigate.yaml @@ -0,0 +1,66 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk-s3 + spec: + source: + http: + url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 + secretRef: + name: s3-virt-credentials + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate-s3 + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: true + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 443 + - port: 22 + disks: + - disk: + bus: sata + name: rootdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk-s3 \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index 3214af5..8aec8be 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,7 @@ resources: - network/ks-lb.yaml - firewall/ks-vm.yaml - firewall-dev/ks-vm.yaml + - firewall-s3/ks-vm.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml diff --git a/vars/demo/s3-secret.yaml b/vars/demo/s3-secret.yaml new file mode 100644 index 0000000..d47fd4a --- /dev/null +++ b/vars/demo/s3-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-virt-credentials + namespace: ${TENANT_NAMESPACE} +type: Opaque +data: + accessKeyId: WWozQTdUdHgzbjNOa3NsS2VodzM= + secretKey: SUZJRWtSbnJnWDRPcnlNWmtSSjlheG41UlpnSTZhMjBvVW82Tm1lRA== \ No newline at end of file From 98ee757f94d24083b5c87ca9a417644306c724a6 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 2 Jul 2025 15:39:53 +0200 Subject: [PATCH 3/4] changed secret reference to Old CDI format --- firewall-s3/vm/fortigate.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 422038c..91352bc 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -11,8 +11,7 @@ spec: source: http: url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 - secretRef: - name: s3-virt-credentials + secretRef: s3-virt-credentials storage: resources: requests: From 7fb5dbba0ffc36ef2a031ea51d82dcc26782e264 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 2 Jul 2025 15:06:32 +0000 Subject: [PATCH 4/4] feat(docker-image)!: Update nginx Docker tag to v21 --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 2822a7e..776a8ea 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: nginx - version: 19.1.1 + version: 21.0.3 sourceRef: kind: HelmRepository name: bitnami