From 5e984efce512bd6840f9715d6a0cb5b3a0d6d006 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Apr 2025 16:44:37 +0200 Subject: [PATCH 001/131] deleted storageclass --- templates/image-server/pvc/image-storage.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/image-server/pvc/image-storage.yaml b/templates/image-server/pvc/image-storage.yaml index b3d7960..98e3875 100644 --- a/templates/image-server/pvc/image-storage.yaml +++ b/templates/image-server/pvc/image-storage.yaml @@ -8,5 +8,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 120Gi - storageClassName: ocs-storagecluster-ceph-rbd \ No newline at end of file + storage: 120Gi \ No newline at end of file From 745243103e0e8556123f3557ba09c182d2e890a1 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Apr 2025 16:59:56 +0200 Subject: [PATCH 002/131] Changed interval rate --- repos/helm/bitnami.yaml | 2 +- templates/image-server/nginx/helmrelease.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/repos/helm/bitnami.yaml b/repos/helm/bitnami.yaml index ee7cb0f..b9f3976 100644 --- a/repos/helm/bitnami.yaml +++ b/repos/helm/bitnami.yaml @@ -5,5 +5,5 @@ metadata: namespace: ${TENANT_NAMESPACE} spec: type: oci - interval: 5m + interval: 60m url: oci://registry-1.docker.io/bitnamicharts \ No newline at end of file diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index f50e1e9..c052d0a 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -5,11 +5,11 @@ metadata: namespace: ${TENANT_NAMESPACE} spec: serviceAccountName: ${TECHNICAL_ACCOUNT} - interval: 5m + interval: 10m chart: spec: chart: nginx - version: 20.0.0 + version: 19.1.1 sourceRef: kind: HelmRepository name: bitnami From 241d06efd4cddaa1e477370b11f1c7f9c80eb395 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Apr 2025 17:29:32 +0200 Subject: [PATCH 003/131] remove https --- templates/image-server/nginx/helmrelease.yaml | 4 ---- templates/windowsserver/dv/windows-1-dv.yaml | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index c052d0a..1e124b4 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -19,13 +19,9 @@ spec: type: ClusterIP ports: http: 80 - https: 443 ingress: enabled: true hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud - tls: - - hosts: - - nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud extraVolumes: - name: ${TENANT_NAMESPACE}-image-storage persistentVolumeClaim: diff --git a/templates/windowsserver/dv/windows-1-dv.yaml b/templates/windowsserver/dv/windows-1-dv.yaml index 4eec60f..af7a0dc 100644 --- a/templates/windowsserver/dv/windows-1-dv.yaml +++ b/templates/windowsserver/dv/windows-1-dv.yaml @@ -6,7 +6,7 @@ metadata: spec: source: http: - url: "http://nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud/windows-server-2022.qcow2" + url: "http://nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud/win2022.qcow2" pvc: accessModes: - ReadWriteOnce From 26244b5df8861ee2b9ad34eb8effe715d6b8d0ec Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Apr 2025 17:47:18 +0200 Subject: [PATCH 004/131] added http route --- kustomization.yaml | 1 + templates/image-server/ks-route.yaml | 18 ++++++++++++++++++ templates/image-server/route/http | 14 ++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 templates/image-server/ks-route.yaml create mode 100644 templates/image-server/route/http diff --git a/kustomization.yaml b/kustomization.yaml index ccaf633..4efce0c 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -8,5 +8,6 @@ resources: - ubuntu-vm-2/ks.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml + - templates/image-server/ks-route.yaml - templates/windowsserver/ks-dv.yaml - templates/windowsserver/ks-flavor.yaml \ No newline at end of file diff --git a/templates/image-server/ks-route.yaml b/templates/image-server/ks-route.yaml new file mode 100644 index 0000000..c3c4cf4 --- /dev/null +++ b/templates/image-server/ks-route.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app route + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./templates/image-server/route + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/templates/image-server/route/http b/templates/image-server/route/http new file mode 100644 index 0000000..f73ccf6 --- /dev/null +++ b/templates/image-server/route/http @@ -0,0 +1,14 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: nginx + namespace: ${TENANT_NAMESPACE} +spec: + to: + kind: Service + name: nginx + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow \ No newline at end of file From 47716185a0bf5d997153987919fc357888eaa2e8 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Apr 2025 17:56:17 +0200 Subject: [PATCH 005/131] changed port --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 1e124b4..673bfaf 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -18,7 +18,7 @@ spec: service: type: ClusterIP ports: - http: 80 + http: 8080 ingress: enabled: true hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud From 5cb908807878fc3dd3dc049934905c0a351eff29 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Apr 2025 18:21:58 +0200 Subject: [PATCH 006/131] forgot yaml extension --- templates/image-server/route/http.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 templates/image-server/route/http.yaml diff --git a/templates/image-server/route/http.yaml b/templates/image-server/route/http.yaml new file mode 100644 index 0000000..f73ccf6 --- /dev/null +++ b/templates/image-server/route/http.yaml @@ -0,0 +1,14 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: nginx + namespace: ${TENANT_NAMESPACE} +spec: + to: + kind: Service + name: nginx + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow \ No newline at end of file From 2eed2ca5cca0d4d51ba82abf6004fe49c29574f6 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Apr 2025 16:23:22 +0000 Subject: [PATCH 007/131] Delete templates/image-server/route/http --- templates/image-server/route/http | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 templates/image-server/route/http diff --git a/templates/image-server/route/http b/templates/image-server/route/http deleted file mode 100644 index f73ccf6..0000000 --- a/templates/image-server/route/http +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: nginx - namespace: ${TENANT_NAMESPACE} -spec: - to: - kind: Service - name: nginx - port: - targetPort: http - tls: - termination: edge - insecureEdgeTerminationPolicy: Allow \ No newline at end of file From 2e0fb83385cc82bfa36890a0b91d79ea9fc4b858 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Apr 2025 18:34:45 +0200 Subject: [PATCH 008/131] changed uri --- templates/windowsserver/dv/windows-1-dv.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver/dv/windows-1-dv.yaml b/templates/windowsserver/dv/windows-1-dv.yaml index af7a0dc..e1401ff 100644 --- a/templates/windowsserver/dv/windows-1-dv.yaml +++ b/templates/windowsserver/dv/windows-1-dv.yaml @@ -6,7 +6,7 @@ metadata: spec: source: http: - url: "http://nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud/win2022.qcow2" + url: "https://nginx-demo.apps.ai-2.kvant.cloud/win2022.qcow2" pvc: accessModes: - ReadWriteOnce From 9147a76b4ff367a66127c506ae65f4bcff675b33 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Apr 2025 19:49:51 +0200 Subject: [PATCH 009/131] specify port instead of protocol --- templates/image-server/route/http.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/route/http.yaml b/templates/image-server/route/http.yaml index f73ccf6..5588c19 100644 --- a/templates/image-server/route/http.yaml +++ b/templates/image-server/route/http.yaml @@ -8,7 +8,7 @@ spec: kind: Service name: nginx port: - targetPort: http + targetPort: 8080 tls: termination: edge insecureEdgeTerminationPolicy: Allow \ No newline at end of file From 42c3daf081dd5cfdd892fa4e7b50e7788bcde363 Mon Sep 17 00:00:00 2001 From: Angel Nunez Mencias Date: Thu, 1 May 2025 22:58:40 +0200 Subject: [PATCH 010/131] moved bjw-s helmrepository --- repos/helm/bjw-s.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/repos/helm/bjw-s.yaml b/repos/helm/bjw-s.yaml index 932c059..c635333 100644 --- a/repos/helm/bjw-s.yaml +++ b/repos/helm/bjw-s.yaml @@ -6,7 +6,6 @@ metadata: name: bjw-s namespace: ${TENANT_NAMESPACE}-ns spec: - type: oci interval: 5m - url: oci://ghcr.io/bjw-s/helm + url: https://bjw-s-labs.github.io/helm-charts From 7998d9e9a32b6c3abbb2ee9e5c6fcf918aa21899 Mon Sep 17 00:00:00 2001 From: Angel Nunez Mencias Date: Thu, 1 May 2025 23:09:44 +0200 Subject: [PATCH 011/131] fix bjw-s namespace --- repos/helm/bjw-s.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repos/helm/bjw-s.yaml b/repos/helm/bjw-s.yaml index c635333..90cdc7f 100644 --- a/repos/helm/bjw-s.yaml +++ b/repos/helm/bjw-s.yaml @@ -4,7 +4,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: bjw-s - namespace: ${TENANT_NAMESPACE}-ns + namespace: ${TENANT_NAMESPACE} spec: interval: 5m url: https://bjw-s-labs.github.io/helm-charts From 521eb0b8cc4dcbe6a79eff8856bfba05e979f4a0 Mon Sep 17 00:00:00 2001 From: Phoenix Date: Mon, 5 May 2025 11:45:29 +0200 Subject: [PATCH 012/131] keep pvc --- templates/image-server/pvc/image-storage.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/image-server/pvc/image-storage.yaml b/templates/image-server/pvc/image-storage.yaml index 98e3875..7af917f 100644 --- a/templates/image-server/pvc/image-storage.yaml +++ b/templates/image-server/pvc/image-storage.yaml @@ -3,9 +3,11 @@ kind: PersistentVolumeClaim metadata: name: ${TENANT_NAMESPACE}-image-storage namespace: ${TENANT_NAMESPACE} + annotations: + helm.sh/resource-policy: keep spec: accessModes: - ReadWriteOnce resources: requests: - storage: 120Gi \ No newline at end of file + storage: 120Gi From 6b7d7987b52467a0ff0c9711fd6f76d516861adb Mon Sep 17 00:00:00 2001 From: Sofiane Gerhardt Date: Mon, 5 May 2025 11:52:35 +0200 Subject: [PATCH 013/131] use targetNamespace --- templates/image-server/ks-pvc.yaml | 1 + templates/image-server/pvc/image-storage.yaml | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/ks-pvc.yaml b/templates/image-server/ks-pvc.yaml index ec71dc4..200d87b 100644 --- a/templates/image-server/ks-pvc.yaml +++ b/templates/image-server/ks-pvc.yaml @@ -15,4 +15,5 @@ spec: wait: false interval: 30m retryInterval: 1m + targetNamespace: ${TENANT_NAMESPACE} timeout: 5m diff --git a/templates/image-server/pvc/image-storage.yaml b/templates/image-server/pvc/image-storage.yaml index 7af917f..1059377 100644 --- a/templates/image-server/pvc/image-storage.yaml +++ b/templates/image-server/pvc/image-storage.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ${TENANT_NAMESPACE}-image-storage - namespace: ${TENANT_NAMESPACE} annotations: helm.sh/resource-policy: keep spec: From f6894ece74839eb7c7289d2276b086cc60a4383b Mon Sep 17 00:00:00 2001 From: Sofiane Gerhardt Date: Mon, 5 May 2025 11:55:12 +0200 Subject: [PATCH 014/131] use /app --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 673bfaf..2822a7e 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -28,4 +28,4 @@ spec: claimName: ${TENANT_NAMESPACE}-image-storage extraVolumeMounts: - name: ${TENANT_NAMESPACE}-image-storage - mountPath: /usr/share/nginx/html \ No newline at end of file + mountPath: /app From a8f9431e05737b41496c77690083705f20a89037 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 15:07:42 +0200 Subject: [PATCH 015/131] combines dv and template yaml --- templates/windowsserver/dv/windows-1-dv.yaml | 15 ------- templates/windowsserver/flavor/small.yaml | 46 +++++++++++++------- templates/windowsserver/ks-dv.yaml | 18 -------- 3 files changed, 30 insertions(+), 49 deletions(-) delete mode 100644 templates/windowsserver/dv/windows-1-dv.yaml delete mode 100644 templates/windowsserver/ks-dv.yaml diff --git a/templates/windowsserver/dv/windows-1-dv.yaml b/templates/windowsserver/dv/windows-1-dv.yaml deleted file mode 100644 index e1401ff..0000000 --- a/templates/windowsserver/dv/windows-1-dv.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cdi.kubevirt.io/v1beta1 -kind: DataVolume -metadata: - name: windows-server-datavolume - namespace: ${TENANT_NAMESPACE} -spec: - source: - http: - url: "https://nginx-demo.apps.ai-2.kvant.cloud/win2022.qcow2" - pvc: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 120Gi \ No newline at end of file diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index fc3604f..e03e616 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -4,18 +4,16 @@ metadata: name: windows-server-2022-small namespace: ${TENANT_NAMESPACE} annotations: - openshift.io/display-name: "Windows Server 2022 VM" - openshift.io/documentation-url: "https://docs.microsoft.com/en-us/windows-server/" - description: "Template for deploying a Windows Server 2022 Virtual Machine on OpenShift with KubeVirt." - tags: virtualmachine,windows,server,2022 + description: "Windows Server 2022 Standard VM + openshift.io/display-name: Windows Server 2022 + openshift.io/provider-display-name: Phoenix Systems AG + tags: virtualmachine,windows,2022 objects: - apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: name: ${VM_NAME} namespace: ${TENANT_NAMESPACE} - labels: - app: windows-server spec: running: false template: @@ -25,26 +23,42 @@ objects: spec: domain: cpu: - cores: 4 + cores: 2 + memory: + guest: 4Gi devices: disks: - name: rootdisk disk: bus: virtio - memory: - guest: 8Gi networks: - name: default pod: {} volumes: - name: rootdisk - persistentVolumeClaim: - claimName: windows-server-datavolume + dataVolume: + name: ${VM_NAME}-datavolume + - apiVersion: cdi.kubevirt.io/v1beta1 + kind: DataVolume + metadata: + name: ${VM_NAME}-datavolume + namespace: ${NAMESPACE} + spec: + source: + http: + url: ${IMAGE_URL} + pvc: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${PVC_SIZE} parameters: - - name: windows_server_2022_small - description: Name of the Virtual Machine + - name: IMAGE_URL + description: URL to your image repository required: true - - name: NAMESPACE - description: Namespace where to deploy + value: https://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2 + - name: PVC_SIZE + description: PVC size (GiB) required: true - value: ${TENANT_NAMESPACE} \ No newline at end of file + value: 120Gi diff --git a/templates/windowsserver/ks-dv.yaml b/templates/windowsserver/ks-dv.yaml deleted file mode 100644 index 3cfa0f1..0000000 --- a/templates/windowsserver/ks-dv.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app dv - namespace: ${TENANT_NAMESPACE} -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./templates/windowsserver/dv - prune: true - sourceRef: - kind: GitRepository - name: tenant-repos - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m From 14589c1319f15bdf55d86280eba36ece6a14d104 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 15:09:34 +0200 Subject: [PATCH 016/131] changed kustomization --- kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/kustomization.yaml b/kustomization.yaml index 4efce0c..37eed61 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -9,5 +9,4 @@ resources: - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml - templates/image-server/ks-route.yaml - - templates/windowsserver/ks-dv.yaml - templates/windowsserver/ks-flavor.yaml \ No newline at end of file From fe10a495922cd4979a4d8579f210d6b802ce1886 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 15:11:31 +0200 Subject: [PATCH 017/131] forgot " --- templates/windowsserver/flavor/small.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index e03e616..9d0f12e 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -4,7 +4,7 @@ metadata: name: windows-server-2022-small namespace: ${TENANT_NAMESPACE} annotations: - description: "Windows Server 2022 Standard VM + description: "Windows Server 2022 Standard VM" openshift.io/display-name: Windows Server 2022 openshift.io/provider-display-name: Phoenix Systems AG tags: virtualmachine,windows,2022 From 46c7522fc0864098ce727451fbb992016b83fdac Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 16:13:39 +0200 Subject: [PATCH 018/131] used more speicifc template --- templates/windowsserver/flavor/small.yaml | 66 +++++++++++++++++------ 1 file changed, 50 insertions(+), 16 deletions(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index 9d0f12e..fb84e01 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -3,46 +3,77 @@ kind: Template metadata: name: windows-server-2022-small namespace: ${TENANT_NAMESPACE} + labels: + template.kubevirt.io/type: vm + os.template.kubevirt.io/win2k22: 'true' + workload.template.kubevirt.io/server: 'true' annotations: - description: "Windows Server 2022 Standard VM" + name.os.template.kubevirt.io/win2k22: Windows Server 2022 + description: Windows Server 2022 VM template (Small) openshift.io/display-name: Windows Server 2022 - openshift.io/provider-display-name: Phoenix Systems AG - tags: virtualmachine,windows,2022 + iconClass: icon-windows objects: - apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: - name: ${VM_NAME} - namespace: ${TENANT_NAMESPACE} + name: ${NAME} + annotations: + description: Windows Server 2022 VM Demo + labels: + app: ${NAME} + vm.kubevirt.io/template: windows-server-2022-template + os.template.kubevirt.io/win2k22: true spec: running: false template: metadata: + annotations: + vm.kubevirt.io/flavor: small + vm.kubevirt.io/os: win2k22 + vm.kubevirt.io/workload: server labels: - kubevirt.io/domain: ${VM_NAME} + kubevirt.io/domain: ${NAME} + kubevirt.io/size: small spec: domain: cpu: cores: 2 - memory: - guest: 4Gi + sockets: 1 + threads: 1 devices: disks: - - name: rootdisk - disk: + - disk: bus: virtio + name: rootdisk + interfaces: + - masquerade: {} + model: virtio + name: default + networkInterfaceMultiqueue: 'true' + rng: {} + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + memory: + guest: 4Gi + hostname: ${NAME} networks: - name: default pod: {} + terminationGracePeriodSeconds: 180 volumes: - name: rootdisk dataVolume: - name: ${VM_NAME}-datavolume + name: ${NAME}-datavolume - apiVersion: cdi.kubevirt.io/v1beta1 kind: DataVolume metadata: - name: ${VM_NAME}-datavolume - namespace: ${NAMESPACE} + name: ${NAME}-datavolume + namespace: ${TENANT_NAMESPACE} spec: source: http: @@ -54,11 +85,14 @@ objects: requests: storage: ${PVC_SIZE} parameters: + - name: NAME + description: Name for the new VM + value: windows-server-2022 - name: IMAGE_URL - description: URL to your image repository + description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image required: true - value: https://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2 + value: https://nginx.demo.apps.ai-2.kvant.cloud/win2022.qcow2 - name: PVC_SIZE - description: PVC size (GiB) + description: Size of the root disk PVC required: true value: 120Gi From 1ce69cf11c6f68e5a7460434fc83b93d295168d9 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 16:18:19 +0200 Subject: [PATCH 019/131] added quote --- templates/windowsserver/flavor/small.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index fb84e01..2830d2b 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -4,7 +4,7 @@ metadata: name: windows-server-2022-small namespace: ${TENANT_NAMESPACE} labels: - template.kubevirt.io/type: vm + template.kubevirt.io/type: 'vm' os.template.kubevirt.io/win2k22: 'true' workload.template.kubevirt.io/server: 'true' annotations: From 95c0ab6451818b86a69f60fce35daf029636a2be Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 16:20:51 +0200 Subject: [PATCH 020/131] added more quotes cause v1 cant handle it --- templates/windowsserver/flavor/small.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index 2830d2b..808b672 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -20,9 +20,9 @@ objects: annotations: description: Windows Server 2022 VM Demo labels: - app: ${NAME} - vm.kubevirt.io/template: windows-server-2022-template - os.template.kubevirt.io/win2k22: true + app: '${NAME}' + vm.kubevirt.io/template: 'windows-server-2022-template' + os.template.kubevirt.io/win2k22: 'true' spec: running: false template: From 160759dbd24ad91cf1561eec5cf5faf1a3915b96 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 16:26:04 +0200 Subject: [PATCH 021/131] MORE QUOTES --- templates/windowsserver/flavor/small.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index 808b672..a007fe9 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -32,7 +32,7 @@ objects: vm.kubevirt.io/os: win2k22 vm.kubevirt.io/workload: server labels: - kubevirt.io/domain: ${NAME} + kubevirt.io/domain: '${NAME}' kubevirt.io/size: small spec: domain: @@ -60,7 +60,7 @@ objects: efi: {} memory: guest: 4Gi - hostname: ${NAME} + hostname: '${NAME}' networks: - name: default pod: {} @@ -68,22 +68,22 @@ objects: volumes: - name: rootdisk dataVolume: - name: ${NAME}-datavolume + name: '${NAME}-datavolume' - apiVersion: cdi.kubevirt.io/v1beta1 kind: DataVolume metadata: - name: ${NAME}-datavolume - namespace: ${TENANT_NAMESPACE} + name: '${NAME}-datavolume' + namespace: '${TENANT_NAMESPACE}' spec: source: http: - url: ${IMAGE_URL} + url: '${IMAGE_URL}' pvc: accessModes: - ReadWriteOnce resources: requests: - storage: ${PVC_SIZE} + storage: '${PVC_SIZE}' parameters: - name: NAME description: Name for the new VM From 67e8e5c0da7ca6c995b016f7773812c6548ddb7f Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 16:46:20 +0200 Subject: [PATCH 022/131] you guessed it. More quotes. --- templates/windowsserver/flavor/small.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index a007fe9..7d00960 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -2,7 +2,7 @@ apiVersion: template.openshift.io/v1 kind: Template metadata: name: windows-server-2022-small - namespace: ${TENANT_NAMESPACE} + namespace: '${TENANT_NAMESPACE}' labels: template.kubevirt.io/type: 'vm' os.template.kubevirt.io/win2k22: 'true' @@ -16,7 +16,7 @@ objects: - apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: - name: ${NAME} + name: '${NAME}' annotations: description: Windows Server 2022 VM Demo labels: @@ -49,7 +49,7 @@ objects: - masquerade: {} model: virtio name: default - networkInterfaceMultiqueue: 'true' + networkInterfaceMultiqueue: true rng: {} features: acpi: {} From 1ec6b25b7619a5795c0841fbcbb55b99ed50f248 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 17:01:24 +0200 Subject: [PATCH 023/131] set name requirement --- templates/windowsserver/flavor/small.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index 7d00960..e97c5f2 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -87,6 +87,7 @@ objects: parameters: - name: NAME description: Name for the new VM + required: true value: windows-server-2022 - name: IMAGE_URL description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image From 39da3e0cf75c40426cd4302a47c0372476f3eaf7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 17:06:15 +0200 Subject: [PATCH 024/131] changed variable to hardcoded value --- templates/windowsserver/flavor/small.yaml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index e97c5f2..67a0223 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -16,11 +16,11 @@ objects: - apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: - name: '${NAME}' + name: windows-server-demo annotations: description: Windows Server 2022 VM Demo labels: - app: '${NAME}' + app: windows-server-demo vm.kubevirt.io/template: 'windows-server-2022-template' os.template.kubevirt.io/win2k22: 'true' spec: @@ -32,7 +32,7 @@ objects: vm.kubevirt.io/os: win2k22 vm.kubevirt.io/workload: server labels: - kubevirt.io/domain: '${NAME}' + kubevirt.io/domain: windows-server-demo kubevirt.io/size: small spec: domain: @@ -60,7 +60,7 @@ objects: efi: {} memory: guest: 4Gi - hostname: '${NAME}' + hostname: windows-server-demo networks: - name: default pod: {} @@ -68,11 +68,11 @@ objects: volumes: - name: rootdisk dataVolume: - name: '${NAME}-datavolume' + name: windows-server-datavolume-small - apiVersion: cdi.kubevirt.io/v1beta1 kind: DataVolume metadata: - name: '${NAME}-datavolume' + name: windows-server-datavolume-small namespace: '${TENANT_NAMESPACE}' spec: source: @@ -85,10 +85,6 @@ objects: requests: storage: '${PVC_SIZE}' parameters: - - name: NAME - description: Name for the new VM - required: true - value: windows-server-2022 - name: IMAGE_URL description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image required: true From 3edc01b5f651c1951ed081648b6a20879c3737c6 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 17:17:37 +0200 Subject: [PATCH 025/131] openshift unable to use this variable to spawn DV --- templates/windowsserver/flavor/small.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index 67a0223..b90ad2d 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -77,7 +77,7 @@ objects: spec: source: http: - url: '${IMAGE_URL}' + url: https://nginx.demo.apps.ai-2.kvant.cloud/win2022.qcow2 pvc: accessModes: - ReadWriteOnce @@ -85,10 +85,10 @@ objects: requests: storage: '${PVC_SIZE}' parameters: - - name: IMAGE_URL - description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image - required: true - value: https://nginx.demo.apps.ai-2.kvant.cloud/win2022.qcow2 + #- name: IMAGE_URL + # description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image + # required: true + # value: https://nginx.demo.apps.ai-2.kvant.cloud/win2022.qcow2 - name: PVC_SIZE description: Size of the root disk PVC required: true From 69d3c9bbad75d70454f17840ab1f71e7203a0044 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 17:31:27 +0200 Subject: [PATCH 026/131] wrong url --- templates/windowsserver/flavor/small.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index b90ad2d..7e72dae 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -77,7 +77,7 @@ objects: spec: source: http: - url: https://nginx.demo.apps.ai-2.kvant.cloud/win2022.qcow2 + url: https://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2 pvc: accessModes: - ReadWriteOnce @@ -88,7 +88,7 @@ parameters: #- name: IMAGE_URL # description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image # required: true - # value: https://nginx.demo.apps.ai-2.kvant.cloud/win2022.qcow2 + # value: https://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2 - name: PVC_SIZE description: Size of the root disk PVC required: true From 9fc1f8acc3227c958d56b21ad3497a334cbf787e Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 17:40:42 +0200 Subject: [PATCH 027/131] certificate failed to verify --- templates/windowsserver/flavor/small.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index 7e72dae..cb90c4b 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -77,7 +77,7 @@ objects: spec: source: http: - url: https://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2 + url: http://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2 pvc: accessModes: - ReadWriteOnce From 8a1dcefe4440600928db7c4675297cbbaa066d80 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 5 May 2025 19:30:46 +0200 Subject: [PATCH 028/131] added alpine debug pod --- container/debug/alpine.yaml | 14 ++++++++++++++ container/ks-debug.yaml | 18 ++++++++++++++++++ kustomization.yaml | 1 + 3 files changed, 33 insertions(+) create mode 100644 container/debug/alpine.yaml create mode 100644 container/ks-debug.yaml diff --git a/container/debug/alpine.yaml b/container/debug/alpine.yaml new file mode 100644 index 0000000..8f2b5f9 --- /dev/null +++ b/container/debug/alpine.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: alpine-test + namespace: ${TENANT_NAMESPACE} +spec: + containers: + - name: alpine + image: alpine:latest + command: ["/bin/sh"] + args: ["-c", "while true; do sleep 3600; done"] + stdin: true + tty: true + restartPolicy: Never \ No newline at end of file diff --git a/container/ks-debug.yaml b/container/ks-debug.yaml new file mode 100644 index 0000000..9c78fde --- /dev/null +++ b/container/ks-debug.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app debug + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./container/debug + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kustomization.yaml b/kustomization.yaml index 37eed61..c494cd0 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,7 @@ resources: - echo-server/ks.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml + - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml - templates/image-server/ks-route.yaml From 2f8a63eb7430b25bbbcd0747fc2094b92e0c9129 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 6 May 2025 16:23:26 +0200 Subject: [PATCH 029/131] added another vm --- kustomization.yaml | 1 + ubuntu-vm-3/ks.yaml | 18 ++++++++++++ ubuntu-vm-3/ubuntu/ubuntu-vm.yaml | 48 +++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 ubuntu-vm-3/ks.yaml create mode 100644 ubuntu-vm-3/ubuntu/ubuntu-vm.yaml diff --git a/kustomization.yaml b/kustomization.yaml index c494cd0..80d2821 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,7 @@ resources: - echo-server/ks.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml + - ubuntu-vm-3/ks.yaml - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml diff --git a/ubuntu-vm-3/ks.yaml b/ubuntu-vm-3/ks.yaml new file mode 100644 index 0000000..12912dc --- /dev/null +++ b/ubuntu-vm-3/ks.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ubuntu-vm-3 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./ubuntu-vm-3/ubuntu + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml new file mode 100644 index 0000000..be999e1 --- /dev/null +++ b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml @@ -0,0 +1,48 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: ubuntu-vm-3 + namespace: kubevirt-vms +spec: + running: true + template: + metadata: + labels: + kubevirt.io/domain: ubuntu-vm-3 + spec: + domain: + cpu: + cores: 2 + devices: + disks: + - disk: + bus: virtio + name: containerdisk + - disk: + bus: virtio + name: cloudinitdisk + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 + memory: + guest: 2Gi + volumes: + - name: containerdisk + containerDisk: + image: quay.io/containerdisks/ubuntu:22.04 + - name: cloudinitdisk + cloudInitNoCloud: + userData: | + #cloud-config + hostname: ubuntu-vm-1 + ssh_pwauth: True + users: + - name: ubuntu + ssh-authorized-keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu + sudo: ['ALL=(ALL) NOPASSWD:ALL'] + shell: /bin/bash \ No newline at end of file From 57de4fd2e6a4b00d08292aef81c9d4497447340c Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 6 May 2025 16:26:32 +0200 Subject: [PATCH 030/131] change specs --- ubuntu-vm-3/ubuntu/ubuntu-vm.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml index be999e1..130b5b6 100644 --- a/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml @@ -12,7 +12,7 @@ spec: spec: domain: cpu: - cores: 2 + cores: 1 devices: disks: - disk: @@ -27,7 +27,7 @@ spec: cpu: 1 limits: memory: 2Gi - cpu: 2 + cpu: 1 memory: guest: 2Gi volumes: From afb0db1f155072c9dfa6e91dd623a626eda30d6c Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 6 May 2025 16:47:44 +0200 Subject: [PATCH 031/131] changed namespace --- ubuntu-vm-3/ubuntu/ubuntu-vm.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml index 130b5b6..3164a85 100644 --- a/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml @@ -2,7 +2,7 @@ apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: name: ubuntu-vm-3 - namespace: kubevirt-vms + namespace: demo spec: running: true template: @@ -38,7 +38,7 @@ spec: cloudInitNoCloud: userData: | #cloud-config - hostname: ubuntu-vm-1 + hostname: ubuntu-vm-3 ssh_pwauth: True users: - name: ubuntu From 752a56fa4eda1ee893bbcfcf221fc079f92f6860 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Thu, 8 May 2025 11:59:27 +0200 Subject: [PATCH 032/131] delete ubuntu 3 and echo server --- echo-server/app/helmrelease.yaml | 103 ------------------------------ echo-server/ks.yaml | 20 ------ kustomization.yaml | 2 - repos/helm/bjw-s.yaml | 11 ---- ubuntu-vm-3/ks.yaml | 18 ------ ubuntu-vm-3/ubuntu/ubuntu-vm.yaml | 48 -------------- 6 files changed, 202 deletions(-) delete mode 100644 echo-server/app/helmrelease.yaml delete mode 100644 echo-server/ks.yaml delete mode 100644 repos/helm/bjw-s.yaml delete mode 100644 ubuntu-vm-3/ks.yaml delete mode 100644 ubuntu-vm-3/ubuntu/ubuntu-vm.yaml diff --git a/echo-server/app/helmrelease.yaml b/echo-server/app/helmrelease.yaml deleted file mode 100644 index 7250687..0000000 --- a/echo-server/app/helmrelease.yaml +++ /dev/null @@ -1,103 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: &app echo-server -spec: - serviceAccountName: ${TECHNICAL_ACCOUNT} - interval: 30m - chart: - spec: - chart: app-template - version: 3.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: ${TENANT_NAMESPACE} - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - strategy: rollback - retries: 3 - values: - controllers: - echo-server: - replicas: 2 - strategy: RollingUpdate - containers: - app: - image: - repository: ghcr.io/mendhak/http-https-echo - tag: 33 - env: - HTTP_PORT: &port 8080 - LOG_WITHOUT_NEWLINE: true - LOG_IGNORE_PATH: /healthz - PROMETHEUS_ENABLED: true - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /healthz - port: *port - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } - seccompProfile: - type: RuntimeDefault - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - memory: 64Mi - cpu: 100m - defaultPodOptions: - securityContext: - runAsNonRoot: true - seccompProfile: { type: RuntimeDefault } - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - service: - app: - controller: echo-server - ports: - http: - port: *port - serviceMonitor: - app: - serviceName: echo-server - endpoints: - - port: http - scheme: http - path: /metrics - interval: 1m - scrapeTimeout: 10s - ingress: - app: - className: external - hosts: - - host: "{{ .Release.Name }}-${TENANT_DOMAIN}" - paths: - - path: / - service: - identifier: app - port: http - diff --git a/echo-server/ks.yaml b/echo-server/ks.yaml deleted file mode 100644 index 4448636..0000000 --- a/echo-server/ks.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app echo-server - namespace: ${TENANT_NAMESPACE} -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./echo-server/app - prune: true - sourceRef: - kind: GitRepository - name: tenant-repos - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m diff --git a/kustomization.yaml b/kustomization.yaml index 80d2821..194155a 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -3,10 +3,8 @@ kind: Kustomization resources: - vars/ks.yaml - repos/ks.yaml - - echo-server/ks.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml - - ubuntu-vm-3/ks.yaml - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml diff --git a/repos/helm/bjw-s.yaml b/repos/helm/bjw-s.yaml deleted file mode 100644 index 90cdc7f..0000000 --- a/repos/helm/bjw-s.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: bjw-s - namespace: ${TENANT_NAMESPACE} -spec: - interval: 5m - url: https://bjw-s-labs.github.io/helm-charts - diff --git a/ubuntu-vm-3/ks.yaml b/ubuntu-vm-3/ks.yaml deleted file mode 100644 index 12912dc..0000000 --- a/ubuntu-vm-3/ks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app ubuntu-vm-3 - namespace: ${TENANT_NAMESPACE} -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./ubuntu-vm-3/ubuntu - prune: true - sourceRef: - kind: GitRepository - name: tenant-repos - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m diff --git a/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml deleted file mode 100644 index 3164a85..0000000 --- a/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: kubevirt.io/v1 -kind: VirtualMachine -metadata: - name: ubuntu-vm-3 - namespace: demo -spec: - running: true - template: - metadata: - labels: - kubevirt.io/domain: ubuntu-vm-3 - spec: - domain: - cpu: - cores: 1 - devices: - disks: - - disk: - bus: virtio - name: containerdisk - - disk: - bus: virtio - name: cloudinitdisk - resources: - requests: - memory: 2Gi - cpu: 1 - limits: - memory: 2Gi - cpu: 1 - memory: - guest: 2Gi - volumes: - - name: containerdisk - containerDisk: - image: quay.io/containerdisks/ubuntu:22.04 - - name: cloudinitdisk - cloudInitNoCloud: - userData: | - #cloud-config - hostname: ubuntu-vm-3 - ssh_pwauth: True - users: - - name: ubuntu - ssh-authorized-keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu - sudo: ['ALL=(ALL) NOPASSWD:ALL'] - shell: /bin/bash \ No newline at end of file From cebdd2ad2c24d9e31b436830a8ce0e51d24641b9 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Thu, 8 May 2025 12:35:31 +0200 Subject: [PATCH 033/131] added template provided by redhat --- kustomization.yaml | 3 +- templates/windowsserver-rh/flavor/small.yaml | 104 +++++++++++++++++++ templates/windowsserver-rh/ks-flavor.yaml | 18 ++++ 3 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 templates/windowsserver-rh/flavor/small.yaml create mode 100644 templates/windowsserver-rh/ks-flavor.yaml diff --git a/kustomization.yaml b/kustomization.yaml index 194155a..ca06816 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -9,4 +9,5 @@ resources: - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml - templates/image-server/ks-route.yaml - - templates/windowsserver/ks-flavor.yaml \ No newline at end of file + - templates/windowsserver/ks-flavor.yaml + - templates/windowsserver-rh/ks-flavor.yaml \ No newline at end of file diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml new file mode 100644 index 0000000..6bd91ec --- /dev/null +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -0,0 +1,104 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: windows-server-2022-small-redhat + namespace: '${TENANT_NAMESPACE}' + labels: + template.kubevirt.io/type: 'vm' + os.template.kubevirt.io/win2k22: 'true' + workload.template.kubevirt.io/server: 'true' + annotations: + name.os.template.kubevirt.io/win2k22: Windows Server 2022 + description: Windows Server 2022 VM + openshift.io/display-name: Windows Server 2022 + iconClass: icon-windows +objects: + - apiVersion: kubevirt.io/v1 + kind: VirtualMachine + metadata: + name: '${NAME}' + annotations: + description: Windows Server 2022 VM example + labels: + app: '${NAME}' + vm.kubevirt.io/template: 'windows-server-2022-template' + os.template.kubevirt.io/win2k22: 'true' + spec: + running: false + template: + metadata: + annotations: + vm.kubevirt.io/flavor: small + vm.kubevirt.io/os: win2k22 + vm.kubevirt.io/workload: server + labels: + kubevirt.io/domain: '${NAME}' + kubevirt.io/size: small + spec: + domain: + cpu: + cores: 1 + sockets: 1 + threads: 1 + devices: + disks: + - disk: + bus: virtio + name: rootdisk + interfaces: + - masquerade: {} + model: virtio + name: default + networkInterfaceMultiqueue: true + rng: {} + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + memory: + guest: 4Gi + hostname: '${NAME}' + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: '${NAME}-dv' + - apiVersion: cdi.kubevirt.io/v1beta1 + kind: DataVolume + metadata: + name: '${NAME}-dv' + namespace: '${TENANT_NAMESPACE}' + spec: + source: + http: + url: '${IMAGE_URL}' + pvc: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: '${PVC_SIZE}' + storageClassName: '${STORAGE_CLASS}' +parameters: + - name: NAME + description: Name for the new VM + generate: expression + from: 'windows-[a-z0-9]{8}' + - name: IMAGE_URL + description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image + required: true + value: http://nginx.demo.svc.cluster.local:8080/win2022.qcow2 + - name: PVC_SIZE + description: Size of the root disk PVC + required: true + value: 120Gi + - name: STORAGE_CLASS + description: The StorageClass to use for the root disk PVC + required: true + value: ibm-spectrum-scale-fileset \ No newline at end of file diff --git a/templates/windowsserver-rh/ks-flavor.yaml b/templates/windowsserver-rh/ks-flavor.yaml new file mode 100644 index 0000000..2b04e73 --- /dev/null +++ b/templates/windowsserver-rh/ks-flavor.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flavor + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./templates/windowsserver-rh/flavor + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m From 70f0098dbd031233c6365a3df6635cc3c74b70a3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Thu, 8 May 2025 12:39:14 +0200 Subject: [PATCH 034/131] changed app name --- templates/windowsserver-rh/ks-flavor.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver-rh/ks-flavor.yaml b/templates/windowsserver-rh/ks-flavor.yaml index 2b04e73..efaa0d1 100644 --- a/templates/windowsserver-rh/ks-flavor.yaml +++ b/templates/windowsserver-rh/ks-flavor.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app flavor + name: &app flavor-rh namespace: ${TENANT_NAMESPACE} spec: commonMetadata: From 65c809bb445470ec71aa564ff327cd8fbfc1d160 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Thu, 8 May 2025 12:42:15 +0200 Subject: [PATCH 035/131] changed label to be string rather than variable --- templates/windowsserver-rh/flavor/small.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml index 6bd91ec..5d092ae 100644 --- a/templates/windowsserver-rh/flavor/small.yaml +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -32,7 +32,7 @@ objects: vm.kubevirt.io/os: win2k22 vm.kubevirt.io/workload: server labels: - kubevirt.io/domain: '${NAME}' + kubevirt.io/domain: windows-server-2022-small-redhat kubevirt.io/size: small spec: domain: From a9df0a48c65ffff1e5dcd7e585809d833de9c964 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Thu, 8 May 2025 12:47:39 +0200 Subject: [PATCH 036/131] changed name variable to value --- templates/windowsserver-rh/flavor/small.yaml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml index 5d092ae..73cd091 100644 --- a/templates/windowsserver-rh/flavor/small.yaml +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -16,11 +16,11 @@ objects: - apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: - name: '${NAME}' + name: windows-server-2022-small-redhat annotations: description: Windows Server 2022 VM example labels: - app: '${NAME}' + app: windows-server-2022-small-redhat vm.kubevirt.io/template: 'windows-server-2022-template' os.template.kubevirt.io/win2k22: 'true' spec: @@ -60,7 +60,7 @@ objects: efi: {} memory: guest: 4Gi - hostname: '${NAME}' + hostname: windows-server-2022-small-redhat networks: - name: default pod: {} @@ -68,11 +68,11 @@ objects: volumes: - name: rootdisk dataVolume: - name: '${NAME}-dv' + name: windows-server-2022-small-redhat-dv - apiVersion: cdi.kubevirt.io/v1beta1 kind: DataVolume metadata: - name: '${NAME}-dv' + name: windows-server-2022-small-redhat-dv namespace: '${TENANT_NAMESPACE}' spec: source: @@ -86,10 +86,6 @@ objects: storage: '${PVC_SIZE}' storageClassName: '${STORAGE_CLASS}' parameters: - - name: NAME - description: Name for the new VM - generate: expression - from: 'windows-[a-z0-9]{8}' - name: IMAGE_URL description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image required: true From 029664c6f7e02088de9434cbb4e56226de750de7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Thu, 8 May 2025 12:52:13 +0200 Subject: [PATCH 037/131] change variable --- templates/windowsserver-rh/flavor/small.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml index 73cd091..1373328 100644 --- a/templates/windowsserver-rh/flavor/small.yaml +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -77,7 +77,7 @@ objects: spec: source: http: - url: '${IMAGE_URL}' + url: http://nginx.demo.svc.cluster.local:8080/win2022.qcow2 pvc: accessModes: - ReadWriteOnce @@ -86,10 +86,6 @@ objects: storage: '${PVC_SIZE}' storageClassName: '${STORAGE_CLASS}' parameters: - - name: IMAGE_URL - description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image - required: true - value: http://nginx.demo.svc.cluster.local:8080/win2022.qcow2 - name: PVC_SIZE description: Size of the root disk PVC required: true From 364d47707cc9d1aeeb463bb22cc3f6ea4066b61b Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Thu, 8 May 2025 12:54:21 +0200 Subject: [PATCH 038/131] change variable again --- templates/windowsserver-rh/flavor/small.yaml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml index 1373328..9e4793b 100644 --- a/templates/windowsserver-rh/flavor/small.yaml +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -83,14 +83,5 @@ objects: - ReadWriteOnce resources: requests: - storage: '${PVC_SIZE}' - storageClassName: '${STORAGE_CLASS}' -parameters: - - name: PVC_SIZE - description: Size of the root disk PVC - required: true - value: 120Gi - - name: STORAGE_CLASS - description: The StorageClass to use for the root disk PVC - required: true - value: ibm-spectrum-scale-fileset \ No newline at end of file + storage: 120Gi + storageClassName: ibm-spectrum-scale-fileset \ No newline at end of file From 1f600af0f4c63792e5a14cdb6505b644644a7f64 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Thu, 8 May 2025 18:14:39 +0200 Subject: [PATCH 039/131] added new image --- templates/windowsserver-rh/flavor/small.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml index 9e4793b..7e60049 100644 --- a/templates/windowsserver-rh/flavor/small.yaml +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -77,7 +77,7 @@ objects: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/win2022.qcow2 + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi.qcow2 pvc: accessModes: - ReadWriteOnce From 6abfc970df785b4c7a6f68d40e2dc504ca04a690 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Fri, 9 May 2025 12:47:52 +0200 Subject: [PATCH 040/131] changed image --- templates/windowsserver-rh/flavor/small.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml index 7e60049..70bacca 100644 --- a/templates/windowsserver-rh/flavor/small.yaml +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -77,7 +77,7 @@ objects: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi.qcow2 + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 pvc: accessModes: - ReadWriteOnce From e2fb0662792cc58354c282462aa6867c552d01bd Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 12 May 2025 14:57:27 +0200 Subject: [PATCH 041/131] added windows machine via flux --- kustomization.yaml | 1 + windows-vm-1/ks.yaml | 18 +++++++ windows-vm-1/windows/windows.yaml | 78 +++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+) create mode 100644 windows-vm-1/ks.yaml create mode 100644 windows-vm-1/windows/windows.yaml diff --git a/kustomization.yaml b/kustomization.yaml index ca06816..1b066db 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -5,6 +5,7 @@ resources: - repos/ks.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml + - windows-vm-1/ks.yaml - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml diff --git a/windows-vm-1/ks.yaml b/windows-vm-1/ks.yaml new file mode 100644 index 0000000..51b7431 --- /dev/null +++ b/windows-vm-1/ks.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-1 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-1/windows + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/windows-vm-1/windows/windows.yaml b/windows-vm-1/windows/windows.yaml new file mode 100644 index 0000000..6ee20e7 --- /dev/null +++ b/windows-vm-1/windows/windows.yaml @@ -0,0 +1,78 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-server-2022-basic + namespace: ${TENANT_NAMESPACE} +spec: + running: true + template: + metadata: + annotations: + vm.kubevirt.io/os: win2k22 + vm.kubevirt.io/workload: server + labels: + kubevirt.io/domain: windows-server-2022-basic + kubevirt.io/size: small + spec: + domain: + cpu: + cores: ${CPU_CORES} + sockets: 1 + threads: 1 + devices: + disks: + - disk: + bus: virtio + name: rootdisk + interfaces: + - masquerade: {} + model: virtio + name: default + networkInterfaceMultiqueue: true + rng: {} + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + memory: + guest: ${MEMORY_SIZE} + hostname: windows-server-2022-basic + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: windows-server-2022-basic-dv +--- +apiVersion: cdi.kubevirt.io/v1beta1 +kind: DataVolume +metadata: + name: windows-server-2022-basic-dv + namespace: ${TENANT_NAMESPACE} +spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + pvc: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${PVC_SIZE} + storageClassName: ibm-spectrum-scale-fileset +--- +parameters: + - name: CPU_CORES + description: Number of vCPU cores + value: "1" + - name: MEMORY_SIZE + description: Amount of memory to assign + value: "4Gi" + - name: PVC_SIZE + description: Root disk size + value: "120Gi" \ No newline at end of file From d638ec4c45452525fe878877ed8d119cec703204 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 12 May 2025 15:02:32 +0200 Subject: [PATCH 042/131] changed parameter to values --- windows-vm-1/windows/windows.yaml | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/windows-vm-1/windows/windows.yaml b/windows-vm-1/windows/windows.yaml index 6ee20e7..8da40a7 100644 --- a/windows-vm-1/windows/windows.yaml +++ b/windows-vm-1/windows/windows.yaml @@ -16,7 +16,7 @@ spec: spec: domain: cpu: - cores: ${CPU_CORES} + cores: 1 sockets: 1 threads: 1 devices: @@ -38,7 +38,7 @@ spec: bootloader: efi: {} memory: - guest: ${MEMORY_SIZE} + guest: 4Gi hostname: windows-server-2022-basic networks: - name: default @@ -63,16 +63,5 @@ spec: - ReadWriteOnce resources: requests: - storage: ${PVC_SIZE} - storageClassName: ibm-spectrum-scale-fileset ---- -parameters: - - name: CPU_CORES - description: Number of vCPU cores - value: "1" - - name: MEMORY_SIZE - description: Amount of memory to assign - value: "4Gi" - - name: PVC_SIZE - description: Root disk size - value: "120Gi" \ No newline at end of file + storage: 120Gi + storageClassName: ibm-spectrum-scale-fileset \ No newline at end of file From 4fda3a9eff9e21e0fcb4fc8f7832d8c1decefd4d Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 09:56:07 +0200 Subject: [PATCH 043/131] Added New VM and Load Balancer --- ubuntu-vm-standard/datadisk.yaml | 12 ++++++ ubuntu-vm-standard/lb.yaml | 29 +++++++++++++ ubuntu-vm-standard/server.yaml | 71 ++++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 ubuntu-vm-standard/datadisk.yaml create mode 100644 ubuntu-vm-standard/lb.yaml create mode 100644 ubuntu-vm-standard/server.yaml diff --git a/ubuntu-vm-standard/datadisk.yaml b/ubuntu-vm-standard/datadisk.yaml new file mode 100644 index 0000000..df02419 --- /dev/null +++ b/ubuntu-vm-standard/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vm-datadisk +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Block + accessModes: + - ReadWriteMany + resources: + requests: + storage: 400Gi diff --git a/ubuntu-vm-standard/lb.yaml b/ubuntu-vm-standard/lb.yaml new file mode 100644 index 0000000..f2b54c2 --- /dev/null +++ b/ubuntu-vm-standard/lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: windows-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: windows-vm-standard +spec: + type: LoadBalancer + ports: + - port: 8080 + name: http + targetPort: 8080 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + - port: 65022 + name: ssh + targetPort: 22 + protocol: TCP + - port: 3389 + name: rdp + targetPort: 3389 + protocol: TCP + selector: + kubevirt.io/domain: windows-vm-standard diff --git a/ubuntu-vm-standard/server.yaml b/ubuntu-vm-standard/server.yaml new file mode 100644 index 0000000..ad6de61 --- /dev/null +++ b/ubuntu-vm-standard/server.yaml @@ -0,0 +1,71 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: windows-rootdisk + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: windows-vm-standard + spec: + domain: + cpu: + cores: 4 + memory: + guest: 8Gi + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: + - disk: + bus: scsi + name: rootdisk + - disk: + bus: scsi + name: datadisk + - disk: + bus: scsi + name: cloudinitdisk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: windows-rootdisk + - name: datadisk + persistentVolumeClaim: + claimName: windows-datadisk + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init From 6a78fbf5c093ec79638a1d7229643a1d94e9c9e3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 11:45:59 +0200 Subject: [PATCH 044/131] Added Kustomizations --- kustomization.yaml | 3 +++ network/ks-lb.yaml | 18 ++++++++++++++++++ .../loadbalancers/windows-lb.yaml | 0 windows-vm-standard/ks-pvc.yaml | 18 ++++++++++++++++++ windows-vm-standard/ks-vm.yaml | 18 ++++++++++++++++++ .../pvc}/datadisk.yaml | 0 .../vm}/server.yaml | 0 7 files changed, 57 insertions(+) create mode 100644 network/ks-lb.yaml rename ubuntu-vm-standard/lb.yaml => network/loadbalancers/windows-lb.yaml (100%) create mode 100644 windows-vm-standard/ks-pvc.yaml create mode 100644 windows-vm-standard/ks-vm.yaml rename {ubuntu-vm-standard => windows-vm-standard/pvc}/datadisk.yaml (100%) rename {ubuntu-vm-standard => windows-vm-standard/vm}/server.yaml (100%) diff --git a/kustomization.yaml b/kustomization.yaml index 1b066db..17f2750 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -3,6 +3,9 @@ kind: Kustomization resources: - vars/ks.yaml - repos/ks.yaml + - network/ks-lb.yaml + - windows-vm-standard/ks-vm.yaml + - windows-vm-standard/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml - windows-vm-1/ks.yaml diff --git a/network/ks-lb.yaml b/network/ks-lb.yaml new file mode 100644 index 0000000..bfb3107 --- /dev/null +++ b/network/ks-lb.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-lb + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./network/loadbalancers + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/ubuntu-vm-standard/lb.yaml b/network/loadbalancers/windows-lb.yaml similarity index 100% rename from ubuntu-vm-standard/lb.yaml rename to network/loadbalancers/windows-lb.yaml diff --git a/windows-vm-standard/ks-pvc.yaml b/windows-vm-standard/ks-pvc.yaml new file mode 100644 index 0000000..62a22e6 --- /dev/null +++ b/windows-vm-standard/ks-pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-pvc + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard/pvc + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard/ks-vm.yaml b/windows-vm-standard/ks-vm.yaml new file mode 100644 index 0000000..659a85f --- /dev/null +++ b/windows-vm-standard/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/ubuntu-vm-standard/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml similarity index 100% rename from ubuntu-vm-standard/datadisk.yaml rename to windows-vm-standard/pvc/datadisk.yaml diff --git a/ubuntu-vm-standard/server.yaml b/windows-vm-standard/vm/server.yaml similarity index 100% rename from ubuntu-vm-standard/server.yaml rename to windows-vm-standard/vm/server.yaml From 86f10cbd6d7de8e25f7734fab4ed537343c45170 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 11:46:58 +0200 Subject: [PATCH 045/131] changed label --- network/loadbalancers/windows-lb.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/loadbalancers/windows-lb.yaml b/network/loadbalancers/windows-lb.yaml index f2b54c2..3a20507 100644 --- a/network/loadbalancers/windows-lb.yaml +++ b/network/loadbalancers/windows-lb.yaml @@ -5,7 +5,7 @@ metadata: name: windows-lb namespace: ${TENANT_NAMESPACE} labels: - app.kubernetes.io/component: windows-vm-standard + app.kubernetes.io/component: windows-lb spec: type: LoadBalancer ports: From 9b64dfad0b0676c4c3678cf1b3eac5f28d5a0458 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 11:53:28 +0200 Subject: [PATCH 046/131] mistake in disc allocation --- windows-vm-standard/ks-vm.yaml | 2 +- windows-vm-standard/pvc/datadisk.yaml | 4 ++-- windows-vm-standard/vm/server.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows-vm-standard/ks-vm.yaml b/windows-vm-standard/ks-vm.yaml index 659a85f..3243954 100644 --- a/windows-vm-standard/ks-vm.yaml +++ b/windows-vm-standard/ks-vm.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app windows-vm + name: &app windows-vm-standard namespace: ${TENANT_NAMESPACE} spec: commonMetadata: diff --git a/windows-vm-standard/pvc/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml index df02419..4111e5b 100644 --- a/windows-vm-standard/pvc/datadisk.yaml +++ b/windows-vm-standard/pvc/datadisk.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: vm-datadisk + name: windows-vm-datadisk spec: storageClassName: ibm-spectrum-scale-fileset volumeMode: Block @@ -9,4 +9,4 @@ spec: - ReadWriteMany resources: requests: - storage: 400Gi + storage: 200Gi diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index ad6de61..5998ab8 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -64,7 +64,7 @@ spec: name: windows-rootdisk - name: datadisk persistentVolumeClaim: - claimName: windows-datadisk + claimName: windows-vm-datadisk #- name: cloudinitdisk # cloudInitNoCloud: # secretRef: From 1604b7e613b0f10301e4d591d3f85aa8205f31dc Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 11:58:32 +0200 Subject: [PATCH 047/131] indent --- windows-vm-standard/vm/server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 5998ab8..8e4877f 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -9,8 +9,8 @@ spec: name: windows-rootdisk spec: source: - http: - url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 storage: resources: requests: From 0f54f22879f8f8658e17c0621c5a024c8ab1e8d7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 12:01:17 +0200 Subject: [PATCH 048/131] comment out disk for cloud init --- windows-vm-standard/vm/server.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 8e4877f..b97b2aa 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -44,9 +44,9 @@ spec: - disk: bus: scsi name: datadisk - - disk: - bus: scsi - name: cloudinitdisk + # - disk: + # bus: scsi + # name: cloudinitdisk resources: requests: memory: 8Gi From 78d1e0d3abee6b0e2599daacb6da8ff4313cda46 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 12:37:01 +0200 Subject: [PATCH 049/131] Increase rootdisk size --- windows-vm-standard/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index b97b2aa..8cbde7b 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -14,7 +14,7 @@ spec: storage: resources: requests: - storage: 30Gi + storage: 60Gi runStrategy: Always template: metadata: From 5e7cad0edc1c8f472979c201aaa60f59ac86a803 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 12:49:42 +0200 Subject: [PATCH 050/131] larger rootdisk size --- windows-vm-standard/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 8cbde7b..a85cf49 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -14,7 +14,7 @@ spec: storage: resources: requests: - storage: 60Gi + storage: 80Gi runStrategy: Always template: metadata: From 87de70c51ebe6a52d350a934d671b4bb747071a8 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 13:06:26 +0200 Subject: [PATCH 051/131] block storage not supported on AI 2 --- windows-vm-standard/pvc/datadisk.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/windows-vm-standard/pvc/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml index 4111e5b..6b8ccd6 100644 --- a/windows-vm-standard/pvc/datadisk.yaml +++ b/windows-vm-standard/pvc/datadisk.yaml @@ -4,7 +4,6 @@ metadata: name: windows-vm-datadisk spec: storageClassName: ibm-spectrum-scale-fileset - volumeMode: Block accessModes: - ReadWriteMany resources: From ca3e37e667dcb615b7542dfcd1d0d2e188f36622 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 13:10:59 +0200 Subject: [PATCH 052/131] changed volume mode --- windows-vm-standard/pvc/datadisk.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows-vm-standard/pvc/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml index 6b8ccd6..80074c7 100644 --- a/windows-vm-standard/pvc/datadisk.yaml +++ b/windows-vm-standard/pvc/datadisk.yaml @@ -4,6 +4,7 @@ metadata: name: windows-vm-datadisk spec: storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem accessModes: - ReadWriteMany resources: From 99076daf8ead9f18d20030b1bb3ce498f93bfa63 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:11:27 +0200 Subject: [PATCH 053/131] rootdisk to virtio --- windows-vm-standard/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index a85cf49..57442a5 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -39,7 +39,7 @@ spec: - port: 3389 disks: - disk: - bus: scsi + bus: virtio name: rootdisk - disk: bus: scsi From bd1784429c833c823b6798006f1429a96e69bee7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:46:02 +0200 Subject: [PATCH 054/131] added efi bootloader --- windows-vm-standard/vm/server.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 57442a5..96bc666 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -28,19 +28,28 @@ spec: guest: 8Gi devices: rng: {} - networkInterfaceMultiqueue: true + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} interfaces: - name: default + model: virtio masquerade: {} ports: - port: 8080 - port: 443 - port: 22 - port: 3389 + networkInterfaceMultiqueue: true disks: - disk: bus: virtio name: rootdisk + bootOrder: 1 - disk: bus: scsi name: datadisk From 387d3e65bf807b71b0bad690c82c29ef7bcb6544 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:47:23 +0200 Subject: [PATCH 055/131] remove model --- windows-vm-standard/vm/server.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 96bc666..de381cc 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -37,7 +37,6 @@ spec: efi: {} interfaces: - name: default - model: virtio masquerade: {} ports: - port: 8080 From aacdc46fb01190c0a08544890a2b88ee38e392ba Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:51:35 +0200 Subject: [PATCH 056/131] indent --- windows-vm-standard/vm/server.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index de381cc..29389f8 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -35,16 +35,16 @@ spec: firmware: bootloader: efi: {} - interfaces: - - name: default - masquerade: {} - ports: - - port: 8080 - - port: 443 - - port: 22 - - port: 3389 - networkInterfaceMultiqueue: true - disks: + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + networkInterfaceMultiqueue: true + disks: - disk: bus: virtio name: rootdisk From 55105e37045e505e7e03be3c25f628facdbe01b8 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:55:08 +0200 Subject: [PATCH 057/131] indent better --- windows-vm-standard/vm/server.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 29389f8..9ba0b94 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -35,16 +35,16 @@ spec: firmware: bootloader: efi: {} - interfaces: - - name: default - masquerade: {} - ports: - - port: 8080 - - port: 443 - - port: 22 - - port: 3389 - networkInterfaceMultiqueue: true - disks: + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + networkInterfaceMultiqueue: true + disks: - disk: bus: virtio name: rootdisk From bfd039dd326a2b495159e0a50e86c71c7d311516 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:58:00 +0200 Subject: [PATCH 058/131] indent even better --- windows-vm-standard/vm/server.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 9ba0b94..a7176dc 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -35,16 +35,16 @@ spec: firmware: bootloader: efi: {} + networkInterfaceMultiqueue: true interfaces: - - name: default - masquerade: {} - ports: - - port: 8080 - - port: 443 - - port: 22 - - port: 3389 - networkInterfaceMultiqueue: true - disks: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: - disk: bus: virtio name: rootdisk From 63019b65298feca9fbba31b1ad86253bde647842 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 15:01:45 +0200 Subject: [PATCH 059/131] put into wrong category --- windows-vm-standard/vm/server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index a7176dc..7e3adda 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -26,8 +26,6 @@ spec: cores: 4 memory: guest: 8Gi - devices: - rng: {} features: acpi: {} smm: @@ -35,6 +33,8 @@ spec: firmware: bootloader: efi: {} + devices: + rng: {} networkInterfaceMultiqueue: true interfaces: - name: default From 4d2924f7d44c9a00bab80c6adcb4c73354c977de Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 15:07:50 +0200 Subject: [PATCH 060/131] improvements --- windows-vm-standard/vm/server.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 7e3adda..cb65300 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -38,6 +38,7 @@ spec: networkInterfaceMultiqueue: true interfaces: - name: default + model: virtio masquerade: {} ports: - port: 8080 @@ -50,7 +51,7 @@ spec: name: rootdisk bootOrder: 1 - disk: - bus: scsi + bus: virtio name: datadisk # - disk: # bus: scsi From 64458e5bad059b2aee30052f606ad2d5ce231eb9 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 15:50:38 +0200 Subject: [PATCH 061/131] smm disable --- windows-vm-standard/vm/server.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index cb65300..991e8e5 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -29,7 +29,7 @@ spec: features: acpi: {} smm: - enabled: true + enabled: false firmware: bootloader: efi: {} @@ -49,7 +49,6 @@ spec: - disk: bus: virtio name: rootdisk - bootOrder: 1 - disk: bus: virtio name: datadisk From 4c5a76347d991003618648603cbb74e00d7898ae Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 15:52:26 +0200 Subject: [PATCH 062/131] enable smm --- windows-vm-standard/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 991e8e5..4c1dbde 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -29,7 +29,7 @@ spec: features: acpi: {} smm: - enabled: false + enabled: true firmware: bootloader: efi: {} From c32ae8b40a892183c5d5322d7d2f0a99a32e8f9f Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Fri, 30 May 2025 12:41:29 +0200 Subject: [PATCH 063/131] removed old method and added new test vm --- kustomization.yaml | 2 + windows-vm-1/windows/windows.yaml | 67 ---------- .../ks-pvc.yaml | 6 +- windows-vm-standard-dev/ks-vm.yaml | 18 +++ windows-vm-standard-dev/pvc/datadisk.yaml | 12 ++ windows-vm-standard-dev/vm/server.yaml | 120 ++++++++++++++++++ windows-vm-standard/vm/server.yaml | 5 +- 7 files changed, 157 insertions(+), 73 deletions(-) delete mode 100644 windows-vm-1/windows/windows.yaml rename windows-vm-1/ks.yaml => windows-vm-standard-dev/ks-pvc.yaml (79%) create mode 100644 windows-vm-standard-dev/ks-vm.yaml create mode 100644 windows-vm-standard-dev/pvc/datadisk.yaml create mode 100644 windows-vm-standard-dev/vm/server.yaml diff --git a/kustomization.yaml b/kustomization.yaml index 17f2750..aa1b067 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,8 @@ resources: - network/ks-lb.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml + - windows-vm-standard-dev/ks-vm.yaml + - windows-vm-standard-dev/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml - windows-vm-1/ks.yaml diff --git a/windows-vm-1/windows/windows.yaml b/windows-vm-1/windows/windows.yaml deleted file mode 100644 index 8da40a7..0000000 --- a/windows-vm-1/windows/windows.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: kubevirt.io/v1 -kind: VirtualMachine -metadata: - name: windows-server-2022-basic - namespace: ${TENANT_NAMESPACE} -spec: - running: true - template: - metadata: - annotations: - vm.kubevirt.io/os: win2k22 - vm.kubevirt.io/workload: server - labels: - kubevirt.io/domain: windows-server-2022-basic - kubevirt.io/size: small - spec: - domain: - cpu: - cores: 1 - sockets: 1 - threads: 1 - devices: - disks: - - disk: - bus: virtio - name: rootdisk - interfaces: - - masquerade: {} - model: virtio - name: default - networkInterfaceMultiqueue: true - rng: {} - features: - acpi: {} - smm: - enabled: true - firmware: - bootloader: - efi: {} - memory: - guest: 4Gi - hostname: windows-server-2022-basic - networks: - - name: default - pod: {} - terminationGracePeriodSeconds: 180 - volumes: - - name: rootdisk - dataVolume: - name: windows-server-2022-basic-dv ---- -apiVersion: cdi.kubevirt.io/v1beta1 -kind: DataVolume -metadata: - name: windows-server-2022-basic-dv - namespace: ${TENANT_NAMESPACE} -spec: - source: - http: - url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 - pvc: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 120Gi - storageClassName: ibm-spectrum-scale-fileset \ No newline at end of file diff --git a/windows-vm-1/ks.yaml b/windows-vm-standard-dev/ks-pvc.yaml similarity index 79% rename from windows-vm-1/ks.yaml rename to windows-vm-standard-dev/ks-pvc.yaml index 51b7431..4602a8e 100644 --- a/windows-vm-1/ks.yaml +++ b/windows-vm-standard-dev/ks-pvc.yaml @@ -1,13 +1,13 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app windows-vm-1 + name: &app windows-pvc-dev namespace: ${TENANT_NAMESPACE} spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./windows-vm-1/windows + path: ./windows-vm-standard-dev/pvc prune: true sourceRef: kind: GitRepository @@ -15,4 +15,4 @@ spec: wait: false interval: 30m retryInterval: 1m - timeout: 5m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-dev/ks-vm.yaml b/windows-vm-standard-dev/ks-vm.yaml new file mode 100644 index 0000000..c9fb291 --- /dev/null +++ b/windows-vm-standard-dev/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-standard-dev + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-dev/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-dev/pvc/datadisk.yaml b/windows-vm-standard-dev/pvc/datadisk.yaml new file mode 100644 index 0000000..86461b8 --- /dev/null +++ b/windows-vm-standard-dev/pvc/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-vm-datadisk-dev +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Gi diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml new file mode 100644 index 0000000..464be50 --- /dev/null +++ b/windows-vm-standard-dev/vm/server.yaml @@ -0,0 +1,120 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard-dev + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - apiVersion: cdi.kubevirt.io/v1beta1 + kind: DataVolume + metadata: + creationTimestamp: null + name: windows-rootdisk-dev + spec: + source: + http: + url: 'http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2' + storage: + resources: + requests: + storage: 60Gi + running: true + template: + metadata: + annotations: + vm.kubevirt.io/flavor: medium + vm.kubevirt.io/os: windows2k22 + vm.kubevirt.io/workload: server + creationTimestamp: null + labels: + kubevirt.io/domain: windows-vm-standard-dev + kubevirt.io/size: medium + spec: + architecture: amd64 + domain: + clock: + timer: + hpet: + present: false + hyperv: {} + pit: + tickPolicy: delay + rtc: + tickPolicy: catchup + utc: {} + cpu: + cores: 2 + sockets: 1 + threads: 2 + devices: + disks: + - disk: + bus: sata + name: rootdisk-dev + - cdrom: + bus: sata + name: windows-drivers-disk + - disk: + bus: sata + name: datadisk-dev + inputs: + - bus: usb + name: tablet + type: tablet + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + tpm: {} + features: + acpi: {} + apic: {} + hyperv: + reenlightenment: {} + ipi: {} + synic: {} + synictimer: + direct: {} + spinlocks: + spinlocks: 8191 + reset: {} + relaxed: {} + vpindex: {} + runtime: {} + tlbflush: {} + frequencies: {} + vapic: {} + smm: {} + firmware: + bootloader: + efi: + secureBoot: true + machine: + type: pc-q35-rhel9.2.0 + memory: + guest: 4Gi + resources: {} + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 3600 + volumes: + - name: rootdisk-dev + dataVolume: + name: windows-rootdisk-dev + - name: datadisk-dev + persistentVolumeClaim: + claimName: windows-vm-datadisk-dev + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init + - containerDisk: + image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' + name: windows-drivers-disk + diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 4c1dbde..c5adbf9 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -38,7 +38,6 @@ spec: networkInterfaceMultiqueue: true interfaces: - name: default - model: virtio masquerade: {} ports: - port: 8080 @@ -47,10 +46,10 @@ spec: - port: 3389 disks: - disk: - bus: virtio + bus: sata name: rootdisk - disk: - bus: virtio + bus: sata name: datadisk # - disk: # bus: scsi From 1b8a324f7e52136eea16b0c53d44c8f73fe5ab52 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 2 Jun 2025 12:43:21 +0200 Subject: [PATCH 064/131] added datasource --- windows-vm-standard-dev/vm/server.yaml | 8 ++++++-- windows-vm-standard/vm/server.yaml | 4 ++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 464be50..421aa0b 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -18,7 +18,11 @@ spec: resources: requests: storage: 60Gi - running: true + sourceRef: + kind: DataSource + name: win2k22 + namespace: kubevirt-os-images + running: Halted template: metadata: annotations: @@ -49,7 +53,7 @@ spec: devices: disks: - disk: - bus: sata + bus: virtio name: rootdisk-dev - cdrom: bus: sata diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index c5adbf9..8e381e4 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -15,6 +15,10 @@ spec: resources: requests: storage: 80Gi + sourceRef: + kind: DataSource + name: win2k22 + namespace: kubevirt-os-images runStrategy: Always template: metadata: From 84bd7195fca2e835886c97da6e3ca885e8222792 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 10:45:11 +0200 Subject: [PATCH 065/131] delete k record vm 1 --- kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/kustomization.yaml b/kustomization.yaml index aa1b067..7b3aa28 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -10,7 +10,6 @@ resources: - windows-vm-standard-dev/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml - - windows-vm-1/ks.yaml - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml From 631b4a1ede7b8a7638f92d72ea17d47f960f1b1c Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 10:52:13 +0200 Subject: [PATCH 066/131] changed running strategy and changed labels --- windows-vm-standard-dev/vm/server.yaml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 421aa0b..8e46587 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -22,17 +22,11 @@ spec: kind: DataSource name: win2k22 namespace: kubevirt-os-images - running: Halted + runStrategy: Always template: metadata: - annotations: - vm.kubevirt.io/flavor: medium - vm.kubevirt.io/os: windows2k22 - vm.kubevirt.io/workload: server - creationTimestamp: null labels: kubevirt.io/domain: windows-vm-standard-dev - kubevirt.io/size: medium spec: architecture: amd64 domain: @@ -59,7 +53,7 @@ spec: bus: sata name: windows-drivers-disk - disk: - bus: sata + bus: virtio name: datadisk-dev inputs: - bus: usb From 29d8d2fed281e2f1003f6b31def1f101afa49be5 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 11:51:08 +0200 Subject: [PATCH 067/131] Issue with Datasource --- windows-vm-standard-dev/vm/server.yaml | 102 ++++++++----------------- 1 file changed, 33 insertions(+), 69 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 8e46587..de407fd 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -5,15 +5,12 @@ metadata: namespace: ${TENANT_NAMESPACE} spec: dataVolumeTemplates: - - apiVersion: cdi.kubevirt.io/v1beta1 - kind: DataVolume - metadata: - creationTimestamp: null + - metadata: name: windows-rootdisk-dev spec: source: http: - url: 'http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2' + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 storage: resources: requests: @@ -28,38 +25,21 @@ spec: labels: kubevirt.io/domain: windows-vm-standard-dev spec: - architecture: amd64 domain: - clock: - timer: - hpet: - present: false - hyperv: {} - pit: - tickPolicy: delay - rtc: - tickPolicy: catchup - utc: {} cpu: - cores: 2 - sockets: 1 - threads: 2 + cores: 4 + memory: + guest: 8Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} devices: - disks: - - disk: - bus: virtio - name: rootdisk-dev - - cdrom: - bus: sata - name: windows-drivers-disk - - disk: - bus: virtio - name: datadisk-dev - inputs: - - bus: usb - name: tablet - type: tablet - networkInterfaceMultiqueue: true + rng: {} + networkInterfaceMultiqueue: true interfaces: - name: default masquerade: {} @@ -68,50 +48,34 @@ spec: - port: 443 - port: 22 - port: 3389 - tpm: {} - features: - acpi: {} - apic: {} - hyperv: - reenlightenment: {} - ipi: {} - synic: {} - synictimer: - direct: {} - spinlocks: - spinlocks: 8191 - reset: {} - relaxed: {} - vpindex: {} - runtime: {} - tlbflush: {} - frequencies: {} - vapic: {} - smm: {} - firmware: - bootloader: - efi: - secureBoot: true - machine: - type: pc-q35-rhel9.2.0 - memory: - guest: 4Gi - resources: {} + disks: + - disk: + bus: virtio + name: rootdisk-dev + - disk: + bus: virtio + name: datadisk-dev + - disk: + bus: sata + name: windows-drivers-disk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 networks: - name: default pod: {} - terminationGracePeriodSeconds: 3600 + terminationGracePeriodSeconds: 180 volumes: - name: rootdisk-dev dataVolume: name: windows-rootdisk-dev - - name: datadisk-dev + - name: datadisk persistentVolumeClaim: claimName: windows-vm-datadisk-dev - #- name: cloudinitdisk - # cloudInitNoCloud: - # secretRef: - # name: windows-cloud-init - containerDisk: image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' name: windows-drivers-disk From dc6e4274ddb03b5b661d83e05740689df5ddcfe7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:02:01 +0200 Subject: [PATCH 068/131] changed bus type again --- windows-vm-standard-dev/vm/server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index de407fd..02bc8f5 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -50,10 +50,10 @@ spec: - port: 3389 disks: - disk: - bus: virtio + bus: sata name: rootdisk-dev - disk: - bus: virtio + bus: sata name: datadisk-dev - disk: bus: sata From 989a3467bec9d25c02c2397593a4e432202042b7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:05:27 +0200 Subject: [PATCH 069/131] comment out driver disk --- windows-vm-standard-dev/vm/server.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 02bc8f5..47b6c58 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -55,9 +55,9 @@ spec: - disk: bus: sata name: datadisk-dev - - disk: - bus: sata - name: windows-drivers-disk + # - disk: + # bus: sata + # name: windows-drivers-disk resources: requests: memory: 8Gi @@ -76,7 +76,7 @@ spec: - name: datadisk persistentVolumeClaim: claimName: windows-vm-datadisk-dev - - containerDisk: - image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' - name: windows-drivers-disk + # - containerDisk: + # image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' + # name: windows-drivers-disk From 7134c2d905238f2bdec9541afba6b45e6a2e1681 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:07:14 +0200 Subject: [PATCH 070/131] wrong volume name --- windows-vm-standard-dev/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 47b6c58..1006eca 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -73,7 +73,7 @@ spec: - name: rootdisk-dev dataVolume: name: windows-rootdisk-dev - - name: datadisk + - name: datadisk-dev persistentVolumeClaim: claimName: windows-vm-datadisk-dev # - containerDisk: From 1118c89f663d81fc262c31de2da68c618ef74045 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:15:24 +0200 Subject: [PATCH 071/131] change to match redhat documentation --- windows-vm-standard-dev/vm/server.yaml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 1006eca..6be7c9c 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -32,11 +32,28 @@ spec: guest: 8Gi features: acpi: {} - smm: - enabled: true + apic: {} + smm: {} + hyperv: + relaxed: {} + vapic: {} + vpindex: {} + spinlocks: + spinlocks: 8191 + synic: {} + synictimer: + direct: {} + tlbflush: {} + frequencies: {} + reenlightenment: {} + ipi: {} + runtime: {} + reset: {} firmware: bootloader: - efi: {} + efi: + secureBoot: true + persistent: true devices: rng: {} networkInterfaceMultiqueue: true From be88f635f192a7db36f5b5fdef9b1be06728808b Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:20:36 +0200 Subject: [PATCH 072/131] changed smm to enabled (Secureboot) --- windows-vm-standard-dev/vm/server.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 6be7c9c..1fea5dc 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -33,7 +33,8 @@ spec: features: acpi: {} apic: {} - smm: {} + smm: + enabled: true hyperv: relaxed: {} vapic: {} @@ -51,9 +52,7 @@ spec: reset: {} firmware: bootloader: - efi: - secureBoot: true - persistent: true + efi: {} devices: rng: {} networkInterfaceMultiqueue: true From 49c60fe87e92392fd823db0c53c0a033c5532ca3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 16:27:11 +0200 Subject: [PATCH 073/131] Changed back to original code --- windows-vm-standard-dev/vm/server.yaml | 32 +++++++------------------- 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 1fea5dc..99ae506 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -14,7 +14,7 @@ spec: storage: resources: requests: - storage: 60Gi + storage: 80Gi sourceRef: kind: DataSource name: win2k22 @@ -32,24 +32,8 @@ spec: guest: 8Gi features: acpi: {} - apic: {} smm: enabled: true - hyperv: - relaxed: {} - vapic: {} - vpindex: {} - spinlocks: - spinlocks: 8191 - synic: {} - synictimer: - direct: {} - tlbflush: {} - frequencies: {} - reenlightenment: {} - ipi: {} - runtime: {} - reset: {} firmware: bootloader: efi: {} @@ -71,9 +55,9 @@ spec: - disk: bus: sata name: datadisk-dev - # - disk: - # bus: sata - # name: windows-drivers-disk + # - disk: + # bus: scsi + # name: cloudinitdisk resources: requests: memory: 8Gi @@ -92,7 +76,7 @@ spec: - name: datadisk-dev persistentVolumeClaim: claimName: windows-vm-datadisk-dev - # - containerDisk: - # image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' - # name: windows-drivers-disk - + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init From ad92d3393a345a32cf3322232c16c312e376c774 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 16:31:18 +0200 Subject: [PATCH 074/131] define secure boot boolean --- windows-vm-standard-dev/vm/server.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 99ae506..df3b980 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -36,7 +36,8 @@ spec: enabled: true firmware: bootloader: - efi: {} + efi: + secureBoot: true devices: rng: {} networkInterfaceMultiqueue: true From 4ac200e1dc1c1a62acf33f3f3fb76e4627162d08 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 25 Jun 2025 11:01:17 +0200 Subject: [PATCH 075/131] Added fortios to VM for testing --- firewall/ks-vm.yaml | 18 ++++++++++ firewall/vm/fortigate.yaml | 71 ++++++++++++++++++++++++++++++++++++++ kustomization.yaml | 1 + 3 files changed, 90 insertions(+) create mode 100644 firewall/ks-vm.yaml create mode 100644 firewall/vm/fortigate.yaml diff --git a/firewall/ks-vm.yaml b/firewall/ks-vm.yaml new file mode 100644 index 0000000..257d4ce --- /dev/null +++ b/firewall/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall/vm/fortigate.yaml b/firewall/vm/fortigate.yaml new file mode 100644 index 0000000..9d6f2f3 --- /dev/null +++ b/firewall/vm/fortigate.yaml @@ -0,0 +1,71 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/fortios_v7_6_3.qcow2 + storage: + resources: + requests: + storage: 20Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + disks: + - disk: + bus: sata + name: rootdisk + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init diff --git a/kustomization.yaml b/kustomization.yaml index 7b3aa28..bc48a2c 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -4,6 +4,7 @@ resources: - vars/ks.yaml - repos/ks.yaml - network/ks-lb.yaml + - firewall/ks-vm.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml From 628d1de0e30b734123f178bf21ca9784455f6f3b Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 25 Jun 2025 11:09:35 +0200 Subject: [PATCH 076/131] removed unneccessary settings and SMM --- firewall/vm/fortigate.yaml | 40 ++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/firewall/vm/fortigate.yaml b/firewall/vm/fortigate.yaml index 9d6f2f3..84f2088 100644 --- a/firewall/vm/fortigate.yaml +++ b/firewall/vm/fortigate.yaml @@ -8,13 +8,10 @@ spec: - metadata: name: fortigate-rootdisk spec: - source: - http: - url: http://nginx.demo.svc.cluster.local:8080/fortios_v7_6_3.qcow2 storage: resources: requests: - storage: 20Gi + storage: 30Gi runStrategy: Always template: metadata: @@ -26,13 +23,6 @@ spec: cores: 2 memory: guest: 4Gi - features: - acpi: {} - smm: - enabled: true - firmware: - bootloader: - efi: {} devices: rng: {} networkInterfaceMultiqueue: true @@ -40,16 +30,21 @@ spec: - name: default masquerade: {} ports: - - port: 8080 - - port: 443 - - port: 22 + - port: 80 + - port: 443 + - port: 22 + - port: 2222 + - port: 5050 disks: - disk: bus: sata name: rootdisk - # - disk: - # bus: scsi - # name: cloudinitdisk + # - disk: + # bus: scsi + # name: datadisk + # - disk: + # bus: scsi + # name: cloudinitdisk resources: requests: memory: 4Gi @@ -65,7 +60,10 @@ spec: - name: rootdisk dataVolume: name: fortigate-rootdisk - #- name: cloudinitdisk - # cloudInitNoCloud: - # secretRef: - # name: windows-cloud-init + # - name: datadisk + # persistentVolumeClaim: + # claimName: gitlab-datadisk + # - name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: gitlab-cloud-init \ No newline at end of file From 8862ff90eb24573b2bddf7921751b34e5ced84ca Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 30 Jun 2025 11:48:40 +0200 Subject: [PATCH 077/131] Added firewall test deploy from S3 Bucket --- firewall-dev/ks-vm.yaml | 18 ++++++++++ firewall-dev/vm/fortigate.yaml | 64 ++++++++++++++++++++++++++++++++++ kustomization.yaml | 1 + 3 files changed, 83 insertions(+) create mode 100644 firewall-dev/ks-vm.yaml create mode 100644 firewall-dev/vm/fortigate.yaml diff --git a/firewall-dev/ks-vm.yaml b/firewall-dev/ks-vm.yaml new file mode 100644 index 0000000..11a4382 --- /dev/null +++ b/firewall-dev/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall-dev/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall-dev/vm/fortigate.yaml b/firewall-dev/vm/fortigate.yaml new file mode 100644 index 0000000..c0433e6 --- /dev/null +++ b/firewall-dev/vm/fortigate.yaml @@ -0,0 +1,64 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate-dev + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk-dev + spec: + source: + http: + url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_v7_6_3.qcow2 + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate-dev + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: true + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 443 + - port: 22 + disks: + - disk: + bus: sata + name: rootdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk-dev \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index bc48a2c..3214af5 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -5,6 +5,7 @@ resources: - repos/ks.yaml - network/ks-lb.yaml - firewall/ks-vm.yaml + - firewall-dev/ks-vm.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml From b30d7684722a150f91b1431a539534025878c099 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 30 Jun 2025 15:39:02 +0200 Subject: [PATCH 078/131] forgot to change app name in ks file --- firewall-dev/ks-vm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-dev/ks-vm.yaml b/firewall-dev/ks-vm.yaml index 11a4382..aa1db72 100644 --- a/firewall-dev/ks-vm.yaml +++ b/firewall-dev/ks-vm.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app fortigate + name: &app fortigate-dev namespace: ${TENANT_NAMESPACE} spec: commonMetadata: From d5f84048356f3ef82e9d77de599e781ab6a69a6b Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 30 Jun 2025 15:44:12 +0200 Subject: [PATCH 079/131] changed to nginx image --- firewall-dev/vm/fortigate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-dev/vm/fortigate.yaml b/firewall-dev/vm/fortigate.yaml index c0433e6..0a987a8 100644 --- a/firewall-dev/vm/fortigate.yaml +++ b/firewall-dev/vm/fortigate.yaml @@ -10,7 +10,7 @@ spec: spec: source: http: - url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_v7_6_3.qcow2 + url: http://nginx.demo.svc.cluster.local:8080/fortios_v7_6_3.qcow2 storage: resources: requests: From eeaece034fa600849b888dae0e87208f0f7608fc Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 2 Jul 2025 15:18:01 +0200 Subject: [PATCH 080/131] added s3 secret base64 encoded and S3 Firewall --- firewall-s3/ks-vm.yaml | 18 ++++++++++ firewall-s3/vm/fortigate.yaml | 66 +++++++++++++++++++++++++++++++++++ kustomization.yaml | 1 + vars/demo/s3-secret.yaml | 9 +++++ 4 files changed, 94 insertions(+) create mode 100644 firewall-s3/ks-vm.yaml create mode 100644 firewall-s3/vm/fortigate.yaml create mode 100644 vars/demo/s3-secret.yaml diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml new file mode 100644 index 0000000..a365abc --- /dev/null +++ b/firewall-s3/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall-s3/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml new file mode 100644 index 0000000..422038c --- /dev/null +++ b/firewall-s3/vm/fortigate.yaml @@ -0,0 +1,66 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk-s3 + spec: + source: + http: + url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 + secretRef: + name: s3-virt-credentials + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate-s3 + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: true + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 443 + - port: 22 + disks: + - disk: + bus: sata + name: rootdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk-s3 \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index 3214af5..8aec8be 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,7 @@ resources: - network/ks-lb.yaml - firewall/ks-vm.yaml - firewall-dev/ks-vm.yaml + - firewall-s3/ks-vm.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml diff --git a/vars/demo/s3-secret.yaml b/vars/demo/s3-secret.yaml new file mode 100644 index 0000000..d47fd4a --- /dev/null +++ b/vars/demo/s3-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-virt-credentials + namespace: ${TENANT_NAMESPACE} +type: Opaque +data: + accessKeyId: WWozQTdUdHgzbjNOa3NsS2VodzM= + secretKey: SUZJRWtSbnJnWDRPcnlNWmtSSjlheG41UlpnSTZhMjBvVW82Tm1lRA== \ No newline at end of file From 98ee757f94d24083b5c87ca9a417644306c724a6 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 2 Jul 2025 15:39:53 +0200 Subject: [PATCH 081/131] changed secret reference to Old CDI format --- firewall-s3/vm/fortigate.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 422038c..91352bc 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -11,8 +11,7 @@ spec: source: http: url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 - secretRef: - name: s3-virt-credentials + secretRef: s3-virt-credentials storage: resources: requests: From 633f1ca564e49be2cecb9306ab1dd024e8fdfae6 Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 12:59:34 +0200 Subject: [PATCH 082/131] Set external ingress classname for nginx --- templates/image-server/nginx/helmrelease.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 2822a7e..1175b50 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -22,6 +22,7 @@ spec: ingress: enabled: true hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud + ingressClassName: external extraVolumes: - name: ${TENANT_NAMESPACE}-image-storage persistentVolumeClaim: From de9f1d50147c613bb67832bd744243b1f425445e Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 13:01:28 +0200 Subject: [PATCH 083/131] Set proper domain --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 1175b50..761867c 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -21,7 +21,7 @@ spec: http: 8080 ingress: enabled: true - hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud + hostname: nginx.${TENANT_DOMAIN} ingressClassName: external extraVolumes: - name: ${TENANT_NAMESPACE}-image-storage From 284040d0654c5134a72fff2f5e8f7a8d339b321c Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 13:09:37 +0200 Subject: [PATCH 084/131] Use lb --- templates/image-server/nginx/helmrelease.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 761867c..ba01c8e 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -16,9 +16,7 @@ spec: namespace: ${TENANT_NAMESPACE} values: service: - type: ClusterIP - ports: - http: 8080 + loadBalancer: ingress: enabled: true hostname: nginx.${TENANT_DOMAIN} From 883d8152b837cb0d6005cbc3c0e70dbd108c9030 Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 13:11:34 +0200 Subject: [PATCH 085/131] Use ip --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index ba01c8e..4dddebb 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -16,7 +16,7 @@ spec: namespace: ${TENANT_NAMESPACE} values: service: - loadBalancer: + clusterIP: ingress: enabled: true hostname: nginx.${TENANT_DOMAIN} From 9532ba8fe87c71f233fbdef65168867b6af427cb Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 13:16:51 +0200 Subject: [PATCH 086/131] Resolve conflict --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 4dddebb..0937d41 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -16,7 +16,7 @@ spec: namespace: ${TENANT_NAMESPACE} values: service: - clusterIP: + type: ClusterIP ingress: enabled: true hostname: nginx.${TENANT_DOMAIN} From 32ff5115f01299405fc62a721f71fd5183b5a50d Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Fri, 4 Jul 2025 13:48:07 +0200 Subject: [PATCH 087/131] change port and change https to http in URL --- firewall-dev/vm/fortigate.yaml | 2 +- firewall-s3/vm/fortigate.yaml | 2 +- firewall/vm/fortigate.yaml | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/firewall-dev/vm/fortigate.yaml b/firewall-dev/vm/fortigate.yaml index 0a987a8..e0b92a8 100644 --- a/firewall-dev/vm/fortigate.yaml +++ b/firewall-dev/vm/fortigate.yaml @@ -10,7 +10,7 @@ spec: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/fortios_v7_6_3.qcow2 + url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 storage: resources: requests: diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 91352bc..caaaf55 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -10,7 +10,7 @@ spec: spec: source: http: - url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 + url: http://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 secretRef: s3-virt-credentials storage: resources: diff --git a/firewall/vm/fortigate.yaml b/firewall/vm/fortigate.yaml index 84f2088..b0f6236 100644 --- a/firewall/vm/fortigate.yaml +++ b/firewall/vm/fortigate.yaml @@ -8,6 +8,9 @@ spec: - metadata: name: fortigate-rootdisk spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 storage: resources: requests: From 1a44751d9473cf6c0872d2275975995b04cc4edd Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 11:23:52 +0200 Subject: [PATCH 088/131] comment out secretref --- firewall-s3/vm/fortigate.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index caaaf55..f026b4c 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -10,8 +10,8 @@ spec: spec: source: http: - url: http://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 - secretRef: s3-virt-credentials + url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" + #secretRef: s3-virt-credentials storage: resources: requests: From 8e7ea5767393ac1428a636e221f1df1f9f322169 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 16:57:00 +0200 Subject: [PATCH 089/131] multi interface test --- firewall-s3/vm/fortigate.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index f026b4c..40dc30b 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -39,11 +39,15 @@ spec: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: default + - name: public + masquerade: {} + ports: + - port: 500 + - port: 4500 + - name: internal masquerade: {} ports: - port: 443 - - port: 22 disks: - disk: bus: sata From bd27459945d1c6d6389dbdffa3fbd3179403d2a3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 17:31:31 +0200 Subject: [PATCH 090/131] revert changes --- firewall-s3/vm/fortigate.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 40dc30b..3a36963 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -39,15 +39,11 @@ spec: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: public + - name: default masquerade: {} ports: - port: 500 - port: 4500 - - name: internal - masquerade: {} - ports: - - port: 443 disks: - disk: bus: sata From 1e611e5621291a193497f85684f11e5d3a907b4d Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 17:40:47 +0200 Subject: [PATCH 091/131] added network defs --- firewall-s3/vm/fortigate.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 3a36963..23c00e5 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -56,7 +56,9 @@ spec: memory: 4Gi cpu: 2 networks: - - name: default + - name: external + pod: {} + - name: internal pod: {} terminationGracePeriodSeconds: 180 volumes: From 070ef198ed7fc9fb738280277a8bdb4f15f7a053 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 17:50:44 +0200 Subject: [PATCH 092/131] add networks --- firewall-s3/vm/fortigate.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 23c00e5..6e0a2ef 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -39,7 +39,12 @@ spec: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: default + - name: internal + masquerade: {} + ports: + - port: 500 + - port: 4500 + - name: external masquerade: {} ports: - port: 500 From 4cf5bfcceb87039f96211b2acfc7c6f37c09eabb Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 17:58:30 +0200 Subject: [PATCH 093/131] mutlus required --- firewall-s3/vm/fortigate.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 6e0a2ef..582ec8e 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -44,11 +44,11 @@ spec: ports: - port: 500 - port: 4500 - - name: external - masquerade: {} - ports: - - port: 500 - - port: 4500 + #- name: external + # masquerade: {} + # ports: + # - port: 500 + # - port: 4500 disks: - disk: bus: sata @@ -61,8 +61,8 @@ spec: memory: 4Gi cpu: 2 networks: - - name: external - pod: {} + #- name: external + # pod: {} - name: internal pod: {} terminationGracePeriodSeconds: 180 From 410cb991734707318cf1463ec669b2f59711d8ae Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:00:51 +0200 Subject: [PATCH 094/131] change port and add lb --- firewall-s3/vm/fortigate.yaml | 21 +++++------------- network/ks-lb.yaml | 2 +- network/loadbalancers/fortigate-lb.yaml | 29 +++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 16 deletions(-) create mode 100644 network/loadbalancers/fortigate-lb.yaml diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 582ec8e..5fd7914 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -3,6 +3,8 @@ kind: VirtualMachine metadata: name: fortigate-s3 namespace: ${TENANT_NAMESPACE} + annotations: + #kubevirt.io/allow-pod-bridge-network-live-migration: spec: dataVolumeTemplates: - metadata: @@ -29,26 +31,17 @@ spec: guest: 4Gi features: acpi: {} - smm: + smm: enabled: true firmware: bootloader: efi: - secureBoot: true devices: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: internal - masquerade: {} - ports: - - port: 500 - - port: 4500 - #- name: external - # masquerade: {} - # ports: - # - port: 500 - # - port: 4500 + - name: external + bridge: {} disks: - disk: bus: sata @@ -61,9 +54,7 @@ spec: memory: 4Gi cpu: 2 networks: - #- name: external - # pod: {} - - name: internal + - name: external pod: {} terminationGracePeriodSeconds: 180 volumes: diff --git a/network/ks-lb.yaml b/network/ks-lb.yaml index bfb3107..25ae3ef 100644 --- a/network/ks-lb.yaml +++ b/network/ks-lb.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app windows-lb + name: &app lb namespace: ${TENANT_NAMESPACE} spec: commonMetadata: diff --git a/network/loadbalancers/fortigate-lb.yaml b/network/loadbalancers/fortigate-lb.yaml new file mode 100644 index 0000000..13f8eae --- /dev/null +++ b/network/loadbalancers/fortigate-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + - port: 22 + name: ssh + targetPort: 22 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-s3 \ No newline at end of file From da7f7f73c148b7abd93073f20265a8c1946d55c5 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:02:58 +0200 Subject: [PATCH 095/131] added object --- firewall-s3/vm/fortigate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 5fd7914..51cd118 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -35,7 +35,7 @@ spec: enabled: true firmware: bootloader: - efi: + efi: {} devices: rng: {} networkInterfaceMultiqueue: true From 516c1bd03493c5655bbf8e2bc8d3f7e28d9309fe Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:07:05 +0200 Subject: [PATCH 096/131] added secure boot again --- firewall-s3/vm/fortigate.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 51cd118..8964c92 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -35,7 +35,8 @@ spec: enabled: true firmware: bootloader: - efi: {} + efi: + secureBoot: true devices: rng: {} networkInterfaceMultiqueue: true From 6a719ccdc8fdcb4c0c3b218f11eeaf447700f468 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:08:25 +0200 Subject: [PATCH 097/131] set SB to false --- firewall-s3/vm/fortigate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 8964c92..4d462bb 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -36,7 +36,7 @@ spec: firmware: bootloader: efi: - secureBoot: true + secureBoot: false devices: rng: {} networkInterfaceMultiqueue: true From 9980d50b0711b479cc0622ac1124618b3a32b3c3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:34:37 +0200 Subject: [PATCH 098/131] test with masq --- firewall-s3/vm/fortigate.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 4d462bb..755f5ea 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -42,7 +42,12 @@ spec: networkInterfaceMultiqueue: true interfaces: - name: external - bridge: {} + masquerade: {} + ports: + - port: 4500 + - port: 443 + - port: 22 + - port: 500 disks: - disk: bus: sata From f76153ff5dc34551de5515a48a85ab72b4ee4ce4 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 22 Jul 2025 10:47:20 +0200 Subject: [PATCH 099/131] new test of fortigate for KSD --- firewall-dev/ks-vm.yaml | 18 ----- firewall-dev/vm/fortigate.yaml | 64 ----------------- firewall-s3/ks-vm.yaml | 2 +- .../vm/ksd/loadbalancers/fortigate-wan.yaml | 30 ++++++++ .../vm/ksd/network-definitions/lan.yaml | 20 ++++++ .../vm/ksd/network-definitions/mgmt.yaml | 14 ++++ firewall-s3/vm/{ => ksd/vm}/fortigate.yaml | 38 ++++++---- firewall/ks-vm.yaml | 18 ----- firewall/vm/fortigate.yaml | 72 ------------------- ubuntu-vm-1/ubuntu/ubuntu-vm.yaml | 16 +++-- 10 files changed, 97 insertions(+), 195 deletions(-) delete mode 100644 firewall-dev/ks-vm.yaml delete mode 100644 firewall-dev/vm/fortigate.yaml create mode 100644 firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml create mode 100644 firewall-s3/vm/ksd/network-definitions/lan.yaml create mode 100644 firewall-s3/vm/ksd/network-definitions/mgmt.yaml rename firewall-s3/vm/{ => ksd/vm}/fortigate.yaml (66%) delete mode 100644 firewall/ks-vm.yaml delete mode 100644 firewall/vm/fortigate.yaml diff --git a/firewall-dev/ks-vm.yaml b/firewall-dev/ks-vm.yaml deleted file mode 100644 index aa1db72..0000000 --- a/firewall-dev/ks-vm.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app fortigate-dev - namespace: ${TENANT_NAMESPACE} -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./firewall-dev/vm - prune: true - sourceRef: - kind: GitRepository - name: tenant-repos - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m \ No newline at end of file diff --git a/firewall-dev/vm/fortigate.yaml b/firewall-dev/vm/fortigate.yaml deleted file mode 100644 index e0b92a8..0000000 --- a/firewall-dev/vm/fortigate.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: kubevirt.io/v1 -kind: VirtualMachine -metadata: - name: fortigate-dev - namespace: ${TENANT_NAMESPACE} -spec: - dataVolumeTemplates: - - metadata: - name: fortigate-rootdisk-dev - spec: - source: - http: - url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 - storage: - resources: - requests: - storage: 30Gi - runStrategy: Always - template: - metadata: - labels: - kubevirt.io/domain: fortigate-dev - spec: - domain: - cpu: - cores: 2 - memory: - guest: 4Gi - features: - acpi: {} - smm: - enabled: true - firmware: - bootloader: - efi: - secureBoot: true - devices: - rng: {} - networkInterfaceMultiqueue: true - interfaces: - - name: default - masquerade: {} - ports: - - port: 443 - - port: 22 - disks: - - disk: - bus: sata - name: rootdisk - resources: - requests: - memory: 4Gi - cpu: 2 - limits: - memory: 4Gi - cpu: 2 - networks: - - name: default - pod: {} - terminationGracePeriodSeconds: 180 - volumes: - - name: rootdisk - dataVolume: - name: fortigate-rootdisk-dev \ No newline at end of file diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml index a365abc..61e2924 100644 --- a/firewall-s3/ks-vm.yaml +++ b/firewall-s3/ks-vm.yaml @@ -7,7 +7,7 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./firewall-s3/vm + path: ./firewall-s3/vm/ksd prune: true sourceRef: kind: GitRepository diff --git a/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml b/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml new file mode 100644 index 0000000..00ea2c3 --- /dev/null +++ b/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + #- port: 22 + # name: ssh + # targetPort: 22 + # protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/vm/ksd/network-definitions/lan.yaml b/firewall-s3/vm/ksd/network-definitions/lan.yaml new file mode 100644 index 0000000..ccc343b --- /dev/null +++ b/firewall-s3/vm/ksd/network-definitions/lan.yaml @@ -0,0 +1,20 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: lan-net + namespace: ${TENANT_NAMESPACE} +spec: + config: '{ + "cniVersion": "0.3.1", + "type": "bridge", + "bridge": "br-lan", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "172.168.100.2/24", + "gateway": "172.168.100.1" + } + ] + } + }' \ No newline at end of file diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml new file mode 100644 index 0000000..a1e6f34 --- /dev/null +++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml @@ -0,0 +1,14 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: mgmt-net + namespace: ${TENANT_NAMESPACE} +spec: + config: '{ + "cniVersion": "0.3.1", + "type": "bridge", + "bridge": "br-mgmt", + "ipam": { + "type": "dhcp" + } + }' \ No newline at end of file diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/ksd/vm/fortigate.yaml similarity index 66% rename from firewall-s3/vm/fortigate.yaml rename to firewall-s3/vm/ksd/vm/fortigate.yaml index 755f5ea..83562dd 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/ksd/vm/fortigate.yaml @@ -1,14 +1,12 @@ apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: - name: fortigate-s3 + name: fortigate-ksd namespace: ${TENANT_NAMESPACE} - annotations: - #kubevirt.io/allow-pod-bridge-network-live-migration: spec: dataVolumeTemplates: - metadata: - name: fortigate-rootdisk-s3 + name: fortigate-rootdisk-ksd spec: source: http: @@ -22,16 +20,16 @@ spec: template: metadata: labels: - kubevirt.io/domain: fortigate-s3 + kubevirt.io/domain: fortigate-ksd spec: domain: cpu: - cores: 2 + cores: 1 memory: - guest: 4Gi + guest: 2Gi features: acpi: {} - smm: + smm: enabled: true firmware: bootloader: @@ -41,29 +39,39 @@ spec: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: external + - name: wan masquerade: {} ports: - port: 4500 - port: 443 - port: 22 - port: 500 + - name: mgmt + bridge: {} + - name: lan + bridge: {} disks: - disk: bus: sata name: rootdisk resources: requests: - memory: 4Gi - cpu: 2 + memory: 2Gi + cpu: 1 limits: - memory: 4Gi - cpu: 2 + memory: 2Gi + cpu: 1 networks: - - name: external + - name: wan pod: {} + - name: mgmt + multus: + networkName: ${TENANT_NAMESPACE}/mgmt-net + - name: lan + multus: + networkName: ${TENANT_NAMESPACE}/lan-net terminationGracePeriodSeconds: 180 volumes: - name: rootdisk dataVolume: - name: fortigate-rootdisk-s3 \ No newline at end of file + name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/firewall/ks-vm.yaml b/firewall/ks-vm.yaml deleted file mode 100644 index 257d4ce..0000000 --- a/firewall/ks-vm.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app fortigate - namespace: ${TENANT_NAMESPACE} -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./firewall/vm - prune: true - sourceRef: - kind: GitRepository - name: tenant-repos - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m \ No newline at end of file diff --git a/firewall/vm/fortigate.yaml b/firewall/vm/fortigate.yaml deleted file mode 100644 index b0f6236..0000000 --- a/firewall/vm/fortigate.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: kubevirt.io/v1 -kind: VirtualMachine -metadata: - name: fortigate - namespace: ${TENANT_NAMESPACE} -spec: - dataVolumeTemplates: - - metadata: - name: fortigate-rootdisk - spec: - source: - http: - url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 - storage: - resources: - requests: - storage: 30Gi - runStrategy: Always - template: - metadata: - labels: - kubevirt.io/domain: fortigate - spec: - domain: - cpu: - cores: 2 - memory: - guest: 4Gi - devices: - rng: {} - networkInterfaceMultiqueue: true - interfaces: - - name: default - masquerade: {} - ports: - - port: 80 - - port: 443 - - port: 22 - - port: 2222 - - port: 5050 - disks: - - disk: - bus: sata - name: rootdisk - # - disk: - # bus: scsi - # name: datadisk - # - disk: - # bus: scsi - # name: cloudinitdisk - resources: - requests: - memory: 4Gi - cpu: 2 - limits: - memory: 4Gi - cpu: 2 - networks: - - name: default - pod: {} - terminationGracePeriodSeconds: 180 - volumes: - - name: rootdisk - dataVolume: - name: fortigate-rootdisk - # - name: datadisk - # persistentVolumeClaim: - # claimName: gitlab-datadisk - # - name: cloudinitdisk - # cloudInitNoCloud: - # secretRef: - # name: gitlab-cloud-init \ No newline at end of file diff --git a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml index af8a38c..31e1d2e 100644 --- a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml @@ -38,11 +38,13 @@ spec: cloudInitNoCloud: userData: | #cloud-config - hostname: ubuntu-vm-1 - ssh_pwauth: True users: - - name: ubuntu - ssh-authorized-keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu - sudo: ['ALL=(ALL) NOPASSWD:ALL'] - shell: /bin/bash \ No newline at end of file + - name: testuser + groups: [sudo] + sudo: "ALL=(ALL) NOPASSWD:ALL" + lock_passwd: false + passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" + + chpasswd: + expire: false + ssh_pwauth: true \ No newline at end of file From b15d8e68826d01e235161fe1664d858837e82946 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 22 Jul 2025 12:16:37 +0200 Subject: [PATCH 100/131] changed NAD to static to test --- .../vm/ksd/network-definitions/mgmt.yaml | 8 +- firewall-s3/vm/ksd/vm/strongswan.yaml | 73 +++++++++++++++++++ 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 firewall-s3/vm/ksd/vm/strongswan.yaml diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml index a1e6f34..7be17a8 100644 --- a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml +++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml @@ -9,6 +9,12 @@ spec: "type": "bridge", "bridge": "br-mgmt", "ipam": { - "type": "dhcp" + "type": "static", + "addresses": [ + { + "address": "192.168.10.100/24", + "gateway": "192.168.10.1" + } + ] } }' \ No newline at end of file diff --git a/firewall-s3/vm/ksd/vm/strongswan.yaml b/firewall-s3/vm/ksd/vm/strongswan.yaml new file mode 100644 index 0000000..e346a59 --- /dev/null +++ b/firewall-s3/vm/ksd/vm/strongswan.yaml @@ -0,0 +1,73 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: strongswan + namespace: ${TENANT_NAMESPACE} +spec: + running: true + template: + metadata: + labels: + kubevirt.io/domain: strongswan + spec: + domain: + cpu: + cores: 2 + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 + memory: + guest: 2Gi + devices: + rng: {} + networkInterfaceMultiqueue: true + disks: + - name: containerdisk + disk: + bus: virtio + - name: cloudinitdisk + disk: + bus: virtio + interfaces: + - name: wan + masquerade: {} + ports: + - port: 4500 + - port: 443 + - port: 22 + - port: 500 + - name: mgmt + bridge: {} + - name: lan + bridge: {} + networks: + - name: wan + pod: {} + - name: mgmt + multus: + networkName: ${TENANT_NAMESPACE}/mgmt-net + - name: lan + multus: + networkName: ${TENANT_NAMESPACE}/lan-net + terminationGracePeriodSeconds: 180 + volumes: + - name: containerdisk + containerDisk: + image: quay.io/containerdisks/ubuntu:22.04 + - name: cloudinitdisk + cloudInitNoCloud: + userData: | + #cloud-config + users: + - name: testuser + groups: [sudo] + sudo: "ALL=(ALL) NOPASSWD:ALL" + lock_passwd: false + passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" + chpasswd: + expire: false + ssh_pwauth: true \ No newline at end of file From fb1c82659fd7ccd547388522da35dce7c2d2dd38 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 11:29:24 +0200 Subject: [PATCH 101/131] Update kustomization --- firewall-s3/ks-vm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml index 61e2924..827133e 100644 --- a/firewall-s3/ks-vm.yaml +++ b/firewall-s3/ks-vm.yaml @@ -7,7 +7,7 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./firewall-s3/vm/ksd + path: ./firewall-s3 prune: true sourceRef: kind: GitRepository From c84c1fcd788476ff1d39635753c3c8d17dc8b3f6 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 13:02:04 +0200 Subject: [PATCH 102/131] Add test-connectivity --- .../loadbalancers/fortigate-wan.yaml | 30 ++++++++ .../network-definitions/lan.yaml | 20 +++++ .../network-definitions/mgmt.yaml | 20 +++++ .../test-connectivity/vm/fortigate.yaml | 77 +++++++++++++++++++ .../test-connectivity/vm/strongswan.yaml | 73 ++++++++++++++++++ 5 files changed, 220 insertions(+) create mode 100644 firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml create mode 100644 firewall-s3/test-connectivity/network-definitions/lan.yaml create mode 100644 firewall-s3/test-connectivity/network-definitions/mgmt.yaml create mode 100644 firewall-s3/test-connectivity/vm/fortigate.yaml create mode 100644 firewall-s3/test-connectivity/vm/strongswan.yaml diff --git a/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml new file mode 100644 index 0000000..fd0a1db --- /dev/null +++ b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb-test + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + #- port: 22 + # name: ssh + # targetPort: 22 + # protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/test-connectivity/network-definitions/lan.yaml b/firewall-s3/test-connectivity/network-definitions/lan.yaml new file mode 100644 index 0000000..1c32a21 --- /dev/null +++ b/firewall-s3/test-connectivity/network-definitions/lan.yaml @@ -0,0 +1,20 @@ +# apiVersion: "k8s.cni.cncf.io/v1" +# kind: NetworkAttachmentDefinition +# metadata: +# name: lan-net +# namespace: ${TENANT_NAMESPACE} +# spec: +# config: '{ +# "cniVersion": "0.3.1", +# "type": "bridge", +# "bridge": "br-lan", +# "ipam": { +# "type": "static", +# "addresses": [ +# { +# "address": "172.168.100.2/24", +# "gateway": "172.168.100.1" +# } +# ] +# } +# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/network-definitions/mgmt.yaml b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml new file mode 100644 index 0000000..1f18275 --- /dev/null +++ b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml @@ -0,0 +1,20 @@ +# apiVersion: "k8s.cni.cncf.io/v1" +# kind: NetworkAttachmentDefinition +# metadata: +# name: mgmt-net +# namespace: ${TENANT_NAMESPACE} +# spec: +# config: '{ +# "cniVersion": "0.3.1", +# "type": "bridge", +# "bridge": "br-mgmt", +# "ipam": { +# "type": "static", +# "addresses": [ +# { +# "address": "192.168.10.100/24", +# "gateway": "192.168.10.1" +# } +# ] +# } +# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/fortigate.yaml b/firewall-s3/test-connectivity/vm/fortigate.yaml new file mode 100644 index 0000000..d1d61bf --- /dev/null +++ b/firewall-s3/test-connectivity/vm/fortigate.yaml @@ -0,0 +1,77 @@ +# apiVersion: kubevirt.io/v1 +# kind: VirtualMachine +# metadata: +# name: fortigate-ksd +# namespace: ${TENANT_NAMESPACE} +# spec: +# dataVolumeTemplates: +# - metadata: +# name: fortigate-rootdisk-ksd +# spec: +# source: +# http: +# url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" +# #secretRef: s3-virt-credentials +# storage: +# resources: +# requests: +# storage: 30Gi +# runStrategy: Always +# template: +# metadata: +# labels: +# kubevirt.io/domain: fortigate-ksd +# spec: +# domain: +# cpu: +# cores: 1 +# memory: +# guest: 2Gi +# features: +# acpi: {} +# smm: +# enabled: true +# firmware: +# bootloader: +# efi: +# secureBoot: false +# devices: +# rng: {} +# networkInterfaceMultiqueue: true +# interfaces: +# - name: wan +# masquerade: {} +# ports: +# - port: 4500 +# - port: 443 +# - port: 22 +# - port: 500 +# - name: mgmt +# bridge: {} +# - name: lan +# bridge: {} +# disks: +# - disk: +# bus: sata +# name: rootdisk +# resources: +# requests: +# memory: 2Gi +# cpu: 1 +# limits: +# memory: 2Gi +# cpu: 1 +# networks: +# - name: wan +# pod: {} +# - name: mgmt +# multus: +# networkName: ${TENANT_NAMESPACE}/mgmt-net +# - name: lan +# multus: +# networkName: ${TENANT_NAMESPACE}/lan-net +# terminationGracePeriodSeconds: 180 +# volumes: +# - name: rootdisk +# dataVolume: +# name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/strongswan.yaml b/firewall-s3/test-connectivity/vm/strongswan.yaml new file mode 100644 index 0000000..f982232 --- /dev/null +++ b/firewall-s3/test-connectivity/vm/strongswan.yaml @@ -0,0 +1,73 @@ +# apiVersion: kubevirt.io/v1 +# kind: VirtualMachine +# metadata: +# name: strongswan +# namespace: ${TENANT_NAMESPACE} +# spec: +# running: true +# template: +# metadata: +# labels: +# kubevirt.io/domain: strongswan +# spec: +# domain: +# cpu: +# cores: 2 +# resources: +# requests: +# memory: 2Gi +# cpu: 1 +# limits: +# memory: 2Gi +# cpu: 2 +# memory: +# guest: 2Gi +# devices: +# rng: {} +# networkInterfaceMultiqueue: true +# disks: +# - name: containerdisk +# disk: +# bus: virtio +# - name: cloudinitdisk +# disk: +# bus: virtio +# interfaces: +# - name: wan +# masquerade: {} +# ports: +# - port: 4500 +# - port: 443 +# - port: 22 +# - port: 500 +# - name: mgmt +# bridge: {} +# - name: lan +# bridge: {} +# networks: +# - name: wan +# pod: {} +# - name: mgmt +# multus: +# networkName: ${TENANT_NAMESPACE}/mgmt-net +# - name: lan +# multus: +# networkName: ${TENANT_NAMESPACE}/lan-net +# terminationGracePeriodSeconds: 180 +# volumes: +# - name: containerdisk +# containerDisk: +# image: quay.io/containerdisks/ubuntu:22.04 +# - name: cloudinitdisk +# cloudInitNoCloud: +# userData: | +# #cloud-config +# users: +# - name: testuser +# groups: [sudo] +# sudo: "ALL=(ALL) NOPASSWD:ALL" +# lock_passwd: false +# passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" +# chpasswd: +# expire: false +# ssh_pwauth: true \ No newline at end of file From 5db658f6398818082127152d527e20d5cfe104cf Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 13:12:49 +0200 Subject: [PATCH 103/131] Add test-connectivity --- firewall-s3/ks-vm.yaml | 2 +- kustomization.yaml | 1 + .../loadbalancers/fortigate-wan.yaml | 0 .../network-definitions/lan.yaml | 0 .../network-definitions/mgmt.yaml | 0 .../app}/test-connectivity/vm/fortigate.yaml | 0 .../app}/test-connectivity/vm/strongswan.yaml | 0 test-connectivity/ks.yaml | 18 ++++++++++++++++++ 8 files changed, 20 insertions(+), 1 deletion(-) rename {firewall-s3 => test-connectivity/app}/test-connectivity/loadbalancers/fortigate-wan.yaml (100%) rename {firewall-s3 => test-connectivity/app}/test-connectivity/network-definitions/lan.yaml (100%) rename {firewall-s3 => test-connectivity/app}/test-connectivity/network-definitions/mgmt.yaml (100%) rename {firewall-s3 => test-connectivity/app}/test-connectivity/vm/fortigate.yaml (100%) rename {firewall-s3 => test-connectivity/app}/test-connectivity/vm/strongswan.yaml (100%) create mode 100644 test-connectivity/ks.yaml diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml index 827133e..61e2924 100644 --- a/firewall-s3/ks-vm.yaml +++ b/firewall-s3/ks-vm.yaml @@ -7,7 +7,7 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./firewall-s3 + path: ./firewall-s3/vm/ksd prune: true sourceRef: kind: GitRepository diff --git a/kustomization.yaml b/kustomization.yaml index 8aec8be..56390ef 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -7,6 +7,7 @@ resources: - firewall/ks-vm.yaml - firewall-dev/ks-vm.yaml - firewall-s3/ks-vm.yaml + - test-connectivity/ks.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml diff --git a/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml b/test-connectivity/app/test-connectivity/loadbalancers/fortigate-wan.yaml similarity index 100% rename from firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml rename to test-connectivity/app/test-connectivity/loadbalancers/fortigate-wan.yaml diff --git a/firewall-s3/test-connectivity/network-definitions/lan.yaml b/test-connectivity/app/test-connectivity/network-definitions/lan.yaml similarity index 100% rename from firewall-s3/test-connectivity/network-definitions/lan.yaml rename to test-connectivity/app/test-connectivity/network-definitions/lan.yaml diff --git a/firewall-s3/test-connectivity/network-definitions/mgmt.yaml b/test-connectivity/app/test-connectivity/network-definitions/mgmt.yaml similarity index 100% rename from firewall-s3/test-connectivity/network-definitions/mgmt.yaml rename to test-connectivity/app/test-connectivity/network-definitions/mgmt.yaml diff --git a/firewall-s3/test-connectivity/vm/fortigate.yaml b/test-connectivity/app/test-connectivity/vm/fortigate.yaml similarity index 100% rename from firewall-s3/test-connectivity/vm/fortigate.yaml rename to test-connectivity/app/test-connectivity/vm/fortigate.yaml diff --git a/firewall-s3/test-connectivity/vm/strongswan.yaml b/test-connectivity/app/test-connectivity/vm/strongswan.yaml similarity index 100% rename from firewall-s3/test-connectivity/vm/strongswan.yaml rename to test-connectivity/app/test-connectivity/vm/strongswan.yaml diff --git a/test-connectivity/ks.yaml b/test-connectivity/ks.yaml new file mode 100644 index 0000000..2093015 --- /dev/null +++ b/test-connectivity/ks.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app test-connectivity + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./test-connectivity/app + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file From 46b01088281198da1dd37706599f40ad3002e489 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 13:20:26 +0200 Subject: [PATCH 104/131] Remove obsolete apps --- kustomization.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/kustomization.yaml b/kustomization.yaml index 56390ef..b6c706e 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -4,8 +4,6 @@ resources: - vars/ks.yaml - repos/ks.yaml - network/ks-lb.yaml - - firewall/ks-vm.yaml - - firewall-dev/ks-vm.yaml - firewall-s3/ks-vm.yaml - test-connectivity/ks.yaml - windows-vm-standard/ks-vm.yaml From 7a9b3176e819a96d8a8b78faf41e32b51d3fc1f3 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 14:21:11 +0200 Subject: [PATCH 105/131] Add overlay lan --- .../network-definitions/lan.yaml | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/test-connectivity/app/test-connectivity/network-definitions/lan.yaml b/test-connectivity/app/test-connectivity/network-definitions/lan.yaml index 1c32a21..e217374 100644 --- a/test-connectivity/app/test-connectivity/network-definitions/lan.yaml +++ b/test-connectivity/app/test-connectivity/network-definitions/lan.yaml @@ -1,20 +1,20 @@ -# apiVersion: "k8s.cni.cncf.io/v1" -# kind: NetworkAttachmentDefinition -# metadata: -# name: lan-net -# namespace: ${TENANT_NAMESPACE} -# spec: -# config: '{ -# "cniVersion": "0.3.1", -# "type": "bridge", -# "bridge": "br-lan", -# "ipam": { -# "type": "static", -# "addresses": [ -# { -# "address": "172.168.100.2/24", -# "gateway": "172.168.100.1" -# } -# ] -# } -# }' \ No newline at end of file +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: lan-ovn-160 + namespace: net-demo +spec: + config: | + { + "cniVersion": "0.3.1", + "type": "ovn-k8s-cni-overlay", + "name": "lan-ovn-160", + "topology": "layer2", + "subnets": [ + {"cidr": "192.168.160.0/24"} + ], + "mtu": 1400, + "routes": [ + {"dst": "10.60.0.0/16", "gw": "192.168.10.1"}, + ] + } From 7a00f2dac7806dfd71fc91c58147c987ea827481 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 14:22:17 +0200 Subject: [PATCH 106/131] Add overlay lan --- .../app/test-connectivity/network-definitions/lan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-connectivity/app/test-connectivity/network-definitions/lan.yaml b/test-connectivity/app/test-connectivity/network-definitions/lan.yaml index e217374..21a7896 100644 --- a/test-connectivity/app/test-connectivity/network-definitions/lan.yaml +++ b/test-connectivity/app/test-connectivity/network-definitions/lan.yaml @@ -15,6 +15,6 @@ spec: ], "mtu": 1400, "routes": [ - {"dst": "10.60.0.0/16", "gw": "192.168.10.1"}, + {"dst": "10.60.0.0/16", "gw": "192.168.10.1"} ] } From 48fbc4531967040861602ad9f3bf33e866f77cc5 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 14:37:22 +0200 Subject: [PATCH 107/131] Add overlay lan --- .../network-definitions/lan.yaml | 1 - .../app/test-connectivity/pod/pod.yaml | 19 +++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 test-connectivity/app/test-connectivity/pod/pod.yaml diff --git a/test-connectivity/app/test-connectivity/network-definitions/lan.yaml b/test-connectivity/app/test-connectivity/network-definitions/lan.yaml index 21a7896..16d40cc 100644 --- a/test-connectivity/app/test-connectivity/network-definitions/lan.yaml +++ b/test-connectivity/app/test-connectivity/network-definitions/lan.yaml @@ -2,7 +2,6 @@ apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: name: lan-ovn-160 - namespace: net-demo spec: config: | { diff --git a/test-connectivity/app/test-connectivity/pod/pod.yaml b/test-connectivity/app/test-connectivity/pod/pod.yaml new file mode 100644 index 0000000..2042753 --- /dev/null +++ b/test-connectivity/app/test-connectivity/pod/pod.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Pod +metadata: + name: dualnet-pod-ovn + annotations: + k8s.v1.cni.cncf.io/networks: | + [ + { + "name": "lan-ovn-160", + "namespace": "${TENANT_NAMESPACE}", + "interface": "net1", + } + ] +spec: + containers: + - name: toolbox + image: quay.io/centos/centos:stream9 + command: [ "/bin/bash", "-c", "sleep infinity" ] + restartPolicy: Never \ No newline at end of file From 73ee627f99f5b08c882a1ccd6f7f92bb2315b955 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 14:39:27 +0200 Subject: [PATCH 108/131] Add overlay lan --- test-connectivity/app/test-connectivity/pod/pod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-connectivity/app/test-connectivity/pod/pod.yaml b/test-connectivity/app/test-connectivity/pod/pod.yaml index 2042753..44792b8 100644 --- a/test-connectivity/app/test-connectivity/pod/pod.yaml +++ b/test-connectivity/app/test-connectivity/pod/pod.yaml @@ -8,7 +8,7 @@ metadata: { "name": "lan-ovn-160", "namespace": "${TENANT_NAMESPACE}", - "interface": "net1", + "interface": "net1" } ] spec: From 285cf3f94f44da7b31b27e772746122a7c7e147f Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Wed, 23 Jul 2025 12:28:24 +0200 Subject: [PATCH 109/131] Remove test connectivity --- kustomization.yaml | 1 - .../loadbalancers/fortigate-wan.yaml | 30 -------- .../network-definitions/lan.yaml | 19 ----- .../network-definitions/mgmt.yaml | 20 ----- .../app/test-connectivity/pod/pod.yaml | 19 ----- .../app/test-connectivity/vm/fortigate.yaml | 77 ------------------- .../app/test-connectivity/vm/strongswan.yaml | 73 ------------------ test-connectivity/ks.yaml | 18 ----- 8 files changed, 257 deletions(-) delete mode 100644 test-connectivity/app/test-connectivity/loadbalancers/fortigate-wan.yaml delete mode 100644 test-connectivity/app/test-connectivity/network-definitions/lan.yaml delete mode 100644 test-connectivity/app/test-connectivity/network-definitions/mgmt.yaml delete mode 100644 test-connectivity/app/test-connectivity/pod/pod.yaml delete mode 100644 test-connectivity/app/test-connectivity/vm/fortigate.yaml delete mode 100644 test-connectivity/app/test-connectivity/vm/strongswan.yaml delete mode 100644 test-connectivity/ks.yaml diff --git a/kustomization.yaml b/kustomization.yaml index b6c706e..0778973 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -5,7 +5,6 @@ resources: - repos/ks.yaml - network/ks-lb.yaml - firewall-s3/ks-vm.yaml - - test-connectivity/ks.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml diff --git a/test-connectivity/app/test-connectivity/loadbalancers/fortigate-wan.yaml b/test-connectivity/app/test-connectivity/loadbalancers/fortigate-wan.yaml deleted file mode 100644 index fd0a1db..0000000 --- a/test-connectivity/app/test-connectivity/loadbalancers/fortigate-wan.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: fortigate-lb-test - namespace: ${TENANT_NAMESPACE} - labels: - app.kubernetes.io/component: fortigate-lb -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ports: - - port: 4500 - name: ipsec-nat - targetPort: 4500 - protocol: UDP - - port: 500 - name: key-management - targetPort: 500 - protocol: UDP - #- port: 22 - # name: ssh - # targetPort: 22 - # protocol: TCP - - port: 443 - name: https - targetPort: 443 - protocol: TCP - selector: - kubevirt.io/domain: fortigate-ksd diff --git a/test-connectivity/app/test-connectivity/network-definitions/lan.yaml b/test-connectivity/app/test-connectivity/network-definitions/lan.yaml deleted file mode 100644 index 16d40cc..0000000 --- a/test-connectivity/app/test-connectivity/network-definitions/lan.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: lan-ovn-160 -spec: - config: | - { - "cniVersion": "0.3.1", - "type": "ovn-k8s-cni-overlay", - "name": "lan-ovn-160", - "topology": "layer2", - "subnets": [ - {"cidr": "192.168.160.0/24"} - ], - "mtu": 1400, - "routes": [ - {"dst": "10.60.0.0/16", "gw": "192.168.10.1"} - ] - } diff --git a/test-connectivity/app/test-connectivity/network-definitions/mgmt.yaml b/test-connectivity/app/test-connectivity/network-definitions/mgmt.yaml deleted file mode 100644 index 1f18275..0000000 --- a/test-connectivity/app/test-connectivity/network-definitions/mgmt.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# apiVersion: "k8s.cni.cncf.io/v1" -# kind: NetworkAttachmentDefinition -# metadata: -# name: mgmt-net -# namespace: ${TENANT_NAMESPACE} -# spec: -# config: '{ -# "cniVersion": "0.3.1", -# "type": "bridge", -# "bridge": "br-mgmt", -# "ipam": { -# "type": "static", -# "addresses": [ -# { -# "address": "192.168.10.100/24", -# "gateway": "192.168.10.1" -# } -# ] -# } -# }' \ No newline at end of file diff --git a/test-connectivity/app/test-connectivity/pod/pod.yaml b/test-connectivity/app/test-connectivity/pod/pod.yaml deleted file mode 100644 index 44792b8..0000000 --- a/test-connectivity/app/test-connectivity/pod/pod.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: dualnet-pod-ovn - annotations: - k8s.v1.cni.cncf.io/networks: | - [ - { - "name": "lan-ovn-160", - "namespace": "${TENANT_NAMESPACE}", - "interface": "net1" - } - ] -spec: - containers: - - name: toolbox - image: quay.io/centos/centos:stream9 - command: [ "/bin/bash", "-c", "sleep infinity" ] - restartPolicy: Never \ No newline at end of file diff --git a/test-connectivity/app/test-connectivity/vm/fortigate.yaml b/test-connectivity/app/test-connectivity/vm/fortigate.yaml deleted file mode 100644 index d1d61bf..0000000 --- a/test-connectivity/app/test-connectivity/vm/fortigate.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# apiVersion: kubevirt.io/v1 -# kind: VirtualMachine -# metadata: -# name: fortigate-ksd -# namespace: ${TENANT_NAMESPACE} -# spec: -# dataVolumeTemplates: -# - metadata: -# name: fortigate-rootdisk-ksd -# spec: -# source: -# http: -# url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" -# #secretRef: s3-virt-credentials -# storage: -# resources: -# requests: -# storage: 30Gi -# runStrategy: Always -# template: -# metadata: -# labels: -# kubevirt.io/domain: fortigate-ksd -# spec: -# domain: -# cpu: -# cores: 1 -# memory: -# guest: 2Gi -# features: -# acpi: {} -# smm: -# enabled: true -# firmware: -# bootloader: -# efi: -# secureBoot: false -# devices: -# rng: {} -# networkInterfaceMultiqueue: true -# interfaces: -# - name: wan -# masquerade: {} -# ports: -# - port: 4500 -# - port: 443 -# - port: 22 -# - port: 500 -# - name: mgmt -# bridge: {} -# - name: lan -# bridge: {} -# disks: -# - disk: -# bus: sata -# name: rootdisk -# resources: -# requests: -# memory: 2Gi -# cpu: 1 -# limits: -# memory: 2Gi -# cpu: 1 -# networks: -# - name: wan -# pod: {} -# - name: mgmt -# multus: -# networkName: ${TENANT_NAMESPACE}/mgmt-net -# - name: lan -# multus: -# networkName: ${TENANT_NAMESPACE}/lan-net -# terminationGracePeriodSeconds: 180 -# volumes: -# - name: rootdisk -# dataVolume: -# name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/test-connectivity/app/test-connectivity/vm/strongswan.yaml b/test-connectivity/app/test-connectivity/vm/strongswan.yaml deleted file mode 100644 index f982232..0000000 --- a/test-connectivity/app/test-connectivity/vm/strongswan.yaml +++ /dev/null @@ -1,73 +0,0 @@ -# apiVersion: kubevirt.io/v1 -# kind: VirtualMachine -# metadata: -# name: strongswan -# namespace: ${TENANT_NAMESPACE} -# spec: -# running: true -# template: -# metadata: -# labels: -# kubevirt.io/domain: strongswan -# spec: -# domain: -# cpu: -# cores: 2 -# resources: -# requests: -# memory: 2Gi -# cpu: 1 -# limits: -# memory: 2Gi -# cpu: 2 -# memory: -# guest: 2Gi -# devices: -# rng: {} -# networkInterfaceMultiqueue: true -# disks: -# - name: containerdisk -# disk: -# bus: virtio -# - name: cloudinitdisk -# disk: -# bus: virtio -# interfaces: -# - name: wan -# masquerade: {} -# ports: -# - port: 4500 -# - port: 443 -# - port: 22 -# - port: 500 -# - name: mgmt -# bridge: {} -# - name: lan -# bridge: {} -# networks: -# - name: wan -# pod: {} -# - name: mgmt -# multus: -# networkName: ${TENANT_NAMESPACE}/mgmt-net -# - name: lan -# multus: -# networkName: ${TENANT_NAMESPACE}/lan-net -# terminationGracePeriodSeconds: 180 -# volumes: -# - name: containerdisk -# containerDisk: -# image: quay.io/containerdisks/ubuntu:22.04 -# - name: cloudinitdisk -# cloudInitNoCloud: -# userData: | -# #cloud-config -# users: -# - name: testuser -# groups: [sudo] -# sudo: "ALL=(ALL) NOPASSWD:ALL" -# lock_passwd: false -# passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" -# chpasswd: -# expire: false -# ssh_pwauth: true \ No newline at end of file diff --git a/test-connectivity/ks.yaml b/test-connectivity/ks.yaml deleted file mode 100644 index 2093015..0000000 --- a/test-connectivity/ks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app test-connectivity - namespace: ${TENANT_NAMESPACE} -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./test-connectivity/app - prune: true - sourceRef: - kind: GitRepository - name: tenant-repos - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m \ No newline at end of file From 17388256862db8faa253584fc24c2e5966b0b0b5 Mon Sep 17 00:00:00 2001 From: Jorge Bornhausen Date: Thu, 24 Jul 2025 14:10:58 +0200 Subject: [PATCH 110/131] chore: add .gitattributes --- .gitattributes | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..23b6552 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +*.sh text eol=lf +*.yml text eol=lf +*.yaml text eol=lf From ad99d6cfbdaa2224b0a825caf3b41c32dc9cbc13 Mon Sep 17 00:00:00 2001 From: Jorge Bornhausen Date: Thu, 24 Jul 2025 14:11:22 +0200 Subject: [PATCH 111/131] chore: add .gitignore --- .gitignore | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4949f76 --- /dev/null +++ b/.gitignore @@ -0,0 +1,33 @@ +# Eclipse +.project +.classpath +.settings/ +bin/ + +# IntelliJ +.idea +*.ipr +*.iml +*.iws + +# NetBeans +nb-configuration.xml + +# Visual Studio Code +.vscode +.factorypath + +# OSX +.DS_Store + +# Vim +*.swp +*.swo + +# patch +*.orig +*.rej + +# Local environment +.env + From b6e8ec3b0e9a3f443304e15d2a8e650512c6b2a0 Mon Sep 17 00:00:00 2001 From: Jorge Bornhausen Date: Thu, 24 Jul 2025 14:11:54 +0200 Subject: [PATCH 112/131] chore(repos): add cloudnative-pg --- repos/helm/cloudnative-pg.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 repos/helm/cloudnative-pg.yaml diff --git a/repos/helm/cloudnative-pg.yaml b/repos/helm/cloudnative-pg.yaml new file mode 100644 index 0000000..e42af28 --- /dev/null +++ b/repos/helm/cloudnative-pg.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cloudnative-pg + namespace: ${TENANT_NAMESPACE} +spec: + interval: 5m0s + url: https://cloudnative-pg.github.io/charts \ No newline at end of file From 831c25c09ecf77ecc10c8f03c416e495527a03f1 Mon Sep 17 00:00:00 2001 From: Jorge Bornhausen Date: Thu, 24 Jul 2025 14:33:30 +0200 Subject: [PATCH 113/131] feat(postgres): add demo cluster --- postgres/app/helmrelease.yaml | 109 ++++++++++++++++++++++++++++++++++ postgres/ks.yaml | 23 +++++++ 2 files changed, 132 insertions(+) create mode 100644 postgres/app/helmrelease.yaml create mode 100644 postgres/ks.yaml diff --git a/postgres/app/helmrelease.yaml b/postgres/app/helmrelease.yaml new file mode 100644 index 0000000..a8894fc --- /dev/null +++ b/postgres/app/helmrelease.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgres + namespace: ${TENANT_NAMESPACE} +spec: + serviceAccountName: ${TECHNICAL_ACCOUNT} + interval: 30m + chart: + spec: + chart: cluster + version: 0.3.1 + sourceRef: + kind: HelmRepository + name: cloudnative-pg + namespace: ${TENANT_NAMESPACE} + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + type: postgresql + mode: standalone + version: + postgresql: "17.5" + cluster: + instances: 3 + storage: + size: 10Gi + storageClass: ocs-storagecluster-ceph-rbd + walStorage: + # It's not mandatory to split WAL from the main data volume. + # However, doing so helps to avoid issues with the main data volume + # in cases where WAL exporting to the backup server experiences + # issues. For example, in scenarios where there's network congestion + # or even failures, the WAL may end up accumulating too much data + # to the point where the volume fills up, blocking the cluster from + # operating properly. + enabled: true + size: 10Gi + storageClass: ocs-storagecluster-ceph-rbd + resources: + requests: + cpu: "500m" + memory: 1Gi + limits: + cpu: "1" + memory: 1Gi + enableSuperuserAccess: true + superuserSecret: postgres-superuser + affinity: + topologyKey: failure-domain.beta.kubernetes.io/zone + postgresql: + parameters: + shared_buffers: 256MB + max_connections: "400" + initdb: + database: app + owner: app + options: [] + encoding: UTF8 + backups: + # Backups are disabled in this example, but here's an example + # on how to configure this cluster to export backups to a S3 + # bucket hosted on a MinIO server. + # + # For more information, refer to the helm chart's values.yaml + # or the official documentation at + # https://cloudnative-pg.io/documentation/1.26/backup/ + enabled: false + endpointURL: https://glacier-1.kvant.cloud + provider: s3 + s3: + bucket: phoenix-openshift-backups + path: /demo-postgres + # Ideally, you will never commit credentials in plain text; + # these values are here just for illustration. For a way to + # properly load them from kubernetes' secrets, refer to the + # commented-ou section 'valuesFrom' placed right below + accessKey: your-access-key + secretKey: your-secret-key + secret: + create: true + wal: + encryption: "" + data: + encryption: "" + scheduledBackups: + - name: daily-minio + schedule: "@daily" + backupOwnerReference: self + method: barmanObjectStore + retentionPolicy: "180d" # It is mandatory to match this value with the bucket's retention period +# valuesFrom: +# - kind: Secret +# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair +# valuesKey: ACCESS_KEY_ID # name of the key inside the secret that holds the access key value +# targetPath: backups.s3.accessKey # path of the configuration that will be assigned the access key value +# optional: false +# - kind: Secret +# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair +# valuesKey: ACCESS_SECRET_KEY # name of the key inside the secret that holds the secret key value +# targetPath: backups.s3.secretKey # path of the configuration that will be assigned the secret key value +# optional: false diff --git a/postgres/ks.yaml b/postgres/ks.yaml new file mode 100644 index 0000000..0383647 --- /dev/null +++ b/postgres/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app postgres + namespace: ${TENANT_NAMESPACE} +spec: + targetNamespace: ${TENANT_NAMESPACE} + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./postgres/app + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: true + interval: 10m + retryInterval: 1m + timeout: 5m + dependsOn: + - name: vars From d3b650eff2cb9370c37276b6521b9fb05d302cbd Mon Sep 17 00:00:00 2001 From: Jorge Bornhausen Date: Thu, 24 Jul 2025 14:35:15 +0200 Subject: [PATCH 114/131] chore(postgres): enable ks --- kustomization.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kustomization.yaml b/kustomization.yaml index 0778973..83384c7 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -16,4 +16,5 @@ resources: - templates/image-server/ks-pvc.yaml - templates/image-server/ks-route.yaml - templates/windowsserver/ks-flavor.yaml - - templates/windowsserver-rh/ks-flavor.yaml \ No newline at end of file + - templates/windowsserver-rh/ks-flavor.yaml + - postgres/ks.yaml \ No newline at end of file From a49dd4de892cf3f07b69aee64667ecafb6aa5787 Mon Sep 17 00:00:00 2001 From: Jorge Bornhausen Date: Thu, 24 Jul 2025 15:37:26 +0200 Subject: [PATCH 115/131] chore(postgres): add link to values.yaml for reference --- postgres/app/helmrelease.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/postgres/app/helmrelease.yaml b/postgres/app/helmrelease.yaml index a8894fc..97c2c3c 100644 --- a/postgres/app/helmrelease.yaml +++ b/postgres/app/helmrelease.yaml @@ -24,6 +24,8 @@ spec: strategy: rollback retries: 3 values: + # check the complete configuration options at + # https://raw.githubusercontent.com/cloudnative-pg/charts/refs/tags/cluster-v0.3.1/charts/cluster/values.yaml type: postgresql mode: standalone version: From 001fc5a5defde5f6b4a44abf74037554cfd270ce Mon Sep 17 00:00:00 2001 From: Jorge Bornhausen Date: Thu, 24 Jul 2025 15:39:53 +0200 Subject: [PATCH 116/131] chore(postgres): update storage class to ibm-spectrum-scale-fileset --- postgres/app/helmrelease.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/postgres/app/helmrelease.yaml b/postgres/app/helmrelease.yaml index 97c2c3c..f44b8b5 100644 --- a/postgres/app/helmrelease.yaml +++ b/postgres/app/helmrelease.yaml @@ -34,7 +34,9 @@ spec: instances: 3 storage: size: 10Gi - storageClass: ocs-storagecluster-ceph-rbd + # default storage class on ai-2 cluster, on basel or staging you + # should use 'ocs-storagecluster-ceph-rbd' instead + storageClass: ibm-spectrum-scale-fileset walStorage: # It's not mandatory to split WAL from the main data volume. # However, doing so helps to avoid issues with the main data volume @@ -44,8 +46,8 @@ spec: # to the point where the volume fills up, blocking the cluster from # operating properly. enabled: true - size: 10Gi - storageClass: ocs-storagecluster-ceph-rbd + size: 10Gi + storageClass: ibm-spectrum-scale-fileset resources: requests: cpu: "500m" From 707b1d0bd819d87528847987c4114a9faf61b413 Mon Sep 17 00:00:00 2001 From: Jorge Bornhausen Date: Thu, 24 Jul 2025 15:49:17 +0200 Subject: [PATCH 117/131] chore(postgres): add more comments explaining each section --- postgres/app/helmrelease.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/postgres/app/helmrelease.yaml b/postgres/app/helmrelease.yaml index f44b8b5..9af65c0 100644 --- a/postgres/app/helmrelease.yaml +++ b/postgres/app/helmrelease.yaml @@ -69,9 +69,10 @@ spec: options: [] encoding: UTF8 backups: - # Backups are disabled in this example, but here's an example - # on how to configure this cluster to export backups to a S3 - # bucket hosted on a MinIO server. + # As indicated by the 'enabled' flag, backups are disabled on + # this deployment. But the remaining of the block serves as an + # example of how to configure this cluster to export backups to + # a S3 bucket hosted on a MinIO server. # # For more information, refer to the helm chart's values.yaml # or the official documentation at @@ -91,10 +92,18 @@ spec: secret: create: true wal: + # If exporting to MinIO S3, you may have to disable encryption. + # This is how you achieve it encryption: "" data: encryption: "" scheduledBackups: + # You can give it any name and change the scheduled time to what + # fits your strategy. This serves as an example of how to configure + # the cluster to export a daily backup to the S3 bucket using + # barman object storage. You can also back up volumes instead. + # Check the backup documentation to find more information on + # which option suits you best. - name: daily-minio schedule: "@daily" backupOwnerReference: self From d0fba712d4b61fc7c710be1b2a098b86277dfcea Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 11:15:18 +0200 Subject: [PATCH 118/131] new test VM for costumer presentation --- kustomization.yaml | 5 +- windows-vm-standard-john/ks-pvc.yaml | 18 +++++ windows-vm-standard-john/ks-vm.yaml | 18 +++++ windows-vm-standard-john/pvc/datadisk.yaml | 12 ++++ windows-vm-standard-john/vm/server.yaml | 82 ++++++++++++++++++++++ windows-vm-standard-john/windows-lb.yaml | 29 ++++++++ 6 files changed, 163 insertions(+), 1 deletion(-) create mode 100644 windows-vm-standard-john/ks-pvc.yaml create mode 100644 windows-vm-standard-john/ks-vm.yaml create mode 100644 windows-vm-standard-john/pvc/datadisk.yaml create mode 100644 windows-vm-standard-john/vm/server.yaml create mode 100644 windows-vm-standard-john/windows-lb.yaml diff --git a/kustomization.yaml b/kustomization.yaml index 83384c7..7a1c689 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -17,4 +17,7 @@ resources: - templates/image-server/ks-route.yaml - templates/windowsserver/ks-flavor.yaml - templates/windowsserver-rh/ks-flavor.yaml - - postgres/ks.yaml \ No newline at end of file + - postgres/ks.yaml + - windows-vm-standard-john/ks-vm.yaml + - windows-vm-standard-john/ks-pvc.yaml + - windows-vm-standard-john/windows-lb.yaml diff --git a/windows-vm-standard-john/ks-pvc.yaml b/windows-vm-standard-john/ks-pvc.yaml new file mode 100644 index 0000000..68e3154 --- /dev/null +++ b/windows-vm-standard-john/ks-pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-pvc-john + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-john/pvc + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-john/ks-vm.yaml b/windows-vm-standard-john/ks-vm.yaml new file mode 100644 index 0000000..5a28eae --- /dev/null +++ b/windows-vm-standard-john/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-standard + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-john/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-john/pvc/datadisk.yaml b/windows-vm-standard-john/pvc/datadisk.yaml new file mode 100644 index 0000000..6c901ab --- /dev/null +++ b/windows-vm-standard-john/pvc/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-vm-datadisk-john +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Gi diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml new file mode 100644 index 0000000..3af61ac --- /dev/null +++ b/windows-vm-standard-john/vm/server.yaml @@ -0,0 +1,82 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard-john + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: windows-rootdisk-john + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + storage: + resources: + requests: + storage: 80Gi + sourceRef: + kind: DataSource + name: win2k22 + namespace: kubevirt-os-images + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: windows-vm-standard-john + spec: + domain: + cpu: + cores: 4 + memory: + guest: 8Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: + - disk: + bus: sata + name: rootdisk + - disk: + bus: sata + name: datadisk + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: windows-rootdisk-john + - name: datadisk + persistentVolumeClaim: + claimName: windows-vm-datadisk-john + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init diff --git a/windows-vm-standard-john/windows-lb.yaml b/windows-vm-standard-john/windows-lb.yaml new file mode 100644 index 0000000..7adf23f --- /dev/null +++ b/windows-vm-standard-john/windows-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: windows-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: windows-lb +spec: + type: LoadBalancer + ports: + - port: 8080 + name: http + targetPort: 8080 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + - port: 65022 + name: ssh + targetPort: 22 + protocol: TCP + - port: 3389 + name: rdp + targetPort: 3389 + protocol: TCP + selector: + kubevirt.io/domain: windows-vm-standard-john From ed5db933381290fcf59986f58214016c32192c0d Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 11:19:53 +0200 Subject: [PATCH 119/131] yeahhh --- windows-vm-standard-john/ks-vm.yaml | 2 +- windows-vm-standard-john/vm/server.yaml | 4 ++-- windows-vm-standard-john/windows-lb.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows-vm-standard-john/ks-vm.yaml b/windows-vm-standard-john/ks-vm.yaml index 5a28eae..4b8608c 100644 --- a/windows-vm-standard-john/ks-vm.yaml +++ b/windows-vm-standard-john/ks-vm.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app windows-vm-standard + name: &app windows-vm-standard-john namespace: ${TENANT_NAMESPACE} spec: commonMetadata: diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml index 3af61ac..2befb61 100644 --- a/windows-vm-standard-john/vm/server.yaml +++ b/windows-vm-standard-john/vm/server.yaml @@ -51,10 +51,10 @@ spec: disks: - disk: bus: sata - name: rootdisk + name: rootdisk-john - disk: bus: sata - name: datadisk + name: datadisk-john # - disk: # bus: scsi # name: cloudinitdisk diff --git a/windows-vm-standard-john/windows-lb.yaml b/windows-vm-standard-john/windows-lb.yaml index 7adf23f..e9ad9f8 100644 --- a/windows-vm-standard-john/windows-lb.yaml +++ b/windows-vm-standard-john/windows-lb.yaml @@ -2,10 +2,10 @@ apiVersion: v1 kind: Service metadata: - name: windows-lb + name: windows-lb-john namespace: ${TENANT_NAMESPACE} labels: - app.kubernetes.io/component: windows-lb + app.kubernetes.io/component: windows-lb-john spec: type: LoadBalancer ports: From 0154dc0dbddb66609b6158f4192b30b035d120e2 Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 11:25:13 +0200 Subject: [PATCH 120/131] yeah222 --- windows-vm-standard-john/vm/server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml index 2befb61..a205ab7 100644 --- a/windows-vm-standard-john/vm/server.yaml +++ b/windows-vm-standard-john/vm/server.yaml @@ -70,10 +70,10 @@ spec: pod: {} terminationGracePeriodSeconds: 180 volumes: - - name: rootdisk + - name: rootdisk-john dataVolume: name: windows-rootdisk-john - - name: datadisk + - name: datadisk-john persistentVolumeClaim: claimName: windows-vm-datadisk-john #- name: cloudinitdisk From 1139c70acb500f87fb23416081bfc5c94bf4c463 Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 11:50:22 +0200 Subject: [PATCH 121/131] gfiweubfiwe --- windows-vm-standard-john/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml index a205ab7..ad1b3b2 100644 --- a/windows-vm-standard-john/vm/server.yaml +++ b/windows-vm-standard-john/vm/server.yaml @@ -10,7 +10,7 @@ spec: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + url: http://nginx.demo.svc.cluster.local:80/windows-server-2022-uefi-ns.qcow2 storage: resources: requests: From 1fc30168ef237a1c75c1368b79e8882533eafe37 Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 11:57:44 +0200 Subject: [PATCH 122/131] jhdgfiudfbnuifdnbui --- windows-vm-standard-john/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml index ad1b3b2..15faa1f 100644 --- a/windows-vm-standard-john/vm/server.yaml +++ b/windows-vm-standard-john/vm/server.yaml @@ -18,7 +18,7 @@ spec: sourceRef: kind: DataSource name: win2k22 - namespace: kubevirt-os-images + namespace: openshift-virtualization-os-images #kubevirt-os-images runStrategy: Always template: metadata: From 6d1b9906a5943a2a7c64f8a18f8d5e52f6c4aecf Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 12:00:20 +0200 Subject: [PATCH 123/131] drgrrht --- windows-vm-standard-john/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml index 15faa1f..e0f06a7 100644 --- a/windows-vm-standard-john/vm/server.yaml +++ b/windows-vm-standard-john/vm/server.yaml @@ -18,7 +18,7 @@ spec: sourceRef: kind: DataSource name: win2k22 - namespace: openshift-virtualization-os-images #kubevirt-os-images + namespace: openshift-virtualization-os-images runStrategy: Always template: metadata: From 0256ce589a8350603ae6e9a40149980f7e3b733a Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 12:28:50 +0200 Subject: [PATCH 124/131] dfhdhdhf --- windows-vm-standard-john/vm/server.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml index e0f06a7..c1151c2 100644 --- a/windows-vm-standard-john/vm/server.yaml +++ b/windows-vm-standard-john/vm/server.yaml @@ -16,9 +16,9 @@ spec: requests: storage: 80Gi sourceRef: - kind: DataSource - name: win2k22 - namespace: openshift-virtualization-os-images +# kind: DataSource +# name: win2k22 +# namespace: openshift-virtualization-os-images runStrategy: Always template: metadata: From 1c7e58e7406dfd18d5e070bfde0c1c221d540350 Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 12:31:08 +0200 Subject: [PATCH 125/131] sdfsdf --- windows-vm-standard-john/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml index c1151c2..bf952a8 100644 --- a/windows-vm-standard-john/vm/server.yaml +++ b/windows-vm-standard-john/vm/server.yaml @@ -15,7 +15,7 @@ spec: resources: requests: storage: 80Gi - sourceRef: +# sourceRef: # kind: DataSource # name: win2k22 # namespace: openshift-virtualization-os-images From 88a93c67d3e703ae2739949b21b7b9566a179fa9 Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 13:44:53 +0200 Subject: [PATCH 126/131] oisndfoisf --- ubuntu-vm-3 john/ks.yaml | 18 ++++++++++ ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml | 48 ++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 ubuntu-vm-3 john/ks.yaml create mode 100644 ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml diff --git a/ubuntu-vm-3 john/ks.yaml b/ubuntu-vm-3 john/ks.yaml new file mode 100644 index 0000000..152cdec --- /dev/null +++ b/ubuntu-vm-3 john/ks.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ubuntu-vm-2 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./ubuntu-vm-2/ubuntu + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml new file mode 100644 index 0000000..c4bc587 --- /dev/null +++ b/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml @@ -0,0 +1,48 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: ubuntu-vm-3-john + namespace: kubevirt-vms +spec: + running: true + template: + metadata: + labels: + kubevirt.io/domain: ubuntu-vm-3-john + spec: + domain: + cpu: + cores: 2 + devices: + disks: + - disk: + bus: virtio + name: containerdisk + - disk: + bus: virtio + name: cloudinitdisk + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 + memory: + guest: 2Gi + volumes: + - name: containerdisk + containerDisk: + image: quay.io/containerdisks/ubuntu:22.04 + - name: cloudinitdisk + cloudInitNoCloud: + userData: | + #cloud-config + hostname: ubuntu-vm-2 + ssh_pwauth: True + users: + - name: ubuntu + ssh-authorized-keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu + sudo: ['ALL=(ALL) NOPASSWD:ALL'] + shell: /bin/bash \ No newline at end of file From 5f1f60b786edea91d1c5ec97566861422645712c Mon Sep 17 00:00:00 2001 From: "john.leitao" Date: Wed, 30 Jul 2025 11:47:29 +0000 Subject: [PATCH 127/131] Update kustomization.yaml --- kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kustomization.yaml b/kustomization.yaml index 7a1c689..c776207 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -11,6 +11,7 @@ resources: - windows-vm-standard-dev/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml + - ubuntu-vm-3-john/ks.yaml - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml From 13b6e6f3aee39d99d53ab143fc0736e4ae066a1f Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Jul 2025 13:52:24 +0200 Subject: [PATCH 128/131] changed URL --- firewall-s3/vm/ksd/network-definitions/lan.yaml | 2 +- firewall-s3/vm/ksd/network-definitions/mgmt.yaml | 2 +- windows-vm-standard-dev/vm/server.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/firewall-s3/vm/ksd/network-definitions/lan.yaml b/firewall-s3/vm/ksd/network-definitions/lan.yaml index ccc343b..db390ad 100644 --- a/firewall-s3/vm/ksd/network-definitions/lan.yaml +++ b/firewall-s3/vm/ksd/network-definitions/lan.yaml @@ -12,7 +12,7 @@ spec: "type": "static", "addresses": [ { - "address": "172.168.100.2/24", + "address": "172.168.100.0/24", "gateway": "172.168.100.1" } ] diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml index 7be17a8..9917a83 100644 --- a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml +++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml @@ -12,7 +12,7 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.10.100/24", + "address": "192.168.10.0/24", "gateway": "192.168.10.1" } ] diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index df3b980..5d3a946 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -10,7 +10,7 @@ spec: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/windows-server-2022-uefi-ns.qcow2" storage: resources: requests: @@ -18,7 +18,7 @@ spec: sourceRef: kind: DataSource name: win2k22 - namespace: kubevirt-os-images + namespace: openshift-virtualization-os-images runStrategy: Always template: metadata: From 7125bd6626a91d1a14e7332db0093d1e55261d81 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Jul 2025 14:02:15 +0200 Subject: [PATCH 129/131] reduce data disk pvc --- windows-vm-standard-dev/pvc/datadisk.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard-dev/pvc/datadisk.yaml b/windows-vm-standard-dev/pvc/datadisk.yaml index 86461b8..5d858e6 100644 --- a/windows-vm-standard-dev/pvc/datadisk.yaml +++ b/windows-vm-standard-dev/pvc/datadisk.yaml @@ -9,4 +9,4 @@ spec: - ReadWriteMany resources: requests: - storage: 200Gi + storage: 50Gi From 4f026307b6a85afe6c63ad252bbd6d39e4019a07 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 30 Jul 2025 14:21:53 +0200 Subject: [PATCH 130/131] changed data source --- windows-vm-standard-dev/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 5d3a946..1b42bdc 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -18,7 +18,7 @@ spec: sourceRef: kind: DataSource name: win2k22 - namespace: openshift-virtualization-os-images + namespace: kubevirt-os-images runStrategy: Always template: metadata: From 1e0cfb816f7ff085567c60ec84e355418065e54d Mon Sep 17 00:00:00 2001 From: "john.leitao@phoenix-systems.ch" Date: Wed, 30 Jul 2025 16:17:40 +0200 Subject: [PATCH 131/131] sdffdsfd --- container/debug2/alpine.yaml | 14 ++++++++++++++ kustomization.yaml | 6 +++--- ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml | 4 ++-- 3 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 container/debug2/alpine.yaml diff --git a/container/debug2/alpine.yaml b/container/debug2/alpine.yaml new file mode 100644 index 0000000..e272e52 --- /dev/null +++ b/container/debug2/alpine.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: alpine-test2 + namespace: ${TENANT_NAMESPACE} +spec: + containers: + - name: alpine2 + image: alpine:latest + command: ["/bin/sh"] + args: ["-c", "while true; do sleep 3600; done"] + stdin: true + tty: true + restartPolicy: Never \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index 7a1c689..0a91e30 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -18,6 +18,6 @@ resources: - templates/windowsserver/ks-flavor.yaml - templates/windowsserver-rh/ks-flavor.yaml - postgres/ks.yaml - - windows-vm-standard-john/ks-vm.yaml - - windows-vm-standard-john/ks-pvc.yaml - - windows-vm-standard-john/windows-lb.yaml +# - windows-vm-standard-john/ks-vm.yaml +# - windows-vm-standard-john/ks-pvc.yaml +# - windows-vm-standard-john/windows-lb.yaml diff --git a/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml index c4bc587..1ac74ef 100644 --- a/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml @@ -1,14 +1,14 @@ apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: - name: ubuntu-vm-3-john + name: ubuntu-vm-3- namespace: kubevirt-vms spec: running: true template: metadata: labels: - kubevirt.io/domain: ubuntu-vm-3-john + kubevirt.io/domain: ubuntu-vm-2 spec: domain: cpu: