feat(docker-image)!: Update nginx Docker tag to v21

kustomization.yaml

@@ -5,6 +5,7 @@ resources:
   - repos/ks.yaml
   - network/ks-lb.yaml
   - firewall-s3/ks-vm.yaml
+  - test-connectivity/ks.yaml
   - windows-vm-standard/ks-vm.yaml
   - windows-vm-standard/ks-pvc.yaml
   - windows-vm-standard-dev/ks-vm.yaml

test-connectivity/app/test-connectivity/loadbalancers/fortigate-wan.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: fortigate-lb-test
+  namespace: ${TENANT_NAMESPACE}
+  labels:
+    app.kubernetes.io/component: fortigate-lb
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - port: 4500
+      name: ipsec-nat
+      targetPort: 4500
+      protocol: UDP
+    - port: 500
+      name: key-management
+      targetPort: 500
+      protocol: UDP
+    #- port: 22
+    #  name: ssh
+    #  targetPort: 22
+    #  protocol: TCP
+    - port: 443
+      name: https
+      targetPort: 443
+      protocol: TCP
+  selector:
+    kubevirt.io/domain: fortigate-ksd

test-connectivity/app/test-connectivity/network-definitions/lan.yaml

@@ -0,0 +1,19 @@
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+  name: lan-ovn-160
+spec:
+  config: |
+    {
+      "cniVersion": "0.3.1",
+      "type": "ovn-k8s-cni-overlay",
+      "name": "lan-ovn-160",
+      "topology": "layer2",
+      "subnets": [
+        {"cidr": "192.168.160.0/24"}
+      ],
+      "mtu": 1400,
+      "routes": [
+        {"dst": "10.60.0.0/16", "gw": "192.168.10.1"}
+      ]
+    }

test-connectivity/app/test-connectivity/network-definitions/mgmt.yaml

@@ -0,0 +1,20 @@
+# apiVersion: "k8s.cni.cncf.io/v1"
+# kind: NetworkAttachmentDefinition
+# metadata:
+#   name: mgmt-net
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   config: '{
+#     "cniVersion": "0.3.1",
+#     "type": "bridge",
+#     "bridge": "br-mgmt",
+#     "ipam": {
+#       "type": "static",
+#       "addresses": [
+#         {
+#           "address": "192.168.10.100/24",
+#           "gateway": "192.168.10.1"
+#         }
+#       ]
+#     }
+#   }'

test-connectivity/app/test-connectivity/pod/pod.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dualnet-pod-ovn
+  annotations:
+    k8s.v1.cni.cncf.io/networks: |
+      [
+        {
+          "name": "lan-ovn-160",
+          "namespace": "${TENANT_NAMESPACE}",
+          "interface": "net1"
+        }
+      ]
+spec:
+  containers:
+    - name: toolbox
+      image: quay.io/centos/centos:stream9
+      command: [ "/bin/bash", "-c", "sleep infinity" ]
+  restartPolicy: Never

test-connectivity/app/test-connectivity/vm/fortigate.yaml

@@ -0,0 +1,77 @@
+# apiVersion: kubevirt.io/v1
+# kind: VirtualMachine
+# metadata:
+#   name: fortigate-ksd
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   dataVolumeTemplates:
+#     - metadata:
+#         name: fortigate-rootdisk-ksd
+#       spec:
+#         source:
+#           http:
+#             url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2"
+#             #secretRef: s3-virt-credentials
+#         storage:
+#           resources:
+#             requests:
+#               storage: 30Gi
+#   runStrategy: Always
+#   template:
+#     metadata:
+#       labels:
+#         kubevirt.io/domain: fortigate-ksd
+#     spec:
+#       domain:
+#         cpu:
+#           cores: 1
+#         memory:
+#           guest: 2Gi
+#         features:
+#           acpi: {}
+#           smm:
+#             enabled: true
+#         firmware:
+#           bootloader:
+#             efi:
+#               secureBoot: false
+#         devices:
+#           rng: {}
+#           networkInterfaceMultiqueue: true
+#           interfaces:
+#             - name: wan
+#               masquerade: {}
+#               ports:
+#               - port: 4500
+#               - port: 443
+#               - port: 22
+#               - port: 500
+#             - name: mgmt
+#               bridge: {}
+#             - name: lan
+#               bridge: {}
+#           disks:
+#             - disk:
+#                 bus: sata
+#               name: rootdisk
+#         resources:
+#           requests:
+#             memory: 2Gi
+#             cpu: 1
+#           limits:
+#             memory: 2Gi
+#             cpu: 1
+#       networks:
+#         - name: wan
+#           pod: {}
+#         - name: mgmt
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/mgmt-net
+#         - name: lan
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/lan-net
+#       terminationGracePeriodSeconds: 180
+#       volumes:
+#         - name: rootdisk
+#           dataVolume:
+#             name: fortigate-rootdisk-ksd

test-connectivity/app/test-connectivity/vm/strongswan.yaml

@@ -0,0 +1,73 @@
+# apiVersion: kubevirt.io/v1
+# kind: VirtualMachine
+# metadata:
+#   name: strongswan
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   running: true
+#   template:
+#     metadata:
+#       labels:
+#         kubevirt.io/domain: strongswan
+#     spec:
+#       domain:
+#         cpu:
+#           cores: 2
+#         resources:
+#           requests:
+#             memory: 2Gi
+#             cpu: 1
+#           limits:
+#             memory: 2Gi
+#             cpu: 2
+#         memory:
+#           guest: 2Gi
+#         devices:
+#           rng: {}
+#           networkInterfaceMultiqueue: true
+#           disks:
+#             - name: containerdisk
+#               disk:
+#                 bus: virtio
+#             - name: cloudinitdisk
+#               disk:
+#                 bus: virtio
+#           interfaces:
+#             - name: wan
+#               masquerade: {}
+#               ports:
+#                 - port: 4500
+#                 - port: 443
+#                 - port: 22
+#                 - port: 500
+#             - name: mgmt
+#               bridge: {}
+#             - name: lan
+#               bridge: {}
+#       networks:
+#         - name: wan
+#           pod: {}
+#         - name: mgmt
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/mgmt-net
+#         - name: lan
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/lan-net
+#       terminationGracePeriodSeconds: 180
+#       volumes:
+#         - name: containerdisk
+#           containerDisk:
+#             image: quay.io/containerdisks/ubuntu:22.04
+#         - name: cloudinitdisk
+#           cloudInitNoCloud:
+#             userData: |
+#               #cloud-config
+#               users:
+#                 - name: testuser
+#                   groups: [sudo]
+#                   sudo: "ALL=(ALL) NOPASSWD:ALL"
+#                   lock_passwd: false
+#                   passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
+#               chpasswd:
+#                 expire: false
+#               ssh_pwauth: true

test-connectivity/ks.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app test-connectivity
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./test-connectivity/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m