diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..23b6552 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +*.sh text eol=lf +*.yml text eol=lf +*.yaml text eol=lf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4949f76 --- /dev/null +++ b/.gitignore @@ -0,0 +1,33 @@ +# Eclipse +.project +.classpath +.settings/ +bin/ + +# IntelliJ +.idea +*.ipr +*.iml +*.iws + +# NetBeans +nb-configuration.xml + +# Visual Studio Code +.vscode +.factorypath + +# OSX +.DS_Store + +# Vim +*.swp +*.swo + +# patch +*.orig +*.rej + +# Local environment +.env + diff --git a/container/debug/alpine.yaml b/container/debug/alpine.yaml new file mode 100644 index 0000000..8f2b5f9 --- /dev/null +++ b/container/debug/alpine.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: alpine-test + namespace: ${TENANT_NAMESPACE} +spec: + containers: + - name: alpine + image: alpine:latest + command: ["/bin/sh"] + args: ["-c", "while true; do sleep 3600; done"] + stdin: true + tty: true + restartPolicy: Never \ No newline at end of file diff --git a/container/debug2/alpine.yaml b/container/debug2/alpine.yaml new file mode 100644 index 0000000..e272e52 --- /dev/null +++ b/container/debug2/alpine.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: alpine-test2 + namespace: ${TENANT_NAMESPACE} +spec: + containers: + - name: alpine2 + image: alpine:latest + command: ["/bin/sh"] + args: ["-c", "while true; do sleep 3600; done"] + stdin: true + tty: true + restartPolicy: Never \ No newline at end of file diff --git a/templates/windowsserver/ks-dv.yaml b/container/ks-debug.yaml similarity index 85% rename from templates/windowsserver/ks-dv.yaml rename to container/ks-debug.yaml index 3cfa0f1..9c78fde 100644 --- a/templates/windowsserver/ks-dv.yaml +++ b/container/ks-debug.yaml @@ -1,13 +1,13 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app dv + name: &app debug namespace: ${TENANT_NAMESPACE} spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./templates/windowsserver/dv + path: ./container/debug prune: true sourceRef: kind: GitRepository diff --git a/echo-server/app/helmrelease.yaml b/echo-server/app/helmrelease.yaml deleted file mode 100644 index 7250687..0000000 --- a/echo-server/app/helmrelease.yaml +++ /dev/null @@ -1,103 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: &app echo-server -spec: - serviceAccountName: ${TECHNICAL_ACCOUNT} - interval: 30m - chart: - spec: - chart: app-template - version: 3.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: ${TENANT_NAMESPACE} - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - strategy: rollback - retries: 3 - values: - controllers: - echo-server: - replicas: 2 - strategy: RollingUpdate - containers: - app: - image: - repository: ghcr.io/mendhak/http-https-echo - tag: 33 - env: - HTTP_PORT: &port 8080 - LOG_WITHOUT_NEWLINE: true - LOG_IGNORE_PATH: /healthz - PROMETHEUS_ENABLED: true - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /healthz - port: *port - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } - seccompProfile: - type: RuntimeDefault - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - memory: 64Mi - cpu: 100m - defaultPodOptions: - securityContext: - runAsNonRoot: true - seccompProfile: { type: RuntimeDefault } - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - service: - app: - controller: echo-server - ports: - http: - port: *port - serviceMonitor: - app: - serviceName: echo-server - endpoints: - - port: http - scheme: http - path: /metrics - interval: 1m - scrapeTimeout: 10s - ingress: - app: - className: external - hosts: - - host: "{{ .Release.Name }}-${TENANT_DOMAIN}" - paths: - - path: / - service: - identifier: app - port: http - diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml new file mode 100644 index 0000000..61e2924 --- /dev/null +++ b/firewall-s3/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall-s3/vm/ksd + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml b/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml new file mode 100644 index 0000000..00ea2c3 --- /dev/null +++ b/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + #- port: 22 + # name: ssh + # targetPort: 22 + # protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/vm/ksd/network-definitions/lan.yaml b/firewall-s3/vm/ksd/network-definitions/lan.yaml new file mode 100644 index 0000000..db390ad --- /dev/null +++ b/firewall-s3/vm/ksd/network-definitions/lan.yaml @@ -0,0 +1,20 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: lan-net + namespace: ${TENANT_NAMESPACE} +spec: + config: '{ + "cniVersion": "0.3.1", + "type": "bridge", + "bridge": "br-lan", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "172.168.100.0/24", + "gateway": "172.168.100.1" + } + ] + } + }' \ No newline at end of file diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml new file mode 100644 index 0000000..9917a83 --- /dev/null +++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml @@ -0,0 +1,20 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: mgmt-net + namespace: ${TENANT_NAMESPACE} +spec: + config: '{ + "cniVersion": "0.3.1", + "type": "bridge", + "bridge": "br-mgmt", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "192.168.10.0/24", + "gateway": "192.168.10.1" + } + ] + } + }' \ No newline at end of file diff --git a/firewall-s3/vm/ksd/vm/fortigate.yaml b/firewall-s3/vm/ksd/vm/fortigate.yaml new file mode 100644 index 0000000..83562dd --- /dev/null +++ b/firewall-s3/vm/ksd/vm/fortigate.yaml @@ -0,0 +1,77 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate-ksd + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk-ksd + spec: + source: + http: + url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" + #secretRef: s3-virt-credentials + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate-ksd + spec: + domain: + cpu: + cores: 1 + memory: + guest: 2Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: false + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: wan + masquerade: {} + ports: + - port: 4500 + - port: 443 + - port: 22 + - port: 500 + - name: mgmt + bridge: {} + - name: lan + bridge: {} + disks: + - disk: + bus: sata + name: rootdisk + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 1 + networks: + - name: wan + pod: {} + - name: mgmt + multus: + networkName: ${TENANT_NAMESPACE}/mgmt-net + - name: lan + multus: + networkName: ${TENANT_NAMESPACE}/lan-net + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/firewall-s3/vm/ksd/vm/strongswan.yaml b/firewall-s3/vm/ksd/vm/strongswan.yaml new file mode 100644 index 0000000..e346a59 --- /dev/null +++ b/firewall-s3/vm/ksd/vm/strongswan.yaml @@ -0,0 +1,73 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: strongswan + namespace: ${TENANT_NAMESPACE} +spec: + running: true + template: + metadata: + labels: + kubevirt.io/domain: strongswan + spec: + domain: + cpu: + cores: 2 + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 + memory: + guest: 2Gi + devices: + rng: {} + networkInterfaceMultiqueue: true + disks: + - name: containerdisk + disk: + bus: virtio + - name: cloudinitdisk + disk: + bus: virtio + interfaces: + - name: wan + masquerade: {} + ports: + - port: 4500 + - port: 443 + - port: 22 + - port: 500 + - name: mgmt + bridge: {} + - name: lan + bridge: {} + networks: + - name: wan + pod: {} + - name: mgmt + multus: + networkName: ${TENANT_NAMESPACE}/mgmt-net + - name: lan + multus: + networkName: ${TENANT_NAMESPACE}/lan-net + terminationGracePeriodSeconds: 180 + volumes: + - name: containerdisk + containerDisk: + image: quay.io/containerdisks/ubuntu:22.04 + - name: cloudinitdisk + cloudInitNoCloud: + userData: | + #cloud-config + users: + - name: testuser + groups: [sudo] + sudo: "ALL=(ALL) NOPASSWD:ALL" + lock_passwd: false + passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" + chpasswd: + expire: false + ssh_pwauth: true \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index ccaf633..c830edf 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -3,10 +3,22 @@ kind: Kustomization resources: - vars/ks.yaml - repos/ks.yaml - - echo-server/ks.yaml + - network/ks-lb.yaml + - firewall-s3/ks-vm.yaml + - windows-vm-standard/ks-vm.yaml + - windows-vm-standard/ks-pvc.yaml + - windows-vm-standard-dev/ks-vm.yaml + - windows-vm-standard-dev/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml + - ubuntu-vm-3-john/ks.yaml + - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml - - templates/windowsserver/ks-dv.yaml - - templates/windowsserver/ks-flavor.yaml \ No newline at end of file + - templates/image-server/ks-route.yaml + - templates/windowsserver/ks-flavor.yaml + - templates/windowsserver-rh/ks-flavor.yaml + - postgres/ks.yaml +# - windows-vm-standard-john/ks-vm.yaml +# - windows-vm-standard-john/ks-pvc.yaml +# - windows-vm-standard-john/windows-lb.yaml diff --git a/network/ks-lb.yaml b/network/ks-lb.yaml new file mode 100644 index 0000000..25ae3ef --- /dev/null +++ b/network/ks-lb.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app lb + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./network/loadbalancers + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/network/loadbalancers/fortigate-lb.yaml b/network/loadbalancers/fortigate-lb.yaml new file mode 100644 index 0000000..13f8eae --- /dev/null +++ b/network/loadbalancers/fortigate-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + - port: 22 + name: ssh + targetPort: 22 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-s3 \ No newline at end of file diff --git a/network/loadbalancers/windows-lb.yaml b/network/loadbalancers/windows-lb.yaml new file mode 100644 index 0000000..3a20507 --- /dev/null +++ b/network/loadbalancers/windows-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: windows-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: windows-lb +spec: + type: LoadBalancer + ports: + - port: 8080 + name: http + targetPort: 8080 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + - port: 65022 + name: ssh + targetPort: 22 + protocol: TCP + - port: 3389 + name: rdp + targetPort: 3389 + protocol: TCP + selector: + kubevirt.io/domain: windows-vm-standard diff --git a/postgres/app/helmrelease.yaml b/postgres/app/helmrelease.yaml new file mode 100644 index 0000000..9af65c0 --- /dev/null +++ b/postgres/app/helmrelease.yaml @@ -0,0 +1,122 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgres + namespace: ${TENANT_NAMESPACE} +spec: + serviceAccountName: ${TECHNICAL_ACCOUNT} + interval: 30m + chart: + spec: + chart: cluster + version: 0.3.1 + sourceRef: + kind: HelmRepository + name: cloudnative-pg + namespace: ${TENANT_NAMESPACE} + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + # check the complete configuration options at + # https://raw.githubusercontent.com/cloudnative-pg/charts/refs/tags/cluster-v0.3.1/charts/cluster/values.yaml + type: postgresql + mode: standalone + version: + postgresql: "17.5" + cluster: + instances: 3 + storage: + size: 10Gi + # default storage class on ai-2 cluster, on basel or staging you + # should use 'ocs-storagecluster-ceph-rbd' instead + storageClass: ibm-spectrum-scale-fileset + walStorage: + # It's not mandatory to split WAL from the main data volume. + # However, doing so helps to avoid issues with the main data volume + # in cases where WAL exporting to the backup server experiences + # issues. For example, in scenarios where there's network congestion + # or even failures, the WAL may end up accumulating too much data + # to the point where the volume fills up, blocking the cluster from + # operating properly. + enabled: true + size: 10Gi + storageClass: ibm-spectrum-scale-fileset + resources: + requests: + cpu: "500m" + memory: 1Gi + limits: + cpu: "1" + memory: 1Gi + enableSuperuserAccess: true + superuserSecret: postgres-superuser + affinity: + topologyKey: failure-domain.beta.kubernetes.io/zone + postgresql: + parameters: + shared_buffers: 256MB + max_connections: "400" + initdb: + database: app + owner: app + options: [] + encoding: UTF8 + backups: + # As indicated by the 'enabled' flag, backups are disabled on + # this deployment. But the remaining of the block serves as an + # example of how to configure this cluster to export backups to + # a S3 bucket hosted on a MinIO server. + # + # For more information, refer to the helm chart's values.yaml + # or the official documentation at + # https://cloudnative-pg.io/documentation/1.26/backup/ + enabled: false + endpointURL: https://glacier-1.kvant.cloud + provider: s3 + s3: + bucket: phoenix-openshift-backups + path: /demo-postgres + # Ideally, you will never commit credentials in plain text; + # these values are here just for illustration. For a way to + # properly load them from kubernetes' secrets, refer to the + # commented-ou section 'valuesFrom' placed right below + accessKey: your-access-key + secretKey: your-secret-key + secret: + create: true + wal: + # If exporting to MinIO S3, you may have to disable encryption. + # This is how you achieve it + encryption: "" + data: + encryption: "" + scheduledBackups: + # You can give it any name and change the scheduled time to what + # fits your strategy. This serves as an example of how to configure + # the cluster to export a daily backup to the S3 bucket using + # barman object storage. You can also back up volumes instead. + # Check the backup documentation to find more information on + # which option suits you best. + - name: daily-minio + schedule: "@daily" + backupOwnerReference: self + method: barmanObjectStore + retentionPolicy: "180d" # It is mandatory to match this value with the bucket's retention period +# valuesFrom: +# - kind: Secret +# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair +# valuesKey: ACCESS_KEY_ID # name of the key inside the secret that holds the access key value +# targetPath: backups.s3.accessKey # path of the configuration that will be assigned the access key value +# optional: false +# - kind: Secret +# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair +# valuesKey: ACCESS_SECRET_KEY # name of the key inside the secret that holds the secret key value +# targetPath: backups.s3.secretKey # path of the configuration that will be assigned the secret key value +# optional: false diff --git a/echo-server/ks.yaml b/postgres/ks.yaml similarity index 74% rename from echo-server/ks.yaml rename to postgres/ks.yaml index 4448636..0383647 100644 --- a/echo-server/ks.yaml +++ b/postgres/ks.yaml @@ -3,18 +3,21 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app echo-server + name: &app postgres namespace: ${TENANT_NAMESPACE} spec: + targetNamespace: ${TENANT_NAMESPACE} commonMetadata: labels: app.kubernetes.io/name: *app - path: ./echo-server/app + path: ./postgres/app prune: true sourceRef: kind: GitRepository name: tenant-repos - wait: false - interval: 30m + wait: true + interval: 10m retryInterval: 1m timeout: 5m + dependsOn: + - name: vars diff --git a/repos/helm/bitnami.yaml b/repos/helm/bitnami.yaml index ee7cb0f..b9f3976 100644 --- a/repos/helm/bitnami.yaml +++ b/repos/helm/bitnami.yaml @@ -5,5 +5,5 @@ metadata: namespace: ${TENANT_NAMESPACE} spec: type: oci - interval: 5m + interval: 60m url: oci://registry-1.docker.io/bitnamicharts \ No newline at end of file diff --git a/repos/helm/bjw-s.yaml b/repos/helm/cloudnative-pg.yaml similarity index 62% rename from repos/helm/bjw-s.yaml rename to repos/helm/cloudnative-pg.yaml index 932c059..e42af28 100644 --- a/repos/helm/bjw-s.yaml +++ b/repos/helm/cloudnative-pg.yaml @@ -3,10 +3,8 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: - name: bjw-s - namespace: ${TENANT_NAMESPACE}-ns + name: cloudnative-pg + namespace: ${TENANT_NAMESPACE} spec: - type: oci - interval: 5m - url: oci://ghcr.io/bjw-s/helm - + interval: 5m0s + url: https://cloudnative-pg.github.io/charts \ No newline at end of file diff --git a/templates/image-server/ks-pvc.yaml b/templates/image-server/ks-pvc.yaml index ec71dc4..200d87b 100644 --- a/templates/image-server/ks-pvc.yaml +++ b/templates/image-server/ks-pvc.yaml @@ -15,4 +15,5 @@ spec: wait: false interval: 30m retryInterval: 1m + targetNamespace: ${TENANT_NAMESPACE} timeout: 5m diff --git a/templates/image-server/ks-route.yaml b/templates/image-server/ks-route.yaml new file mode 100644 index 0000000..c3c4cf4 --- /dev/null +++ b/templates/image-server/ks-route.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app route + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./templates/image-server/route + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 8e37d22..0937d41 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -1,15 +1,15 @@ -apiVersion: helm.toolkit.fluxcd.io/v2 +apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: nginx namespace: ${TENANT_NAMESPACE} spec: serviceAccountName: ${TECHNICAL_ACCOUNT} - interval: 5m + interval: 10m chart: spec: chart: nginx - version: 20.0.0 + version: 19.1.1 sourceRef: kind: HelmRepository name: bitnami @@ -17,19 +17,14 @@ spec: values: service: type: ClusterIP - ports: - http: 80 - https: 443 ingress: enabled: true - hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud - tls: - - hosts: - - nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud + hostname: nginx.${TENANT_DOMAIN} + ingressClassName: external extraVolumes: - name: ${TENANT_NAMESPACE}-image-storage persistentVolumeClaim: claimName: ${TENANT_NAMESPACE}-image-storage extraVolumeMounts: - name: ${TENANT_NAMESPACE}-image-storage - mountPath: /usr/share/nginx/html \ No newline at end of file + mountPath: /app diff --git a/templates/image-server/pvc/image-storage.yaml b/templates/image-server/pvc/image-storage.yaml index b3d7960..1059377 100644 --- a/templates/image-server/pvc/image-storage.yaml +++ b/templates/image-server/pvc/image-storage.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ${TENANT_NAMESPACE}-image-storage - namespace: ${TENANT_NAMESPACE} + annotations: + helm.sh/resource-policy: keep spec: accessModes: - ReadWriteOnce resources: requests: storage: 120Gi - storageClassName: ocs-storagecluster-ceph-rbd \ No newline at end of file diff --git a/templates/image-server/route/http.yaml b/templates/image-server/route/http.yaml new file mode 100644 index 0000000..5588c19 --- /dev/null +++ b/templates/image-server/route/http.yaml @@ -0,0 +1,14 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: nginx + namespace: ${TENANT_NAMESPACE} +spec: + to: + kind: Service + name: nginx + port: + targetPort: 8080 + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow \ No newline at end of file diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml new file mode 100644 index 0000000..70bacca --- /dev/null +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -0,0 +1,87 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: windows-server-2022-small-redhat + namespace: '${TENANT_NAMESPACE}' + labels: + template.kubevirt.io/type: 'vm' + os.template.kubevirt.io/win2k22: 'true' + workload.template.kubevirt.io/server: 'true' + annotations: + name.os.template.kubevirt.io/win2k22: Windows Server 2022 + description: Windows Server 2022 VM + openshift.io/display-name: Windows Server 2022 + iconClass: icon-windows +objects: + - apiVersion: kubevirt.io/v1 + kind: VirtualMachine + metadata: + name: windows-server-2022-small-redhat + annotations: + description: Windows Server 2022 VM example + labels: + app: windows-server-2022-small-redhat + vm.kubevirt.io/template: 'windows-server-2022-template' + os.template.kubevirt.io/win2k22: 'true' + spec: + running: false + template: + metadata: + annotations: + vm.kubevirt.io/flavor: small + vm.kubevirt.io/os: win2k22 + vm.kubevirt.io/workload: server + labels: + kubevirt.io/domain: windows-server-2022-small-redhat + kubevirt.io/size: small + spec: + domain: + cpu: + cores: 1 + sockets: 1 + threads: 1 + devices: + disks: + - disk: + bus: virtio + name: rootdisk + interfaces: + - masquerade: {} + model: virtio + name: default + networkInterfaceMultiqueue: true + rng: {} + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + memory: + guest: 4Gi + hostname: windows-server-2022-small-redhat + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: windows-server-2022-small-redhat-dv + - apiVersion: cdi.kubevirt.io/v1beta1 + kind: DataVolume + metadata: + name: windows-server-2022-small-redhat-dv + namespace: '${TENANT_NAMESPACE}' + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + pvc: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 120Gi + storageClassName: ibm-spectrum-scale-fileset \ No newline at end of file diff --git a/templates/windowsserver-rh/ks-flavor.yaml b/templates/windowsserver-rh/ks-flavor.yaml new file mode 100644 index 0000000..efaa0d1 --- /dev/null +++ b/templates/windowsserver-rh/ks-flavor.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flavor-rh + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./templates/windowsserver-rh/flavor + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/templates/windowsserver/dv/windows-1-dv.yaml b/templates/windowsserver/dv/windows-1-dv.yaml deleted file mode 100644 index 4eec60f..0000000 --- a/templates/windowsserver/dv/windows-1-dv.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cdi.kubevirt.io/v1beta1 -kind: DataVolume -metadata: - name: windows-server-datavolume - namespace: ${TENANT_NAMESPACE} -spec: - source: - http: - url: "http://nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud/windows-server-2022.qcow2" - pvc: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 120Gi \ No newline at end of file diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml index fc3604f..cb90c4b 100644 --- a/templates/windowsserver/flavor/small.yaml +++ b/templates/windowsserver/flavor/small.yaml @@ -2,49 +2,94 @@ apiVersion: template.openshift.io/v1 kind: Template metadata: name: windows-server-2022-small - namespace: ${TENANT_NAMESPACE} + namespace: '${TENANT_NAMESPACE}' + labels: + template.kubevirt.io/type: 'vm' + os.template.kubevirt.io/win2k22: 'true' + workload.template.kubevirt.io/server: 'true' annotations: - openshift.io/display-name: "Windows Server 2022 VM" - openshift.io/documentation-url: "https://docs.microsoft.com/en-us/windows-server/" - description: "Template for deploying a Windows Server 2022 Virtual Machine on OpenShift with KubeVirt." - tags: virtualmachine,windows,server,2022 + name.os.template.kubevirt.io/win2k22: Windows Server 2022 + description: Windows Server 2022 VM template (Small) + openshift.io/display-name: Windows Server 2022 + iconClass: icon-windows objects: - apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: - name: ${VM_NAME} - namespace: ${TENANT_NAMESPACE} + name: windows-server-demo + annotations: + description: Windows Server 2022 VM Demo labels: - app: windows-server + app: windows-server-demo + vm.kubevirt.io/template: 'windows-server-2022-template' + os.template.kubevirt.io/win2k22: 'true' spec: running: false template: metadata: + annotations: + vm.kubevirt.io/flavor: small + vm.kubevirt.io/os: win2k22 + vm.kubevirt.io/workload: server labels: - kubevirt.io/domain: ${VM_NAME} + kubevirt.io/domain: windows-server-demo + kubevirt.io/size: small spec: domain: cpu: - cores: 4 + cores: 2 + sockets: 1 + threads: 1 devices: disks: - - name: rootdisk - disk: + - disk: bus: virtio + name: rootdisk + interfaces: + - masquerade: {} + model: virtio + name: default + networkInterfaceMultiqueue: true + rng: {} + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} memory: - guest: 8Gi + guest: 4Gi + hostname: windows-server-demo networks: - name: default pod: {} + terminationGracePeriodSeconds: 180 volumes: - name: rootdisk - persistentVolumeClaim: - claimName: windows-server-datavolume + dataVolume: + name: windows-server-datavolume-small + - apiVersion: cdi.kubevirt.io/v1beta1 + kind: DataVolume + metadata: + name: windows-server-datavolume-small + namespace: '${TENANT_NAMESPACE}' + spec: + source: + http: + url: http://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2 + pvc: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: '${PVC_SIZE}' parameters: - - name: windows_server_2022_small - description: Name of the Virtual Machine + #- name: IMAGE_URL + # description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image + # required: true + # value: https://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2 + - name: PVC_SIZE + description: Size of the root disk PVC required: true - - name: NAMESPACE - description: Namespace where to deploy - required: true - value: ${TENANT_NAMESPACE} \ No newline at end of file + value: 120Gi diff --git a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml index af8a38c..31e1d2e 100644 --- a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml @@ -38,11 +38,13 @@ spec: cloudInitNoCloud: userData: | #cloud-config - hostname: ubuntu-vm-1 - ssh_pwauth: True users: - - name: ubuntu - ssh-authorized-keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu - sudo: ['ALL=(ALL) NOPASSWD:ALL'] - shell: /bin/bash \ No newline at end of file + - name: testuser + groups: [sudo] + sudo: "ALL=(ALL) NOPASSWD:ALL" + lock_passwd: false + passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" + + chpasswd: + expire: false + ssh_pwauth: true \ No newline at end of file diff --git a/ubuntu-vm-3 john/ks.yaml b/ubuntu-vm-3 john/ks.yaml new file mode 100644 index 0000000..152cdec --- /dev/null +++ b/ubuntu-vm-3 john/ks.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ubuntu-vm-2 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./ubuntu-vm-2/ubuntu + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml new file mode 100644 index 0000000..1ac74ef --- /dev/null +++ b/ubuntu-vm-3 john/ubuntu/ubuntu-vm.yaml @@ -0,0 +1,48 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: ubuntu-vm-3- + namespace: kubevirt-vms +spec: + running: true + template: + metadata: + labels: + kubevirt.io/domain: ubuntu-vm-2 + spec: + domain: + cpu: + cores: 2 + devices: + disks: + - disk: + bus: virtio + name: containerdisk + - disk: + bus: virtio + name: cloudinitdisk + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 + memory: + guest: 2Gi + volumes: + - name: containerdisk + containerDisk: + image: quay.io/containerdisks/ubuntu:22.04 + - name: cloudinitdisk + cloudInitNoCloud: + userData: | + #cloud-config + hostname: ubuntu-vm-2 + ssh_pwauth: True + users: + - name: ubuntu + ssh-authorized-keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu + sudo: ['ALL=(ALL) NOPASSWD:ALL'] + shell: /bin/bash \ No newline at end of file diff --git a/vars/demo/s3-secret.yaml b/vars/demo/s3-secret.yaml new file mode 100644 index 0000000..d47fd4a --- /dev/null +++ b/vars/demo/s3-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-virt-credentials + namespace: ${TENANT_NAMESPACE} +type: Opaque +data: + accessKeyId: WWozQTdUdHgzbjNOa3NsS2VodzM= + secretKey: SUZJRWtSbnJnWDRPcnlNWmtSSjlheG41UlpnSTZhMjBvVW82Tm1lRA== \ No newline at end of file diff --git a/windows-vm-standard-dev/ks-pvc.yaml b/windows-vm-standard-dev/ks-pvc.yaml new file mode 100644 index 0000000..4602a8e --- /dev/null +++ b/windows-vm-standard-dev/ks-pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-pvc-dev + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-dev/pvc + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-dev/ks-vm.yaml b/windows-vm-standard-dev/ks-vm.yaml new file mode 100644 index 0000000..c9fb291 --- /dev/null +++ b/windows-vm-standard-dev/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-standard-dev + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-dev/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-dev/pvc/datadisk.yaml b/windows-vm-standard-dev/pvc/datadisk.yaml new file mode 100644 index 0000000..5d858e6 --- /dev/null +++ b/windows-vm-standard-dev/pvc/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-vm-datadisk-dev +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 50Gi diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml new file mode 100644 index 0000000..1b42bdc --- /dev/null +++ b/windows-vm-standard-dev/vm/server.yaml @@ -0,0 +1,83 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard-dev + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: windows-rootdisk-dev + spec: + source: + http: + url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/windows-server-2022-uefi-ns.qcow2" + storage: + resources: + requests: + storage: 80Gi + sourceRef: + kind: DataSource + name: win2k22 + namespace: kubevirt-os-images + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: windows-vm-standard-dev + spec: + domain: + cpu: + cores: 4 + memory: + guest: 8Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: true + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: + - disk: + bus: sata + name: rootdisk-dev + - disk: + bus: sata + name: datadisk-dev + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk-dev + dataVolume: + name: windows-rootdisk-dev + - name: datadisk-dev + persistentVolumeClaim: + claimName: windows-vm-datadisk-dev + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init diff --git a/windows-vm-standard-john/ks-pvc.yaml b/windows-vm-standard-john/ks-pvc.yaml new file mode 100644 index 0000000..68e3154 --- /dev/null +++ b/windows-vm-standard-john/ks-pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-pvc-john + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-john/pvc + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-john/ks-vm.yaml b/windows-vm-standard-john/ks-vm.yaml new file mode 100644 index 0000000..4b8608c --- /dev/null +++ b/windows-vm-standard-john/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-standard-john + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-john/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-john/pvc/datadisk.yaml b/windows-vm-standard-john/pvc/datadisk.yaml new file mode 100644 index 0000000..6c901ab --- /dev/null +++ b/windows-vm-standard-john/pvc/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-vm-datadisk-john +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Gi diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml new file mode 100644 index 0000000..bf952a8 --- /dev/null +++ b/windows-vm-standard-john/vm/server.yaml @@ -0,0 +1,82 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard-john + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: windows-rootdisk-john + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:80/windows-server-2022-uefi-ns.qcow2 + storage: + resources: + requests: + storage: 80Gi +# sourceRef: +# kind: DataSource +# name: win2k22 +# namespace: openshift-virtualization-os-images + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: windows-vm-standard-john + spec: + domain: + cpu: + cores: 4 + memory: + guest: 8Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: + - disk: + bus: sata + name: rootdisk-john + - disk: + bus: sata + name: datadisk-john + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk-john + dataVolume: + name: windows-rootdisk-john + - name: datadisk-john + persistentVolumeClaim: + claimName: windows-vm-datadisk-john + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init diff --git a/windows-vm-standard-john/windows-lb.yaml b/windows-vm-standard-john/windows-lb.yaml new file mode 100644 index 0000000..e9ad9f8 --- /dev/null +++ b/windows-vm-standard-john/windows-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: windows-lb-john + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: windows-lb-john +spec: + type: LoadBalancer + ports: + - port: 8080 + name: http + targetPort: 8080 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + - port: 65022 + name: ssh + targetPort: 22 + protocol: TCP + - port: 3389 + name: rdp + targetPort: 3389 + protocol: TCP + selector: + kubevirt.io/domain: windows-vm-standard-john diff --git a/windows-vm-standard/ks-pvc.yaml b/windows-vm-standard/ks-pvc.yaml new file mode 100644 index 0000000..62a22e6 --- /dev/null +++ b/windows-vm-standard/ks-pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-pvc + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard/pvc + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard/ks-vm.yaml b/windows-vm-standard/ks-vm.yaml new file mode 100644 index 0000000..3243954 --- /dev/null +++ b/windows-vm-standard/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-standard + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard/pvc/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml new file mode 100644 index 0000000..80074c7 --- /dev/null +++ b/windows-vm-standard/pvc/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-vm-datadisk +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Gi diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml new file mode 100644 index 0000000..8e381e4 --- /dev/null +++ b/windows-vm-standard/vm/server.yaml @@ -0,0 +1,82 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: windows-rootdisk + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + storage: + resources: + requests: + storage: 80Gi + sourceRef: + kind: DataSource + name: win2k22 + namespace: kubevirt-os-images + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: windows-vm-standard + spec: + domain: + cpu: + cores: 4 + memory: + guest: 8Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: + - disk: + bus: sata + name: rootdisk + - disk: + bus: sata + name: datadisk + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: windows-rootdisk + - name: datadisk + persistentVolumeClaim: + claimName: windows-vm-datadisk + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init