phoenix-oss/tenant-demo
1
0
Fork 0
generated from phoenix-oss/tenant-tpl
Code Issues 1 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Compare commits

base: phoenix-oss:7555e53662aa54a4a9b99fc6e129299eb8e4fb1a
Branches Tags
phoenix-oss:main
phoenix-oss:renovate/nginx-21.x
phoenix-oss:renovate/quay.io-containerdisks-ubuntu-24.x
phoenix-oss:renovate/helmrelease-2.x
..
compare: phoenix-oss:48a6f5f997448cf5353dfa556f9479823c8c5758
Branches Tags
phoenix-oss:main
phoenix-oss:renovate/nginx-21.x
phoenix-oss:renovate/quay.io-containerdisks-ubuntu-24.x
phoenix-oss:renovate/helmrelease-2.x

1 commit
7555e53662 ... 48a6f5f997

Author SHA1 Message Date
Renovate Bot
48a6f5f997 feat(docker-image)!: Update nginx Docker tag to v21 2025-07-17 23:07:43 +00:00
10 changed files with 195 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

18
firewall-dev/ks-vm.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app fortigate-dev
namespace: ${TENANT_NAMESPACE}
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./firewall-dev/vm
prune: true
sourceRef:
kind: GitRepository
name: tenant-repos
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

64
firewall-dev/vm/fortigate.yaml Normal file
View file

@ -0,0 +1,64 @@
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: fortigate-dev
namespace: ${TENANT_NAMESPACE}
spec:
dataVolumeTemplates:
- metadata:
name: fortigate-rootdisk-dev
spec:
source:
http:
url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2
storage:
resources:
requests:
storage: 30Gi
runStrategy: Always
template:
metadata:
labels:
kubevirt.io/domain: fortigate-dev
spec:
domain:
cpu:
cores: 2
memory:
guest: 4Gi
features:
acpi: {}
smm:
enabled: true
firmware:
bootloader:
efi:
secureBoot: true
devices:
rng: {}
networkInterfaceMultiqueue: true
interfaces:
- name: default
masquerade: {}
ports:
- port: 443
- port: 22
disks:
- disk:
bus: sata
name: rootdisk
resources:
requests:
memory: 4Gi
cpu: 2
limits:
memory: 4Gi
cpu: 2
networks:
- name: default
pod: {}
terminationGracePeriodSeconds: 180
volumes:
- name: rootdisk
dataVolume:
name: fortigate-rootdisk-dev

2
firewall-s3/ks-vm.yaml
View file

@ -7,7 +7,7 @@ spec:
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
path: ./firewall-s3/vm/ksd path: ./firewall-s3/vm
prune: true prune: true
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository

38
firewall-s3/vm/ksd/vm/fortigate.yaml → firewall-s3/vm/fortigate.yaml
View file

@ -1,12 +1,14 @@
apiVersion: kubevirt.io/v1 apiVersion: kubevirt.io/v1
kind: VirtualMachine kind: VirtualMachine
metadata: metadata:
name: fortigate-ksd name: fortigate-s3
namespace: ${TENANT_NAMESPACE} namespace: ${TENANT_NAMESPACE}
annotations:
#kubevirt.io/allow-pod-bridge-network-live-migration:
spec: spec:
dataVolumeTemplates: dataVolumeTemplates:
- metadata: - metadata:
name: fortigate-rootdisk-ksd name: fortigate-rootdisk-s3
spec: spec:
source: source:
http: http:
@ -20,16 +22,16 @@ spec:
template: template:
metadata: metadata:
labels: labels:
kubevirt.io/domain: fortigate-ksd kubevirt.io/domain: fortigate-s3
spec: spec:
domain: domain:
cpu: cpu:
cores: 1 cores: 2
memory: memory:
guest: 2Gi guest: 4Gi
features: features:
acpi: {} acpi: {}
smm: smm:
enabled: true enabled: true
firmware: firmware:
bootloader: bootloader:
@ -39,39 +41,29 @@ spec:
rng: {} rng: {}
networkInterfaceMultiqueue: true networkInterfaceMultiqueue: true
interfaces: interfaces:
- name: wan - name: external
masquerade: {} masquerade: {}
ports: ports:
- port: 4500 - port: 4500
- port: 443 - port: 443
- port: 22 - port: 22
- port: 500 - port: 500
- name: mgmt
bridge: {}
- name: lan
bridge: {}
disks: disks:
- disk: - disk:
bus: sata bus: sata
name: rootdisk name: rootdisk
resources: resources:
requests: requests:
memory: 2Gi memory: 4Gi
cpu: 1 cpu: 2
limits: limits:
memory: 2Gi memory: 4Gi
cpu: 1 cpu: 2
networks: networks:
- name: wan - name: external
pod: {} pod: {}
- name: mgmt
multus:
networkName: ${TENANT_NAMESPACE}/mgmt-net
- name: lan
multus:
networkName: ${TENANT_NAMESPACE}/lan-net
terminationGracePeriodSeconds: 180 terminationGracePeriodSeconds: 180
volumes: volumes:
- name: rootdisk - name: rootdisk
dataVolume: dataVolume:
name: fortigate-rootdisk-ksd name: fortigate-rootdisk-s3

30
firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml
View file

@ -1,30 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: fortigate-lb
namespace: ${TENANT_NAMESPACE}
labels:
app.kubernetes.io/component: fortigate-lb
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- port: 4500
name: ipsec-nat
targetPort: 4500
protocol: UDP
- port: 500
name: key-management
targetPort: 500
protocol: UDP
#- port: 22
# name: ssh
# targetPort: 22
# protocol: TCP
- port: 443
name: https
targetPort: 443
protocol: TCP
selector:
kubevirt.io/domain: fortigate-ksd

20
firewall-s3/vm/ksd/network-definitions/lan.yaml
View file

@ -1,20 +0,0 @@
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: lan-net
namespace: ${TENANT_NAMESPACE}
spec:
config: '{
"cniVersion": "0.3.1",
"type": "bridge",
"bridge": "br-lan",
"ipam": {
"type": "static",
"addresses": [
{
"address": "172.168.100.2/24",
"gateway": "172.168.100.1"
}
]
}
}'

14
firewall-s3/vm/ksd/network-definitions/mgmt.yaml
View file

@ -1,14 +0,0 @@
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: mgmt-net
namespace: ${TENANT_NAMESPACE}
spec:
config: '{
"cniVersion": "0.3.1",
"type": "bridge",
"bridge": "br-mgmt",
"ipam": {
"type": "dhcp"
}
}'

18
firewall/ks-vm.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app fortigate
namespace: ${TENANT_NAMESPACE}
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./firewall/vm
prune: true
sourceRef:
kind: GitRepository
name: tenant-repos
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

72
firewall/vm/fortigate.yaml Normal file
View file

@ -0,0 +1,72 @@
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: fortigate
namespace: ${TENANT_NAMESPACE}
spec:
dataVolumeTemplates:
- metadata:
name: fortigate-rootdisk
spec:
source:
http:
url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2
storage:
resources:
requests:
storage: 30Gi
runStrategy: Always
template:
metadata:
labels:
kubevirt.io/domain: fortigate
spec:
domain:
cpu:
cores: 2
memory:
guest: 4Gi
devices:
rng: {}
networkInterfaceMultiqueue: true
interfaces:
- name: default
masquerade: {}
ports:
- port: 80
- port: 443
- port: 22
- port: 2222
- port: 5050
disks:
- disk:
bus: sata
name: rootdisk
# - disk:
# bus: scsi
# name: datadisk
# - disk:
# bus: scsi
# name: cloudinitdisk
resources:
requests:
memory: 4Gi
cpu: 2
limits:
memory: 4Gi
cpu: 2
networks:
- name: default
pod: {}
terminationGracePeriodSeconds: 180
volumes:
- name: rootdisk
dataVolume:
name: fortigate-rootdisk
# - name: datadisk
# persistentVolumeClaim:
# claimName: gitlab-datadisk
# - name: cloudinitdisk
# cloudInitNoCloud:
# secretRef:
# name: gitlab-cloud-init

16
ubuntu-vm-1/ubuntu/ubuntu-vm.yaml
View file

@ -38,13 +38,11 @@ spec:
cloudInitNoCloud: cloudInitNoCloud:
userData: | userData: |
#cloud-config #cloud-config
hostname: ubuntu-vm-1
ssh_pwauth: True
users: users:
- name: testuser - name: ubuntu
groups: [sudo] ssh-authorized-keys:
sudo: "ALL=(ALL) NOPASSWD:ALL" - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu
lock_passwd: false sudo: ['ALL=(ALL) NOPASSWD:ALL']
passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" shell: /bin/bash
chpasswd:
expire: false
ssh_pwauth: true