From 7555e53662aa54a4a9b99fc6e129299eb8e4fb1a Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate-bot@phoenix-technologies.ch>
Date: Tue, 22 Jul 2025 09:14:16 +0000
Subject: [PATCH 1/5] feat(docker-image)!: Update nginx Docker tag to v21

---
 templates/image-server/nginx/helmrelease.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml
index 0937d41..ecbc88f 100644
--- a/templates/image-server/nginx/helmrelease.yaml
+++ b/templates/image-server/nginx/helmrelease.yaml
@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: nginx
-      version: 19.1.1
+      version: 21.0.8
       sourceRef:
         kind: HelmRepository
         name: bitnami

From b15d8e68826d01e235161fe1664d858837e82946 Mon Sep 17 00:00:00 2001
From: "maximilian.bartz" <maximilian.bartz@phoenix-systems.ch>
Date: Tue, 22 Jul 2025 12:16:37 +0200
Subject: [PATCH 2/5] changed NAD to static to test

---
 .../vm/ksd/network-definitions/mgmt.yaml      |  8 +-
 firewall-s3/vm/ksd/vm/strongswan.yaml         | 73 +++++++++++++++++++
 2 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 firewall-s3/vm/ksd/vm/strongswan.yaml

diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml
index a1e6f34..7be17a8 100644
--- a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml
+++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml
@@ -9,6 +9,12 @@ spec:
     "type": "bridge",
     "bridge": "br-mgmt",
     "ipam": {
-      "type": "dhcp"
+      "type": "static",
+      "addresses": [
+        {
+          "address": "192.168.10.100/24",
+          "gateway": "192.168.10.1"
+        }
+      ]
     }
   }'
\ No newline at end of file
diff --git a/firewall-s3/vm/ksd/vm/strongswan.yaml b/firewall-s3/vm/ksd/vm/strongswan.yaml
new file mode 100644
index 0000000..e346a59
--- /dev/null
+++ b/firewall-s3/vm/ksd/vm/strongswan.yaml
@@ -0,0 +1,73 @@
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: strongswan
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  running: true
+  template:
+    metadata:
+      labels:
+        kubevirt.io/domain: strongswan
+    spec:
+      domain:
+        cpu:
+          cores: 2
+        resources:
+          requests:
+            memory: 2Gi
+            cpu: 1
+          limits:
+            memory: 2Gi
+            cpu: 2
+        memory:
+          guest: 2Gi
+        devices:
+          rng: {}
+          networkInterfaceMultiqueue: true
+          disks:
+            - name: containerdisk
+              disk:
+                bus: virtio
+            - name: cloudinitdisk
+              disk:
+                bus: virtio
+          interfaces:
+            - name: wan
+              masquerade: {}
+              ports:
+                - port: 4500
+                - port: 443
+                - port: 22
+                - port: 500
+            - name: mgmt
+              bridge: {}
+            - name: lan
+              bridge: {}
+      networks:
+        - name: wan
+          pod: {}
+        - name: mgmt
+          multus:
+            networkName: ${TENANT_NAMESPACE}/mgmt-net
+        - name: lan
+          multus:
+            networkName: ${TENANT_NAMESPACE}/lan-net
+      terminationGracePeriodSeconds: 180
+      volumes:
+        - name: containerdisk
+          containerDisk:
+            image: quay.io/containerdisks/ubuntu:22.04
+        - name: cloudinitdisk
+          cloudInitNoCloud:
+            userData: |
+              #cloud-config
+              users:
+                - name: testuser
+                  groups: [sudo]
+                  sudo: "ALL=(ALL) NOPASSWD:ALL"
+                  lock_passwd: false
+                  passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
+              chpasswd:
+                expire: false
+              ssh_pwauth: true
\ No newline at end of file

From fb1c82659fd7ccd547388522da35dce7c2d2dd38 Mon Sep 17 00:00:00 2001
From: Efstratios Kolovos <efstratios.kolovos@phoenix-systems.ch>
Date: Tue, 22 Jul 2025 11:29:24 +0200
Subject: [PATCH 3/5] Update kustomization

---
 firewall-s3/ks-vm.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml
index 61e2924..827133e 100644
--- a/firewall-s3/ks-vm.yaml
+++ b/firewall-s3/ks-vm.yaml
@@ -7,7 +7,7 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./firewall-s3/vm/ksd
+  path: ./firewall-s3
   prune: true
   sourceRef:
     kind: GitRepository

From c84c1fcd788476ff1d39635753c3c8d17dc8b3f6 Mon Sep 17 00:00:00 2001
From: Efstratios Kolovos <efstratios.kolovos@phoenix-systems.ch>
Date: Tue, 22 Jul 2025 13:02:04 +0200
Subject: [PATCH 4/5] Add test-connectivity

---
 .../loadbalancers/fortigate-wan.yaml          | 30 ++++++++
 .../network-definitions/lan.yaml              | 20 +++++
 .../network-definitions/mgmt.yaml             | 20 +++++
 .../test-connectivity/vm/fortigate.yaml       | 77 +++++++++++++++++++
 .../test-connectivity/vm/strongswan.yaml      | 73 ++++++++++++++++++
 5 files changed, 220 insertions(+)
 create mode 100644 firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml
 create mode 100644 firewall-s3/test-connectivity/network-definitions/lan.yaml
 create mode 100644 firewall-s3/test-connectivity/network-definitions/mgmt.yaml
 create mode 100644 firewall-s3/test-connectivity/vm/fortigate.yaml
 create mode 100644 firewall-s3/test-connectivity/vm/strongswan.yaml

diff --git a/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml
new file mode 100644
index 0000000..fd0a1db
--- /dev/null
+++ b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: fortigate-lb-test
+  namespace: ${TENANT_NAMESPACE}
+  labels:
+    app.kubernetes.io/component: fortigate-lb
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - port: 4500
+      name: ipsec-nat
+      targetPort: 4500
+      protocol: UDP
+    - port: 500
+      name: key-management
+      targetPort: 500
+      protocol: UDP
+    #- port: 22
+    #  name: ssh
+    #  targetPort: 22
+    #  protocol: TCP
+    - port: 443
+      name: https
+      targetPort: 443
+      protocol: TCP
+  selector:
+    kubevirt.io/domain: fortigate-ksd
diff --git a/firewall-s3/test-connectivity/network-definitions/lan.yaml b/firewall-s3/test-connectivity/network-definitions/lan.yaml
new file mode 100644
index 0000000..1c32a21
--- /dev/null
+++ b/firewall-s3/test-connectivity/network-definitions/lan.yaml
@@ -0,0 +1,20 @@
+# apiVersion: "k8s.cni.cncf.io/v1"
+# kind: NetworkAttachmentDefinition
+# metadata:
+#   name: lan-net
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   config: '{
+#     "cniVersion": "0.3.1",
+#     "type": "bridge",
+#     "bridge": "br-lan",
+#     "ipam": {
+#       "type": "static",
+#       "addresses": [
+#         {
+#           "address": "172.168.100.2/24",
+#           "gateway": "172.168.100.1"
+#         }
+#       ]
+#     }
+#   }'
\ No newline at end of file
diff --git a/firewall-s3/test-connectivity/network-definitions/mgmt.yaml b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml
new file mode 100644
index 0000000..1f18275
--- /dev/null
+++ b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml
@@ -0,0 +1,20 @@
+# apiVersion: "k8s.cni.cncf.io/v1"
+# kind: NetworkAttachmentDefinition
+# metadata:
+#   name: mgmt-net
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   config: '{
+#     "cniVersion": "0.3.1",
+#     "type": "bridge",
+#     "bridge": "br-mgmt",
+#     "ipam": {
+#       "type": "static",
+#       "addresses": [
+#         {
+#           "address": "192.168.10.100/24",
+#           "gateway": "192.168.10.1"
+#         }
+#       ]
+#     }
+#   }'
\ No newline at end of file
diff --git a/firewall-s3/test-connectivity/vm/fortigate.yaml b/firewall-s3/test-connectivity/vm/fortigate.yaml
new file mode 100644
index 0000000..d1d61bf
--- /dev/null
+++ b/firewall-s3/test-connectivity/vm/fortigate.yaml
@@ -0,0 +1,77 @@
+# apiVersion: kubevirt.io/v1
+# kind: VirtualMachine
+# metadata:
+#   name: fortigate-ksd
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   dataVolumeTemplates:
+#     - metadata:
+#         name: fortigate-rootdisk-ksd
+#       spec:
+#         source:
+#           http:
+#             url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2"
+#             #secretRef: s3-virt-credentials
+#         storage:
+#           resources:
+#             requests:
+#               storage: 30Gi
+#   runStrategy: Always
+#   template:
+#     metadata:
+#       labels:
+#         kubevirt.io/domain: fortigate-ksd
+#     spec:
+#       domain:
+#         cpu:
+#           cores: 1
+#         memory:
+#           guest: 2Gi
+#         features:
+#           acpi: {}
+#           smm:
+#             enabled: true
+#         firmware:
+#           bootloader:
+#             efi:
+#               secureBoot: false
+#         devices:
+#           rng: {}
+#           networkInterfaceMultiqueue: true
+#           interfaces:
+#             - name: wan
+#               masquerade: {}
+#               ports:
+#               - port: 4500
+#               - port: 443
+#               - port: 22
+#               - port: 500
+#             - name: mgmt
+#               bridge: {}
+#             - name: lan
+#               bridge: {}
+#           disks:
+#             - disk:
+#                 bus: sata
+#               name: rootdisk
+#         resources:
+#           requests:
+#             memory: 2Gi
+#             cpu: 1
+#           limits:
+#             memory: 2Gi
+#             cpu: 1
+#       networks:
+#         - name: wan
+#           pod: {}
+#         - name: mgmt
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/mgmt-net
+#         - name: lan
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/lan-net
+#       terminationGracePeriodSeconds: 180
+#       volumes:
+#         - name: rootdisk
+#           dataVolume:
+#             name: fortigate-rootdisk-ksd
\ No newline at end of file
diff --git a/firewall-s3/test-connectivity/vm/strongswan.yaml b/firewall-s3/test-connectivity/vm/strongswan.yaml
new file mode 100644
index 0000000..f982232
--- /dev/null
+++ b/firewall-s3/test-connectivity/vm/strongswan.yaml
@@ -0,0 +1,73 @@
+# apiVersion: kubevirt.io/v1
+# kind: VirtualMachine
+# metadata:
+#   name: strongswan
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   running: true
+#   template:
+#     metadata:
+#       labels:
+#         kubevirt.io/domain: strongswan
+#     spec:
+#       domain:
+#         cpu:
+#           cores: 2
+#         resources:
+#           requests:
+#             memory: 2Gi
+#             cpu: 1
+#           limits:
+#             memory: 2Gi
+#             cpu: 2
+#         memory:
+#           guest: 2Gi
+#         devices:
+#           rng: {}
+#           networkInterfaceMultiqueue: true
+#           disks:
+#             - name: containerdisk
+#               disk:
+#                 bus: virtio
+#             - name: cloudinitdisk
+#               disk:
+#                 bus: virtio
+#           interfaces:
+#             - name: wan
+#               masquerade: {}
+#               ports:
+#                 - port: 4500
+#                 - port: 443
+#                 - port: 22
+#                 - port: 500
+#             - name: mgmt
+#               bridge: {}
+#             - name: lan
+#               bridge: {}
+#       networks:
+#         - name: wan
+#           pod: {}
+#         - name: mgmt
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/mgmt-net
+#         - name: lan
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/lan-net
+#       terminationGracePeriodSeconds: 180
+#       volumes:
+#         - name: containerdisk
+#           containerDisk:
+#             image: quay.io/containerdisks/ubuntu:22.04
+#         - name: cloudinitdisk
+#           cloudInitNoCloud:
+#             userData: |
+#               #cloud-config
+#               users:
+#                 - name: testuser
+#                   groups: [sudo]
+#                   sudo: "ALL=(ALL) NOPASSWD:ALL"
+#                   lock_passwd: false
+#                   passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
+#               chpasswd:
+#                 expire: false
+#               ssh_pwauth: true
\ No newline at end of file

From 397323fec0c6e2057105cafb43d8a7be55fa9e78 Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate-bot@phoenix-technologies.ch>
Date: Tue, 22 Jul 2025 11:10:28 +0000
Subject: [PATCH 5/5] feat(docker-image)!: Update nginx Docker tag to v21

---
 templates/image-server/nginx/helmrelease.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml
index 0937d41..ecbc88f 100644
--- a/templates/image-server/nginx/helmrelease.yaml
+++ b/templates/image-server/nginx/helmrelease.yaml
@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: nginx
-      version: 19.1.1
+      version: 21.0.8
       sourceRef:
         kind: HelmRepository
         name: bitnami