phoenix-oss/tenant-demo
1
0
Fork 0
generated from phoenix-oss/tenant-tpl
Code Issues 1 Pull requests 4 Projects Releases Packages Wiki Activity Actions

Compare commits

base: phoenix-oss:766e20575b9bb31aff429df61c827e81f820dfb5
Branches Tags
phoenix-oss:main
phoenix-oss:renovate/nginx-21.x
phoenix-oss:renovate/quay.io-containerdisks-ubuntu-24.x
phoenix-oss:renovate/ubuntu-24.x
phoenix-oss:renovate/helmrelease-2.x
..
compare: phoenix-oss:94a23cce8e226ff3dc1f2bceff9dd6e15e721bda
Branches Tags
phoenix-oss:renovate/nginx-21.x
phoenix-oss:main
phoenix-oss:renovate/quay.io-containerdisks-ubuntu-24.x
phoenix-oss:renovate/ubuntu-24.x
phoenix-oss:renovate/helmrelease-2.x

1 commit
766e20575b ... 94a23cce8e

Author SHA1 Message Date
Renovate Bot
94a23cce8e feat(docker-image)!: Update quay.io/containerdisks/ubuntu Docker tag to v24 2025-07-22 11:13:55 +00:00
26 changed files with 228 additions and 510 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitattributes vendored
View file

@ -1,3 +0,0 @@
*.sh text eol=lf
*.yml text eol=lf
*.yaml text eol=lf

33
.gitignore vendored
View file

@ -1,33 +0,0 @@
# Eclipse
.project
.classpath
.settings/
bin/
# IntelliJ
.idea
*.ipr
*.iml
*.iws
# NetBeans
nb-configuration.xml
# Visual Studio Code
.vscode
.factorypath
# OSX
.DS_Store
# Vim
*.swp
*.swo
# patch
*.orig
*.rej
# Local environment
.env

14
container/debug2/alpine.yaml
View file

@ -1,14 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: alpine-test2
namespace: ${TENANT_NAMESPACE}
spec:
containers:
- name: alpine2
image: alpine:latest
command: ["/bin/sh"]
args: ["-c", "while true; do sleep 3600; done"]
stdin: true
tty: true
restartPolicy: Never

2
firewall-s3/ks-vm.yaml
View file

@ -7,7 +7,7 @@ spec:
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
path: ./firewall-s3/vm/ksd path: ./firewall-s3
prune: true prune: true
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository

30
firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml Normal file
View file

@ -0,0 +1,30 @@
---
apiVersion: v1
kind: Service
metadata:
name: fortigate-lb-test
namespace: ${TENANT_NAMESPACE}
labels:
app.kubernetes.io/component: fortigate-lb
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- port: 4500
name: ipsec-nat
targetPort: 4500
protocol: UDP
- port: 500
name: key-management
targetPort: 500
protocol: UDP
#- port: 22
# name: ssh
# targetPort: 22
# protocol: TCP
- port: 443
name: https
targetPort: 443
protocol: TCP
selector:
kubevirt.io/domain: fortigate-ksd

20
firewall-s3/test-connectivity/network-definitions/lan.yaml Normal file
View file

@ -0,0 +1,20 @@
# apiVersion: "k8s.cni.cncf.io/v1"
# kind: NetworkAttachmentDefinition
# metadata:
# name: lan-net
# namespace: ${TENANT_NAMESPACE}
# spec:
# config: '{
# "cniVersion": "0.3.1",
# "type": "bridge",
# "bridge": "br-lan",
# "ipam": {
# "type": "static",
# "addresses": [
# {
# "address": "172.168.100.2/24",
# "gateway": "172.168.100.1"
# }
# ]
# }
# }'

20
firewall-s3/test-connectivity/network-definitions/mgmt.yaml Normal file
View file

@ -0,0 +1,20 @@
# apiVersion: "k8s.cni.cncf.io/v1"
# kind: NetworkAttachmentDefinition
# metadata:
# name: mgmt-net
# namespace: ${TENANT_NAMESPACE}
# spec:
# config: '{
# "cniVersion": "0.3.1",
# "type": "bridge",
# "bridge": "br-mgmt",
# "ipam": {
# "type": "static",
# "addresses": [
# {
# "address": "192.168.10.100/24",
# "gateway": "192.168.10.1"
# }
# ]
# }
# }'

77
firewall-s3/test-connectivity/vm/fortigate.yaml Normal file
View file

@ -0,0 +1,77 @@
# apiVersion: kubevirt.io/v1
# kind: VirtualMachine
# metadata:
# name: fortigate-ksd
# namespace: ${TENANT_NAMESPACE}
# spec:
# dataVolumeTemplates:
# - metadata:
# name: fortigate-rootdisk-ksd
# spec:
# source:
# http:
# url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2"
# #secretRef: s3-virt-credentials
# storage:
# resources:
# requests:
# storage: 30Gi
# runStrategy: Always
# template:
# metadata:
# labels:
# kubevirt.io/domain: fortigate-ksd
# spec:
# domain:
# cpu:
# cores: 1
# memory:
# guest: 2Gi
# features:
# acpi: {}
# smm:
# enabled: true
# firmware:
# bootloader:
# efi:
# secureBoot: false
# devices:
# rng: {}
# networkInterfaceMultiqueue: true
# interfaces:
# - name: wan
# masquerade: {}
# ports:
# - port: 4500
# - port: 443
# - port: 22
# - port: 500
# - name: mgmt
# bridge: {}
# - name: lan
# bridge: {}
# disks:
# - disk:
# bus: sata
# name: rootdisk
# resources:
# requests:
# memory: 2Gi
# cpu: 1
# limits:
# memory: 2Gi
# cpu: 1
# networks:
# - name: wan
# pod: {}
# - name: mgmt
# multus:
# networkName: ${TENANT_NAMESPACE}/mgmt-net
# - name: lan
# multus:
# networkName: ${TENANT_NAMESPACE}/lan-net
# terminationGracePeriodSeconds: 180
# volumes:
# - name: rootdisk
# dataVolume:
# name: fortigate-rootdisk-ksd

73
firewall-s3/test-connectivity/vm/strongswan.yaml Normal file
View file

@ -0,0 +1,73 @@
# apiVersion: kubevirt.io/v1
# kind: VirtualMachine
# metadata:
# name: strongswan
# namespace: ${TENANT_NAMESPACE}
# spec:
# running: true
# template:
# metadata:
# labels:
# kubevirt.io/domain: strongswan
# spec:
# domain:
# cpu:
# cores: 2
# resources:
# requests:
# memory: 2Gi
# cpu: 1
# limits:
# memory: 2Gi
# cpu: 2
# memory:
# guest: 2Gi
# devices:
# rng: {}
# networkInterfaceMultiqueue: true
# disks:
# - name: containerdisk
# disk:
# bus: virtio
# - name: cloudinitdisk
# disk:
# bus: virtio
# interfaces:
# - name: wan
# masquerade: {}
# ports:
# - port: 4500
# - port: 443
# - port: 22
# - port: 500
# - name: mgmt
# bridge: {}
# - name: lan
# bridge: {}
# networks:
# - name: wan
# pod: {}
# - name: mgmt
# multus:
# networkName: ${TENANT_NAMESPACE}/mgmt-net
# - name: lan
# multus:
# networkName: ${TENANT_NAMESPACE}/lan-net
# terminationGracePeriodSeconds: 180
# volumes:
# - name: containerdisk
# containerDisk:
# image: quay.io/containerdisks/ubuntu:22.04
# - name: cloudinitdisk
# cloudInitNoCloud:
# userData: |
# #cloud-config
# users:
# - name: testuser
# groups: [sudo]
# sudo: "ALL=(ALL) NOPASSWD:ALL"
# lock_passwd: false
# passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
# chpasswd:
# expire: false
# ssh_pwauth: true

2
firewall-s3/vm/ksd/network-definitions/lan.yaml
View file

@ -12,7 +12,7 @@ spec:
"type": "static", "type": "static",
"addresses": [ "addresses": [
{ {
"address": "172.168.100.0/24", "address": "172.168.100.2/24",
"gateway": "172.168.100.1" "gateway": "172.168.100.1"
} }
] ]

2
firewall-s3/vm/ksd/network-definitions/mgmt.yaml
View file

@ -12,7 +12,7 @@ spec:
"type": "static", "type": "static",
"addresses": [ "addresses": [
{ {
"address": "192.168.10.0/24", "address": "192.168.10.100/24",
"gateway": "192.168.10.1" "gateway": "192.168.10.1"
} }
] ]

10
kustomization.yaml
View file

@ -4,6 +4,8 @@ resources:
- vars/ks.yaml - vars/ks.yaml
- repos/ks.yaml - repos/ks.yaml
- network/ks-lb.yaml - network/ks-lb.yaml
- firewall/ks-vm.yaml
- firewall-dev/ks-vm.yaml
- firewall-s3/ks-vm.yaml - firewall-s3/ks-vm.yaml
- windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-vm.yaml
- windows-vm-standard/ks-pvc.yaml - windows-vm-standard/ks-pvc.yaml
@ -11,15 +13,9 @@ resources:
- windows-vm-standard-dev/ks-pvc.yaml - windows-vm-standard-dev/ks-pvc.yaml
- ubuntu-vm-1/ks.yaml - ubuntu-vm-1/ks.yaml
- ubuntu-vm-2/ks.yaml - ubuntu-vm-2/ks.yaml
- ubuntu-vm-3/ks.yaml
- ubuntu-vm-4-john/ks.yaml
- container/ks-debug.yaml - container/ks-debug.yaml
- templates/image-server/ks-nginx.yaml - templates/image-server/ks-nginx.yaml
- templates/image-server/ks-pvc.yaml - templates/image-server/ks-pvc.yaml
- templates/image-server/ks-route.yaml - templates/image-server/ks-route.yaml
- templates/windowsserver/ks-flavor.yaml - templates/windowsserver/ks-flavor.yaml
- templates/windowsserver-rh/ks-flavor.yaml - templates/windowsserver-rh/ks-flavor.yaml
- postgres/ks.yaml
# - windows-vm-standard-john/ks-vm.yaml
# - windows-vm-standard-john/ks-pvc.yaml
# - windows-vm-standard-john/windows-lb.yaml

122
postgres/app/helmrelease.yaml
View file

@ -1,122 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgres
namespace: ${TENANT_NAMESPACE}
spec:
serviceAccountName: ${TECHNICAL_ACCOUNT}
interval: 30m
chart:
spec:
chart: cluster
version: 0.3.1
sourceRef:
kind: HelmRepository
name: cloudnative-pg
namespace: ${TENANT_NAMESPACE}
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
# check the complete configuration options at
# https://raw.githubusercontent.com/cloudnative-pg/charts/refs/tags/cluster-v0.3.1/charts/cluster/values.yaml
type: postgresql
mode: standalone
version:
postgresql: "17.5"
cluster:
instances: 3
storage:
size: 10Gi
# default storage class on ai-2 cluster, on basel or staging you
# should use 'ocs-storagecluster-ceph-rbd' instead
storageClass: ibm-spectrum-scale-fileset
walStorage:
# It's not mandatory to split WAL from the main data volume.
# However, doing so helps to avoid issues with the main data volume
# in cases where WAL exporting to the backup server experiences
# issues. For example, in scenarios where there's network congestion
# or even failures, the WAL may end up accumulating too much data
# to the point where the volume fills up, blocking the cluster from
# operating properly.
enabled: true
size: 10Gi
storageClass: ibm-spectrum-scale-fileset
resources:
requests:
cpu: "500m"
memory: 1Gi
limits:
cpu: "1"
memory: 1Gi
enableSuperuserAccess: true
superuserSecret: postgres-superuser
affinity:
topologyKey: failure-domain.beta.kubernetes.io/zone
postgresql:
parameters:
shared_buffers: 256MB
max_connections: "400"
initdb:
database: app
owner: app
options: []
encoding: UTF8
backups:
# As indicated by the 'enabled' flag, backups are disabled on
# this deployment. But the remaining of the block serves as an
# example of how to configure this cluster to export backups to
# a S3 bucket hosted on a MinIO server.
#
# For more information, refer to the helm chart's values.yaml
# or the official documentation at
# https://cloudnative-pg.io/documentation/1.26/backup/
enabled: false
endpointURL: https://glacier-1.kvant.cloud
provider: s3
s3:
bucket: phoenix-openshift-backups
path: /demo-postgres
# Ideally, you will never commit credentials in plain text;
# these values are here just for illustration. For a way to
# properly load them from kubernetes' secrets, refer to the
# commented-ou section 'valuesFrom' placed right below
accessKey: your-access-key
secretKey: your-secret-key
secret:
create: true
wal:
# If exporting to MinIO S3, you may have to disable encryption.
# This is how you achieve it
encryption: ""
data:
encryption: ""
scheduledBackups:
# You can give it any name and change the scheduled time to what
# fits your strategy. This serves as an example of how to configure
# the cluster to export a daily backup to the S3 bucket using
# barman object storage. You can also back up volumes instead.
# Check the backup documentation to find more information on
# which option suits you best.
- name: daily-minio
schedule: "@daily"
backupOwnerReference: self
method: barmanObjectStore
retentionPolicy: "180d" # It is mandatory to match this value with the bucket's retention period
# valuesFrom:
# - kind: Secret
# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair
# valuesKey: ACCESS_KEY_ID # name of the key inside the secret that holds the access key value
# targetPath: backups.s3.accessKey # path of the configuration that will be assigned the access key value
# optional: false
# - kind: Secret
# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair
# valuesKey: ACCESS_SECRET_KEY # name of the key inside the secret that holds the secret key value
# targetPath: backups.s3.secretKey # path of the configuration that will be assigned the secret key value
# optional: false

23
postgres/ks.yaml
View file

@ -1,23 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app postgres
namespace: ${TENANT_NAMESPACE}
spec:
targetNamespace: ${TENANT_NAMESPACE}
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./postgres/app
prune: true
sourceRef:
kind: GitRepository
name: tenant-repos
wait: true
interval: 10m
retryInterval: 1m
timeout: 5m
dependsOn:
- name: vars

10
repos/helm/cloudnative-pg.yaml
View file

@ -1,10 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cloudnative-pg
namespace: ${TENANT_NAMESPACE}
spec:
interval: 5m0s
url: https://cloudnative-pg.github.io/charts

18
ubuntu-vm-3/ks.yaml
View file

@ -1,18 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app ubuntu-vm-3
namespace: ${TENANT_NAMESPACE}
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./ubuntu-vm-3/ubuntu
prune: true
sourceRef:
kind: GitRepository
name: tenant-repos
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

50
ubuntu-vm-3/ubuntu/ubuntu-vm.yaml
View file

@ -1,50 +0,0 @@
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: ubuntu-vm-3
namespace: ${TENANT_NAMESPACE}
spec:
running: true
template:
metadata:
labels:
kubevirt.io/domain: ubuntu-vm-3
spec:
domain:
cpu:
cores: 2
devices:
disks:
- disk:
bus: virtio
name: containerdisk
- disk:
bus: virtio
name: cloudinitdisk
resources:
requests:
memory: 2Gi
cpu: 1
limits:
memory: 2Gi
cpu: 2
memory:
guest: 2Gi
volumes:
- name: containerdisk
containerDisk:
image: quay.io/containerdisks/ubuntu:24.04
- name: cloudinitdisk
cloudInitNoCloud:
userData: |
#cloud-config
users:
- name: testuser
groups: [sudo]
sudo: "ALL=(ALL) NOPASSWD:ALL"
lock_passwd: false
passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
chpasswd:
expire: false
ssh_pwauth: true

18
ubuntu-vm-4-john/ks.yaml
View file

@ -1,18 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app ubuntu-vm-4-john
namespace: ${TENANT_NAMESPACE}
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./ubuntu-vm-4-john/ubuntu
prune: true
sourceRef:
kind: GitRepository
name: tenant-repos
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

48
ubuntu-vm-4-john/ubuntu/ubuntu-vm.yaml
View file

@ -1,48 +0,0 @@
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: ubuntu-vm-4-john
namespace: kubevirt-vms
spec:
running: true
template:
metadata:
labels:
kubevirt.io/domain: ubuntu-vm-4-john
spec:
domain:
cpu:
cores: 2
devices:
disks:
- disk:
bus: virtio
name: containerdisk
- disk:
bus: virtio
name: cloudinitdisk
resources:
requests:
memory: 2Gi
cpu: 1
limits:
memory: 2Gi
cpu: 2
memory:
guest: 2Gi
volumes:
- name: containerdisk
containerDisk:
image: quay.io/containerdisks/ubuntu:24.04
- name: cloudinitdisk
cloudInitNoCloud:
userData: |
#cloud-config
hostname: ubuntu-vm-2
ssh_pwauth: True
users:
- name: ubuntu
ssh-authorized-keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu
sudo: ['ALL=(ALL) NOPASSWD:ALL']
shell: /bin/bash

2
windows-vm-standard-dev/pvc/datadisk.yaml
View file

@ -9,4 +9,4 @@ spec:
- ReadWriteMany - ReadWriteMany
resources: resources:
requests: requests:
storage: 50Gi storage: 200Gi

2
windows-vm-standard-dev/vm/server.yaml
View file

@ -10,7 +10,7 @@ spec:
spec: spec:
source: source:
http: http:
url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/windows-server-2022-uefi-ns.qcow2" url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2
storage: storage:
resources: resources:
requests: requests:

18
windows-vm-standard-john/ks-pvc.yaml
View file

@ -1,18 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app windows-pvc-john
namespace: ${TENANT_NAMESPACE}
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./windows-vm-standard-john/pvc
prune: true
sourceRef:
kind: GitRepository
name: tenant-repos
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

18
windows-vm-standard-john/ks-vm.yaml
View file

@ -1,18 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app windows-vm-standard-john
namespace: ${TENANT_NAMESPACE}
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./windows-vm-standard-john/vm
prune: true
sourceRef:
kind: GitRepository
name: tenant-repos
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

12
windows-vm-standard-john/pvc/datadisk.yaml
View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: windows-vm-datadisk-john
spec:
storageClassName: ibm-spectrum-scale-fileset
volumeMode: Filesystem
accessModes:
- ReadWriteMany
resources:
requests:
storage: 200Gi

82
windows-vm-standard-john/vm/server.yaml
View file

@ -1,82 +0,0 @@
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: windows-vm-standard-john
namespace: ${TENANT_NAMESPACE}
spec:
dataVolumeTemplates:
- metadata:
name: windows-rootdisk-john
spec:
source:
http:
url: http://nginx.demo.svc.cluster.local:80/windows-server-2022-uefi-ns.qcow2
storage:
resources:
requests:
storage: 80Gi
# sourceRef:
# kind: DataSource
# name: win2k22
# namespace: openshift-virtualization-os-images
runStrategy: Always
template:
metadata:
labels:
kubevirt.io/domain: windows-vm-standard-john
spec:
domain:
cpu:
cores: 4
memory:
guest: 8Gi
features:
acpi: {}
smm:
enabled: true
firmware:
bootloader:
efi: {}
devices:
rng: {}
networkInterfaceMultiqueue: true
interfaces:
- name: default
masquerade: {}
ports:
- port: 8080
- port: 443
- port: 22
- port: 3389
disks:
- disk:
bus: sata
name: rootdisk-john
- disk:
bus: sata
name: datadisk-john
# - disk:
# bus: scsi
# name: cloudinitdisk
resources:
requests:
memory: 8Gi
cpu: 4
limits:
memory: 8Gi
cpu: 4
networks:
- name: default
pod: {}
terminationGracePeriodSeconds: 180
volumes:
- name: rootdisk-john
dataVolume:
name: windows-rootdisk-john
- name: datadisk-john
persistentVolumeClaim:
claimName: windows-vm-datadisk-john
#- name: cloudinitdisk
# cloudInitNoCloud:
# secretRef:
# name: windows-cloud-init

29
windows-vm-standard-john/windows-lb.yaml
View file

@ -1,29 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: windows-lb-john
namespace: ${TENANT_NAMESPACE}
labels:
app.kubernetes.io/component: windows-lb-john
spec:
type: LoadBalancer
ports:
- port: 8080
name: http
targetPort: 8080
protocol: TCP
- port: 443
name: https
targetPort: 443
protocol: TCP
- port: 65022
name: ssh
targetPort: 22
protocol: TCP
- port: 3389
name: rdp
targetPort: 3389
protocol: TCP
selector:
kubevirt.io/domain: windows-vm-standard-john