diff --git a/firewall-dev/ks-vm.yaml b/firewall-dev/ks-vm.yaml new file mode 100644 index 0000000..aa1db72 --- /dev/null +++ b/firewall-dev/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate-dev + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall-dev/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall-dev/vm/fortigate.yaml b/firewall-dev/vm/fortigate.yaml new file mode 100644 index 0000000..e0b92a8 --- /dev/null +++ b/firewall-dev/vm/fortigate.yaml @@ -0,0 +1,64 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate-dev + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk-dev + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate-dev + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: true + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 443 + - port: 22 + disks: + - disk: + bus: sata + name: rootdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk-dev \ No newline at end of file diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml index 61e2924..a365abc 100644 --- a/firewall-s3/ks-vm.yaml +++ b/firewall-s3/ks-vm.yaml @@ -7,7 +7,7 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./firewall-s3/vm/ksd + path: ./firewall-s3/vm prune: true sourceRef: kind: GitRepository diff --git a/firewall-s3/vm/ksd/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml similarity index 66% rename from firewall-s3/vm/ksd/vm/fortigate.yaml rename to firewall-s3/vm/fortigate.yaml index 83562dd..755f5ea 100644 --- a/firewall-s3/vm/ksd/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -1,12 +1,14 @@ apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: - name: fortigate-ksd + name: fortigate-s3 namespace: ${TENANT_NAMESPACE} + annotations: + #kubevirt.io/allow-pod-bridge-network-live-migration: spec: dataVolumeTemplates: - metadata: - name: fortigate-rootdisk-ksd + name: fortigate-rootdisk-s3 spec: source: http: @@ -20,16 +22,16 @@ spec: template: metadata: labels: - kubevirt.io/domain: fortigate-ksd + kubevirt.io/domain: fortigate-s3 spec: domain: cpu: - cores: 1 + cores: 2 memory: - guest: 2Gi + guest: 4Gi features: acpi: {} - smm: + smm: enabled: true firmware: bootloader: @@ -39,39 +41,29 @@ spec: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: wan + - name: external masquerade: {} ports: - port: 4500 - port: 443 - port: 22 - port: 500 - - name: mgmt - bridge: {} - - name: lan - bridge: {} disks: - disk: bus: sata name: rootdisk resources: requests: - memory: 2Gi - cpu: 1 + memory: 4Gi + cpu: 2 limits: - memory: 2Gi - cpu: 1 + memory: 4Gi + cpu: 2 networks: - - name: wan + - name: external pod: {} - - name: mgmt - multus: - networkName: ${TENANT_NAMESPACE}/mgmt-net - - name: lan - multus: - networkName: ${TENANT_NAMESPACE}/lan-net terminationGracePeriodSeconds: 180 volumes: - name: rootdisk dataVolume: - name: fortigate-rootdisk-ksd \ No newline at end of file + name: fortigate-rootdisk-s3 \ No newline at end of file diff --git a/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml b/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml deleted file mode 100644 index 00ea2c3..0000000 --- a/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: fortigate-lb - namespace: ${TENANT_NAMESPACE} - labels: - app.kubernetes.io/component: fortigate-lb -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ports: - - port: 4500 - name: ipsec-nat - targetPort: 4500 - protocol: UDP - - port: 500 - name: key-management - targetPort: 500 - protocol: UDP - #- port: 22 - # name: ssh - # targetPort: 22 - # protocol: TCP - - port: 443 - name: https - targetPort: 443 - protocol: TCP - selector: - kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/vm/ksd/network-definitions/lan.yaml b/firewall-s3/vm/ksd/network-definitions/lan.yaml deleted file mode 100644 index ccc343b..0000000 --- a/firewall-s3/vm/ksd/network-definitions/lan.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - name: lan-net - namespace: ${TENANT_NAMESPACE} -spec: - config: '{ - "cniVersion": "0.3.1", - "type": "bridge", - "bridge": "br-lan", - "ipam": { - "type": "static", - "addresses": [ - { - "address": "172.168.100.2/24", - "gateway": "172.168.100.1" - } - ] - } - }' \ No newline at end of file diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml deleted file mode 100644 index a1e6f34..0000000 --- a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - name: mgmt-net - namespace: ${TENANT_NAMESPACE} -spec: - config: '{ - "cniVersion": "0.3.1", - "type": "bridge", - "bridge": "br-mgmt", - "ipam": { - "type": "dhcp" - } - }' \ No newline at end of file diff --git a/firewall/ks-vm.yaml b/firewall/ks-vm.yaml new file mode 100644 index 0000000..257d4ce --- /dev/null +++ b/firewall/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall/vm/fortigate.yaml b/firewall/vm/fortigate.yaml new file mode 100644 index 0000000..b0f6236 --- /dev/null +++ b/firewall/vm/fortigate.yaml @@ -0,0 +1,72 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 80 + - port: 443 + - port: 22 + - port: 2222 + - port: 5050 + disks: + - disk: + bus: sata + name: rootdisk + # - disk: + # bus: scsi + # name: datadisk + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk + # - name: datadisk + # persistentVolumeClaim: + # claimName: gitlab-datadisk + # - name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: gitlab-cloud-init \ No newline at end of file diff --git a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml index 31e1d2e..af8a38c 100644 --- a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml @@ -38,13 +38,11 @@ spec: cloudInitNoCloud: userData: | #cloud-config + hostname: ubuntu-vm-1 + ssh_pwauth: True users: - - name: testuser - groups: [sudo] - sudo: "ALL=(ALL) NOPASSWD:ALL" - lock_passwd: false - passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" - - chpasswd: - expire: false - ssh_pwauth: true \ No newline at end of file + - name: ubuntu + ssh-authorized-keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu + sudo: ['ALL=(ALL) NOPASSWD:ALL'] + shell: /bin/bash \ No newline at end of file