From 595b1335214f56412c9042c118d71b757a2f5f5b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 8 May 2025 11:15:15 +0000 Subject: [PATCH 01/66] feat(docker-image)!: Update quay.io/containerdisks/ubuntu Docker tag to v24 --- ubuntu-vm-1/ubuntu/ubuntu-vm.yaml | 2 +- ubuntu-vm-2/ubuntu/ubuntu-vm.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml index af8a38c..ca1cb48 100644 --- a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml @@ -33,7 +33,7 @@ spec: volumes: - name: containerdisk containerDisk: - image: quay.io/containerdisks/ubuntu:22.04 + image: quay.io/containerdisks/ubuntu:24.04 - name: cloudinitdisk cloudInitNoCloud: userData: | diff --git a/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml index 78e909a..85e3a0d 100644 --- a/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml @@ -33,7 +33,7 @@ spec: volumes: - name: containerdisk containerDisk: - image: quay.io/containerdisks/ubuntu:22.04 + image: quay.io/containerdisks/ubuntu:24.04 - name: cloudinitdisk cloudInitNoCloud: userData: | From 1f600af0f4c63792e5a14cdb6505b644644a7f64 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Thu, 8 May 2025 18:14:39 +0200 Subject: [PATCH 02/66] added new image --- templates/windowsserver-rh/flavor/small.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml index 9e4793b..7e60049 100644 --- a/templates/windowsserver-rh/flavor/small.yaml +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -77,7 +77,7 @@ objects: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/win2022.qcow2 + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi.qcow2 pvc: accessModes: - ReadWriteOnce From 6abfc970df785b4c7a6f68d40e2dc504ca04a690 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Fri, 9 May 2025 12:47:52 +0200 Subject: [PATCH 03/66] changed image --- templates/windowsserver-rh/flavor/small.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/windowsserver-rh/flavor/small.yaml b/templates/windowsserver-rh/flavor/small.yaml index 7e60049..70bacca 100644 --- a/templates/windowsserver-rh/flavor/small.yaml +++ b/templates/windowsserver-rh/flavor/small.yaml @@ -77,7 +77,7 @@ objects: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi.qcow2 + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 pvc: accessModes: - ReadWriteOnce From e2fb0662792cc58354c282462aa6867c552d01bd Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 12 May 2025 14:57:27 +0200 Subject: [PATCH 04/66] added windows machine via flux --- kustomization.yaml | 1 + windows-vm-1/ks.yaml | 18 +++++++ windows-vm-1/windows/windows.yaml | 78 +++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+) create mode 100644 windows-vm-1/ks.yaml create mode 100644 windows-vm-1/windows/windows.yaml diff --git a/kustomization.yaml b/kustomization.yaml index ca06816..1b066db 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -5,6 +5,7 @@ resources: - repos/ks.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml + - windows-vm-1/ks.yaml - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml diff --git a/windows-vm-1/ks.yaml b/windows-vm-1/ks.yaml new file mode 100644 index 0000000..51b7431 --- /dev/null +++ b/windows-vm-1/ks.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-1 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-1/windows + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/windows-vm-1/windows/windows.yaml b/windows-vm-1/windows/windows.yaml new file mode 100644 index 0000000..6ee20e7 --- /dev/null +++ b/windows-vm-1/windows/windows.yaml @@ -0,0 +1,78 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-server-2022-basic + namespace: ${TENANT_NAMESPACE} +spec: + running: true + template: + metadata: + annotations: + vm.kubevirt.io/os: win2k22 + vm.kubevirt.io/workload: server + labels: + kubevirt.io/domain: windows-server-2022-basic + kubevirt.io/size: small + spec: + domain: + cpu: + cores: ${CPU_CORES} + sockets: 1 + threads: 1 + devices: + disks: + - disk: + bus: virtio + name: rootdisk + interfaces: + - masquerade: {} + model: virtio + name: default + networkInterfaceMultiqueue: true + rng: {} + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + memory: + guest: ${MEMORY_SIZE} + hostname: windows-server-2022-basic + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: windows-server-2022-basic-dv +--- +apiVersion: cdi.kubevirt.io/v1beta1 +kind: DataVolume +metadata: + name: windows-server-2022-basic-dv + namespace: ${TENANT_NAMESPACE} +spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + pvc: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${PVC_SIZE} + storageClassName: ibm-spectrum-scale-fileset +--- +parameters: + - name: CPU_CORES + description: Number of vCPU cores + value: "1" + - name: MEMORY_SIZE + description: Amount of memory to assign + value: "4Gi" + - name: PVC_SIZE + description: Root disk size + value: "120Gi" \ No newline at end of file From d638ec4c45452525fe878877ed8d119cec703204 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 12 May 2025 15:02:32 +0200 Subject: [PATCH 05/66] changed parameter to values --- windows-vm-1/windows/windows.yaml | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/windows-vm-1/windows/windows.yaml b/windows-vm-1/windows/windows.yaml index 6ee20e7..8da40a7 100644 --- a/windows-vm-1/windows/windows.yaml +++ b/windows-vm-1/windows/windows.yaml @@ -16,7 +16,7 @@ spec: spec: domain: cpu: - cores: ${CPU_CORES} + cores: 1 sockets: 1 threads: 1 devices: @@ -38,7 +38,7 @@ spec: bootloader: efi: {} memory: - guest: ${MEMORY_SIZE} + guest: 4Gi hostname: windows-server-2022-basic networks: - name: default @@ -63,16 +63,5 @@ spec: - ReadWriteOnce resources: requests: - storage: ${PVC_SIZE} - storageClassName: ibm-spectrum-scale-fileset ---- -parameters: - - name: CPU_CORES - description: Number of vCPU cores - value: "1" - - name: MEMORY_SIZE - description: Amount of memory to assign - value: "4Gi" - - name: PVC_SIZE - description: Root disk size - value: "120Gi" \ No newline at end of file + storage: 120Gi + storageClassName: ibm-spectrum-scale-fileset \ No newline at end of file From 4fda3a9eff9e21e0fcb4fc8f7832d8c1decefd4d Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 09:56:07 +0200 Subject: [PATCH 06/66] Added New VM and Load Balancer --- ubuntu-vm-standard/datadisk.yaml | 12 ++++++ ubuntu-vm-standard/lb.yaml | 29 +++++++++++++ ubuntu-vm-standard/server.yaml | 71 ++++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 ubuntu-vm-standard/datadisk.yaml create mode 100644 ubuntu-vm-standard/lb.yaml create mode 100644 ubuntu-vm-standard/server.yaml diff --git a/ubuntu-vm-standard/datadisk.yaml b/ubuntu-vm-standard/datadisk.yaml new file mode 100644 index 0000000..df02419 --- /dev/null +++ b/ubuntu-vm-standard/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vm-datadisk +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Block + accessModes: + - ReadWriteMany + resources: + requests: + storage: 400Gi diff --git a/ubuntu-vm-standard/lb.yaml b/ubuntu-vm-standard/lb.yaml new file mode 100644 index 0000000..f2b54c2 --- /dev/null +++ b/ubuntu-vm-standard/lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: windows-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: windows-vm-standard +spec: + type: LoadBalancer + ports: + - port: 8080 + name: http + targetPort: 8080 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + - port: 65022 + name: ssh + targetPort: 22 + protocol: TCP + - port: 3389 + name: rdp + targetPort: 3389 + protocol: TCP + selector: + kubevirt.io/domain: windows-vm-standard diff --git a/ubuntu-vm-standard/server.yaml b/ubuntu-vm-standard/server.yaml new file mode 100644 index 0000000..ad6de61 --- /dev/null +++ b/ubuntu-vm-standard/server.yaml @@ -0,0 +1,71 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: windows-rootdisk + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: windows-vm-standard + spec: + domain: + cpu: + cores: 4 + memory: + guest: 8Gi + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: + - disk: + bus: scsi + name: rootdisk + - disk: + bus: scsi + name: datadisk + - disk: + bus: scsi + name: cloudinitdisk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: windows-rootdisk + - name: datadisk + persistentVolumeClaim: + claimName: windows-datadisk + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init From 6a78fbf5c093ec79638a1d7229643a1d94e9c9e3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 11:45:59 +0200 Subject: [PATCH 07/66] Added Kustomizations --- kustomization.yaml | 3 +++ network/ks-lb.yaml | 18 ++++++++++++++++++ .../loadbalancers/windows-lb.yaml | 0 windows-vm-standard/ks-pvc.yaml | 18 ++++++++++++++++++ windows-vm-standard/ks-vm.yaml | 18 ++++++++++++++++++ .../pvc}/datadisk.yaml | 0 .../vm}/server.yaml | 0 7 files changed, 57 insertions(+) create mode 100644 network/ks-lb.yaml rename ubuntu-vm-standard/lb.yaml => network/loadbalancers/windows-lb.yaml (100%) create mode 100644 windows-vm-standard/ks-pvc.yaml create mode 100644 windows-vm-standard/ks-vm.yaml rename {ubuntu-vm-standard => windows-vm-standard/pvc}/datadisk.yaml (100%) rename {ubuntu-vm-standard => windows-vm-standard/vm}/server.yaml (100%) diff --git a/kustomization.yaml b/kustomization.yaml index 1b066db..17f2750 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -3,6 +3,9 @@ kind: Kustomization resources: - vars/ks.yaml - repos/ks.yaml + - network/ks-lb.yaml + - windows-vm-standard/ks-vm.yaml + - windows-vm-standard/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml - windows-vm-1/ks.yaml diff --git a/network/ks-lb.yaml b/network/ks-lb.yaml new file mode 100644 index 0000000..bfb3107 --- /dev/null +++ b/network/ks-lb.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-lb + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./network/loadbalancers + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/ubuntu-vm-standard/lb.yaml b/network/loadbalancers/windows-lb.yaml similarity index 100% rename from ubuntu-vm-standard/lb.yaml rename to network/loadbalancers/windows-lb.yaml diff --git a/windows-vm-standard/ks-pvc.yaml b/windows-vm-standard/ks-pvc.yaml new file mode 100644 index 0000000..62a22e6 --- /dev/null +++ b/windows-vm-standard/ks-pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-pvc + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard/pvc + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard/ks-vm.yaml b/windows-vm-standard/ks-vm.yaml new file mode 100644 index 0000000..659a85f --- /dev/null +++ b/windows-vm-standard/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/ubuntu-vm-standard/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml similarity index 100% rename from ubuntu-vm-standard/datadisk.yaml rename to windows-vm-standard/pvc/datadisk.yaml diff --git a/ubuntu-vm-standard/server.yaml b/windows-vm-standard/vm/server.yaml similarity index 100% rename from ubuntu-vm-standard/server.yaml rename to windows-vm-standard/vm/server.yaml From 86f10cbd6d7de8e25f7734fab4ed537343c45170 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 11:46:58 +0200 Subject: [PATCH 08/66] changed label --- network/loadbalancers/windows-lb.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/loadbalancers/windows-lb.yaml b/network/loadbalancers/windows-lb.yaml index f2b54c2..3a20507 100644 --- a/network/loadbalancers/windows-lb.yaml +++ b/network/loadbalancers/windows-lb.yaml @@ -5,7 +5,7 @@ metadata: name: windows-lb namespace: ${TENANT_NAMESPACE} labels: - app.kubernetes.io/component: windows-vm-standard + app.kubernetes.io/component: windows-lb spec: type: LoadBalancer ports: From 9b64dfad0b0676c4c3678cf1b3eac5f28d5a0458 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 11:53:28 +0200 Subject: [PATCH 09/66] mistake in disc allocation --- windows-vm-standard/ks-vm.yaml | 2 +- windows-vm-standard/pvc/datadisk.yaml | 4 ++-- windows-vm-standard/vm/server.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows-vm-standard/ks-vm.yaml b/windows-vm-standard/ks-vm.yaml index 659a85f..3243954 100644 --- a/windows-vm-standard/ks-vm.yaml +++ b/windows-vm-standard/ks-vm.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app windows-vm + name: &app windows-vm-standard namespace: ${TENANT_NAMESPACE} spec: commonMetadata: diff --git a/windows-vm-standard/pvc/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml index df02419..4111e5b 100644 --- a/windows-vm-standard/pvc/datadisk.yaml +++ b/windows-vm-standard/pvc/datadisk.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: vm-datadisk + name: windows-vm-datadisk spec: storageClassName: ibm-spectrum-scale-fileset volumeMode: Block @@ -9,4 +9,4 @@ spec: - ReadWriteMany resources: requests: - storage: 400Gi + storage: 200Gi diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index ad6de61..5998ab8 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -64,7 +64,7 @@ spec: name: windows-rootdisk - name: datadisk persistentVolumeClaim: - claimName: windows-datadisk + claimName: windows-vm-datadisk #- name: cloudinitdisk # cloudInitNoCloud: # secretRef: From 1604b7e613b0f10301e4d591d3f85aa8205f31dc Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 11:58:32 +0200 Subject: [PATCH 10/66] indent --- windows-vm-standard/vm/server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 5998ab8..8e4877f 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -9,8 +9,8 @@ spec: name: windows-rootdisk spec: source: - http: - url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + http: + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 storage: resources: requests: From 0f54f22879f8f8658e17c0621c5a024c8ab1e8d7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 12:01:17 +0200 Subject: [PATCH 11/66] comment out disk for cloud init --- windows-vm-standard/vm/server.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 8e4877f..b97b2aa 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -44,9 +44,9 @@ spec: - disk: bus: scsi name: datadisk - - disk: - bus: scsi - name: cloudinitdisk + # - disk: + # bus: scsi + # name: cloudinitdisk resources: requests: memory: 8Gi From 78d1e0d3abee6b0e2599daacb6da8ff4313cda46 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 12:37:01 +0200 Subject: [PATCH 12/66] Increase rootdisk size --- windows-vm-standard/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index b97b2aa..8cbde7b 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -14,7 +14,7 @@ spec: storage: resources: requests: - storage: 30Gi + storage: 60Gi runStrategy: Always template: metadata: From 5e7cad0edc1c8f472979c201aaa60f59ac86a803 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 12:49:42 +0200 Subject: [PATCH 13/66] larger rootdisk size --- windows-vm-standard/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 8cbde7b..a85cf49 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -14,7 +14,7 @@ spec: storage: resources: requests: - storage: 60Gi + storage: 80Gi runStrategy: Always template: metadata: From 87de70c51ebe6a52d350a934d671b4bb747071a8 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 13:06:26 +0200 Subject: [PATCH 14/66] block storage not supported on AI 2 --- windows-vm-standard/pvc/datadisk.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/windows-vm-standard/pvc/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml index 4111e5b..6b8ccd6 100644 --- a/windows-vm-standard/pvc/datadisk.yaml +++ b/windows-vm-standard/pvc/datadisk.yaml @@ -4,7 +4,6 @@ metadata: name: windows-vm-datadisk spec: storageClassName: ibm-spectrum-scale-fileset - volumeMode: Block accessModes: - ReadWriteMany resources: From ca3e37e667dcb615b7542dfcd1d0d2e188f36622 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 13:10:59 +0200 Subject: [PATCH 15/66] changed volume mode --- windows-vm-standard/pvc/datadisk.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows-vm-standard/pvc/datadisk.yaml b/windows-vm-standard/pvc/datadisk.yaml index 6b8ccd6..80074c7 100644 --- a/windows-vm-standard/pvc/datadisk.yaml +++ b/windows-vm-standard/pvc/datadisk.yaml @@ -4,6 +4,7 @@ metadata: name: windows-vm-datadisk spec: storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem accessModes: - ReadWriteMany resources: From 99076daf8ead9f18d20030b1bb3ce498f93bfa63 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:11:27 +0200 Subject: [PATCH 16/66] rootdisk to virtio --- windows-vm-standard/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index a85cf49..57442a5 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -39,7 +39,7 @@ spec: - port: 3389 disks: - disk: - bus: scsi + bus: virtio name: rootdisk - disk: bus: scsi From bd1784429c833c823b6798006f1429a96e69bee7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:46:02 +0200 Subject: [PATCH 17/66] added efi bootloader --- windows-vm-standard/vm/server.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 57442a5..96bc666 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -28,19 +28,28 @@ spec: guest: 8Gi devices: rng: {} - networkInterfaceMultiqueue: true + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} interfaces: - name: default + model: virtio masquerade: {} ports: - port: 8080 - port: 443 - port: 22 - port: 3389 + networkInterfaceMultiqueue: true disks: - disk: bus: virtio name: rootdisk + bootOrder: 1 - disk: bus: scsi name: datadisk From 387d3e65bf807b71b0bad690c82c29ef7bcb6544 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:47:23 +0200 Subject: [PATCH 18/66] remove model --- windows-vm-standard/vm/server.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 96bc666..de381cc 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -37,7 +37,6 @@ spec: efi: {} interfaces: - name: default - model: virtio masquerade: {} ports: - port: 8080 From aacdc46fb01190c0a08544890a2b88ee38e392ba Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:51:35 +0200 Subject: [PATCH 19/66] indent --- windows-vm-standard/vm/server.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index de381cc..29389f8 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -35,16 +35,16 @@ spec: firmware: bootloader: efi: {} - interfaces: - - name: default - masquerade: {} - ports: - - port: 8080 - - port: 443 - - port: 22 - - port: 3389 - networkInterfaceMultiqueue: true - disks: + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + networkInterfaceMultiqueue: true + disks: - disk: bus: virtio name: rootdisk From 55105e37045e505e7e03be3c25f628facdbe01b8 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:55:08 +0200 Subject: [PATCH 20/66] indent better --- windows-vm-standard/vm/server.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 29389f8..9ba0b94 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -35,16 +35,16 @@ spec: firmware: bootloader: efi: {} - interfaces: - - name: default - masquerade: {} - ports: - - port: 8080 - - port: 443 - - port: 22 - - port: 3389 - networkInterfaceMultiqueue: true - disks: + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + networkInterfaceMultiqueue: true + disks: - disk: bus: virtio name: rootdisk From bfd039dd326a2b495159e0a50e86c71c7d311516 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 14:58:00 +0200 Subject: [PATCH 21/66] indent even better --- windows-vm-standard/vm/server.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 9ba0b94..a7176dc 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -35,16 +35,16 @@ spec: firmware: bootloader: efi: {} + networkInterfaceMultiqueue: true interfaces: - - name: default - masquerade: {} - ports: - - port: 8080 - - port: 443 - - port: 22 - - port: 3389 - networkInterfaceMultiqueue: true - disks: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: - disk: bus: virtio name: rootdisk From 63019b65298feca9fbba31b1ad86253bde647842 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 15:01:45 +0200 Subject: [PATCH 22/66] put into wrong category --- windows-vm-standard/vm/server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index a7176dc..7e3adda 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -26,8 +26,6 @@ spec: cores: 4 memory: guest: 8Gi - devices: - rng: {} features: acpi: {} smm: @@ -35,6 +33,8 @@ spec: firmware: bootloader: efi: {} + devices: + rng: {} networkInterfaceMultiqueue: true interfaces: - name: default From 4d2924f7d44c9a00bab80c6adcb4c73354c977de Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 15:07:50 +0200 Subject: [PATCH 23/66] improvements --- windows-vm-standard/vm/server.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 7e3adda..cb65300 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -38,6 +38,7 @@ spec: networkInterfaceMultiqueue: true interfaces: - name: default + model: virtio masquerade: {} ports: - port: 8080 @@ -50,7 +51,7 @@ spec: name: rootdisk bootOrder: 1 - disk: - bus: scsi + bus: virtio name: datadisk # - disk: # bus: scsi From 64458e5bad059b2aee30052f606ad2d5ce231eb9 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 15:50:38 +0200 Subject: [PATCH 24/66] smm disable --- windows-vm-standard/vm/server.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index cb65300..991e8e5 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -29,7 +29,7 @@ spec: features: acpi: {} smm: - enabled: true + enabled: false firmware: bootloader: efi: {} @@ -49,7 +49,6 @@ spec: - disk: bus: virtio name: rootdisk - bootOrder: 1 - disk: bus: virtio name: datadisk From 4c5a76347d991003618648603cbb74e00d7898ae Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 28 May 2025 15:52:26 +0200 Subject: [PATCH 25/66] enable smm --- windows-vm-standard/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 991e8e5..4c1dbde 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -29,7 +29,7 @@ spec: features: acpi: {} smm: - enabled: false + enabled: true firmware: bootloader: efi: {} From c32ae8b40a892183c5d5322d7d2f0a99a32e8f9f Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Fri, 30 May 2025 12:41:29 +0200 Subject: [PATCH 26/66] removed old method and added new test vm --- kustomization.yaml | 2 + windows-vm-1/windows/windows.yaml | 67 ---------- .../ks-pvc.yaml | 6 +- windows-vm-standard-dev/ks-vm.yaml | 18 +++ windows-vm-standard-dev/pvc/datadisk.yaml | 12 ++ windows-vm-standard-dev/vm/server.yaml | 120 ++++++++++++++++++ windows-vm-standard/vm/server.yaml | 5 +- 7 files changed, 157 insertions(+), 73 deletions(-) delete mode 100644 windows-vm-1/windows/windows.yaml rename windows-vm-1/ks.yaml => windows-vm-standard-dev/ks-pvc.yaml (79%) create mode 100644 windows-vm-standard-dev/ks-vm.yaml create mode 100644 windows-vm-standard-dev/pvc/datadisk.yaml create mode 100644 windows-vm-standard-dev/vm/server.yaml diff --git a/kustomization.yaml b/kustomization.yaml index 17f2750..aa1b067 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,8 @@ resources: - network/ks-lb.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml + - windows-vm-standard-dev/ks-vm.yaml + - windows-vm-standard-dev/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml - windows-vm-1/ks.yaml diff --git a/windows-vm-1/windows/windows.yaml b/windows-vm-1/windows/windows.yaml deleted file mode 100644 index 8da40a7..0000000 --- a/windows-vm-1/windows/windows.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: kubevirt.io/v1 -kind: VirtualMachine -metadata: - name: windows-server-2022-basic - namespace: ${TENANT_NAMESPACE} -spec: - running: true - template: - metadata: - annotations: - vm.kubevirt.io/os: win2k22 - vm.kubevirt.io/workload: server - labels: - kubevirt.io/domain: windows-server-2022-basic - kubevirt.io/size: small - spec: - domain: - cpu: - cores: 1 - sockets: 1 - threads: 1 - devices: - disks: - - disk: - bus: virtio - name: rootdisk - interfaces: - - masquerade: {} - model: virtio - name: default - networkInterfaceMultiqueue: true - rng: {} - features: - acpi: {} - smm: - enabled: true - firmware: - bootloader: - efi: {} - memory: - guest: 4Gi - hostname: windows-server-2022-basic - networks: - - name: default - pod: {} - terminationGracePeriodSeconds: 180 - volumes: - - name: rootdisk - dataVolume: - name: windows-server-2022-basic-dv ---- -apiVersion: cdi.kubevirt.io/v1beta1 -kind: DataVolume -metadata: - name: windows-server-2022-basic-dv - namespace: ${TENANT_NAMESPACE} -spec: - source: - http: - url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 - pvc: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 120Gi - storageClassName: ibm-spectrum-scale-fileset \ No newline at end of file diff --git a/windows-vm-1/ks.yaml b/windows-vm-standard-dev/ks-pvc.yaml similarity index 79% rename from windows-vm-1/ks.yaml rename to windows-vm-standard-dev/ks-pvc.yaml index 51b7431..4602a8e 100644 --- a/windows-vm-1/ks.yaml +++ b/windows-vm-standard-dev/ks-pvc.yaml @@ -1,13 +1,13 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app windows-vm-1 + name: &app windows-pvc-dev namespace: ${TENANT_NAMESPACE} spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./windows-vm-1/windows + path: ./windows-vm-standard-dev/pvc prune: true sourceRef: kind: GitRepository @@ -15,4 +15,4 @@ spec: wait: false interval: 30m retryInterval: 1m - timeout: 5m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-dev/ks-vm.yaml b/windows-vm-standard-dev/ks-vm.yaml new file mode 100644 index 0000000..c9fb291 --- /dev/null +++ b/windows-vm-standard-dev/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-standard-dev + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-dev/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-dev/pvc/datadisk.yaml b/windows-vm-standard-dev/pvc/datadisk.yaml new file mode 100644 index 0000000..86461b8 --- /dev/null +++ b/windows-vm-standard-dev/pvc/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-vm-datadisk-dev +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Gi diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml new file mode 100644 index 0000000..464be50 --- /dev/null +++ b/windows-vm-standard-dev/vm/server.yaml @@ -0,0 +1,120 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard-dev + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - apiVersion: cdi.kubevirt.io/v1beta1 + kind: DataVolume + metadata: + creationTimestamp: null + name: windows-rootdisk-dev + spec: + source: + http: + url: 'http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2' + storage: + resources: + requests: + storage: 60Gi + running: true + template: + metadata: + annotations: + vm.kubevirt.io/flavor: medium + vm.kubevirt.io/os: windows2k22 + vm.kubevirt.io/workload: server + creationTimestamp: null + labels: + kubevirt.io/domain: windows-vm-standard-dev + kubevirt.io/size: medium + spec: + architecture: amd64 + domain: + clock: + timer: + hpet: + present: false + hyperv: {} + pit: + tickPolicy: delay + rtc: + tickPolicy: catchup + utc: {} + cpu: + cores: 2 + sockets: 1 + threads: 2 + devices: + disks: + - disk: + bus: sata + name: rootdisk-dev + - cdrom: + bus: sata + name: windows-drivers-disk + - disk: + bus: sata + name: datadisk-dev + inputs: + - bus: usb + name: tablet + type: tablet + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + tpm: {} + features: + acpi: {} + apic: {} + hyperv: + reenlightenment: {} + ipi: {} + synic: {} + synictimer: + direct: {} + spinlocks: + spinlocks: 8191 + reset: {} + relaxed: {} + vpindex: {} + runtime: {} + tlbflush: {} + frequencies: {} + vapic: {} + smm: {} + firmware: + bootloader: + efi: + secureBoot: true + machine: + type: pc-q35-rhel9.2.0 + memory: + guest: 4Gi + resources: {} + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 3600 + volumes: + - name: rootdisk-dev + dataVolume: + name: windows-rootdisk-dev + - name: datadisk-dev + persistentVolumeClaim: + claimName: windows-vm-datadisk-dev + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init + - containerDisk: + image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' + name: windows-drivers-disk + diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index 4c1dbde..c5adbf9 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -38,7 +38,6 @@ spec: networkInterfaceMultiqueue: true interfaces: - name: default - model: virtio masquerade: {} ports: - port: 8080 @@ -47,10 +46,10 @@ spec: - port: 3389 disks: - disk: - bus: virtio + bus: sata name: rootdisk - disk: - bus: virtio + bus: sata name: datadisk # - disk: # bus: scsi From 1b8a324f7e52136eea16b0c53d44c8f73fe5ab52 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 2 Jun 2025 12:43:21 +0200 Subject: [PATCH 27/66] added datasource --- windows-vm-standard-dev/vm/server.yaml | 8 ++++++-- windows-vm-standard/vm/server.yaml | 4 ++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 464be50..421aa0b 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -18,7 +18,11 @@ spec: resources: requests: storage: 60Gi - running: true + sourceRef: + kind: DataSource + name: win2k22 + namespace: kubevirt-os-images + running: Halted template: metadata: annotations: @@ -49,7 +53,7 @@ spec: devices: disks: - disk: - bus: sata + bus: virtio name: rootdisk-dev - cdrom: bus: sata diff --git a/windows-vm-standard/vm/server.yaml b/windows-vm-standard/vm/server.yaml index c5adbf9..8e381e4 100644 --- a/windows-vm-standard/vm/server.yaml +++ b/windows-vm-standard/vm/server.yaml @@ -15,6 +15,10 @@ spec: resources: requests: storage: 80Gi + sourceRef: + kind: DataSource + name: win2k22 + namespace: kubevirt-os-images runStrategy: Always template: metadata: From 84bd7195fca2e835886c97da6e3ca885e8222792 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 10:45:11 +0200 Subject: [PATCH 28/66] delete k record vm 1 --- kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/kustomization.yaml b/kustomization.yaml index aa1b067..7b3aa28 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -10,7 +10,6 @@ resources: - windows-vm-standard-dev/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml - - windows-vm-1/ks.yaml - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml From 631b4a1ede7b8a7638f92d72ea17d47f960f1b1c Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 10:52:13 +0200 Subject: [PATCH 29/66] changed running strategy and changed labels --- windows-vm-standard-dev/vm/server.yaml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 421aa0b..8e46587 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -22,17 +22,11 @@ spec: kind: DataSource name: win2k22 namespace: kubevirt-os-images - running: Halted + runStrategy: Always template: metadata: - annotations: - vm.kubevirt.io/flavor: medium - vm.kubevirt.io/os: windows2k22 - vm.kubevirt.io/workload: server - creationTimestamp: null labels: kubevirt.io/domain: windows-vm-standard-dev - kubevirt.io/size: medium spec: architecture: amd64 domain: @@ -59,7 +53,7 @@ spec: bus: sata name: windows-drivers-disk - disk: - bus: sata + bus: virtio name: datadisk-dev inputs: - bus: usb From 29d8d2fed281e2f1003f6b31def1f101afa49be5 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 11:51:08 +0200 Subject: [PATCH 30/66] Issue with Datasource --- windows-vm-standard-dev/vm/server.yaml | 102 ++++++++----------------- 1 file changed, 33 insertions(+), 69 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 8e46587..de407fd 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -5,15 +5,12 @@ metadata: namespace: ${TENANT_NAMESPACE} spec: dataVolumeTemplates: - - apiVersion: cdi.kubevirt.io/v1beta1 - kind: DataVolume - metadata: - creationTimestamp: null + - metadata: name: windows-rootdisk-dev spec: source: http: - url: 'http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2' + url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 storage: resources: requests: @@ -28,38 +25,21 @@ spec: labels: kubevirt.io/domain: windows-vm-standard-dev spec: - architecture: amd64 domain: - clock: - timer: - hpet: - present: false - hyperv: {} - pit: - tickPolicy: delay - rtc: - tickPolicy: catchup - utc: {} cpu: - cores: 2 - sockets: 1 - threads: 2 + cores: 4 + memory: + guest: 8Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} devices: - disks: - - disk: - bus: virtio - name: rootdisk-dev - - cdrom: - bus: sata - name: windows-drivers-disk - - disk: - bus: virtio - name: datadisk-dev - inputs: - - bus: usb - name: tablet - type: tablet - networkInterfaceMultiqueue: true + rng: {} + networkInterfaceMultiqueue: true interfaces: - name: default masquerade: {} @@ -68,50 +48,34 @@ spec: - port: 443 - port: 22 - port: 3389 - tpm: {} - features: - acpi: {} - apic: {} - hyperv: - reenlightenment: {} - ipi: {} - synic: {} - synictimer: - direct: {} - spinlocks: - spinlocks: 8191 - reset: {} - relaxed: {} - vpindex: {} - runtime: {} - tlbflush: {} - frequencies: {} - vapic: {} - smm: {} - firmware: - bootloader: - efi: - secureBoot: true - machine: - type: pc-q35-rhel9.2.0 - memory: - guest: 4Gi - resources: {} + disks: + - disk: + bus: virtio + name: rootdisk-dev + - disk: + bus: virtio + name: datadisk-dev + - disk: + bus: sata + name: windows-drivers-disk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 networks: - name: default pod: {} - terminationGracePeriodSeconds: 3600 + terminationGracePeriodSeconds: 180 volumes: - name: rootdisk-dev dataVolume: name: windows-rootdisk-dev - - name: datadisk-dev + - name: datadisk persistentVolumeClaim: claimName: windows-vm-datadisk-dev - #- name: cloudinitdisk - # cloudInitNoCloud: - # secretRef: - # name: windows-cloud-init - containerDisk: image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' name: windows-drivers-disk From dc6e4274ddb03b5b661d83e05740689df5ddcfe7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:02:01 +0200 Subject: [PATCH 31/66] changed bus type again --- windows-vm-standard-dev/vm/server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index de407fd..02bc8f5 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -50,10 +50,10 @@ spec: - port: 3389 disks: - disk: - bus: virtio + bus: sata name: rootdisk-dev - disk: - bus: virtio + bus: sata name: datadisk-dev - disk: bus: sata From 989a3467bec9d25c02c2397593a4e432202042b7 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:05:27 +0200 Subject: [PATCH 32/66] comment out driver disk --- windows-vm-standard-dev/vm/server.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 02bc8f5..47b6c58 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -55,9 +55,9 @@ spec: - disk: bus: sata name: datadisk-dev - - disk: - bus: sata - name: windows-drivers-disk + # - disk: + # bus: sata + # name: windows-drivers-disk resources: requests: memory: 8Gi @@ -76,7 +76,7 @@ spec: - name: datadisk persistentVolumeClaim: claimName: windows-vm-datadisk-dev - - containerDisk: - image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' - name: windows-drivers-disk + # - containerDisk: + # image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' + # name: windows-drivers-disk From 7134c2d905238f2bdec9541afba6b45e6a2e1681 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:07:14 +0200 Subject: [PATCH 33/66] wrong volume name --- windows-vm-standard-dev/vm/server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 47b6c58..1006eca 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -73,7 +73,7 @@ spec: - name: rootdisk-dev dataVolume: name: windows-rootdisk-dev - - name: datadisk + - name: datadisk-dev persistentVolumeClaim: claimName: windows-vm-datadisk-dev # - containerDisk: From 1118c89f663d81fc262c31de2da68c618ef74045 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:15:24 +0200 Subject: [PATCH 34/66] change to match redhat documentation --- windows-vm-standard-dev/vm/server.yaml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 1006eca..6be7c9c 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -32,11 +32,28 @@ spec: guest: 8Gi features: acpi: {} - smm: - enabled: true + apic: {} + smm: {} + hyperv: + relaxed: {} + vapic: {} + vpindex: {} + spinlocks: + spinlocks: 8191 + synic: {} + synictimer: + direct: {} + tlbflush: {} + frequencies: {} + reenlightenment: {} + ipi: {} + runtime: {} + reset: {} firmware: bootloader: - efi: {} + efi: + secureBoot: true + persistent: true devices: rng: {} networkInterfaceMultiqueue: true From be88f635f192a7db36f5b5fdef9b1be06728808b Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 12:20:36 +0200 Subject: [PATCH 35/66] changed smm to enabled (Secureboot) --- windows-vm-standard-dev/vm/server.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 6be7c9c..1fea5dc 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -33,7 +33,8 @@ spec: features: acpi: {} apic: {} - smm: {} + smm: + enabled: true hyperv: relaxed: {} vapic: {} @@ -51,9 +52,7 @@ spec: reset: {} firmware: bootloader: - efi: - secureBoot: true - persistent: true + efi: {} devices: rng: {} networkInterfaceMultiqueue: true From 49c60fe87e92392fd823db0c53c0a033c5532ca3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 16:27:11 +0200 Subject: [PATCH 36/66] Changed back to original code --- windows-vm-standard-dev/vm/server.yaml | 32 +++++++------------------- 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 1fea5dc..99ae506 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -14,7 +14,7 @@ spec: storage: resources: requests: - storage: 60Gi + storage: 80Gi sourceRef: kind: DataSource name: win2k22 @@ -32,24 +32,8 @@ spec: guest: 8Gi features: acpi: {} - apic: {} smm: enabled: true - hyperv: - relaxed: {} - vapic: {} - vpindex: {} - spinlocks: - spinlocks: 8191 - synic: {} - synictimer: - direct: {} - tlbflush: {} - frequencies: {} - reenlightenment: {} - ipi: {} - runtime: {} - reset: {} firmware: bootloader: efi: {} @@ -71,9 +55,9 @@ spec: - disk: bus: sata name: datadisk-dev - # - disk: - # bus: sata - # name: windows-drivers-disk + # - disk: + # bus: scsi + # name: cloudinitdisk resources: requests: memory: 8Gi @@ -92,7 +76,7 @@ spec: - name: datadisk-dev persistentVolumeClaim: claimName: windows-vm-datadisk-dev - # - containerDisk: - # image: 'registry.redhat.io/container-native-virtualization/virtio-win-rhel9@sha256:841b89fee12860d1073310ce91a04a61f7bdeb1a8bda68204345b45aa45e6023' - # name: windows-drivers-disk - + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init From ad92d3393a345a32cf3322232c16c312e376c774 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 24 Jun 2025 16:31:18 +0200 Subject: [PATCH 37/66] define secure boot boolean --- windows-vm-standard-dev/vm/server.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index 99ae506..df3b980 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -36,7 +36,8 @@ spec: enabled: true firmware: bootloader: - efi: {} + efi: + secureBoot: true devices: rng: {} networkInterfaceMultiqueue: true From 4ac200e1dc1c1a62acf33f3f3fb76e4627162d08 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 25 Jun 2025 11:01:17 +0200 Subject: [PATCH 38/66] Added fortios to VM for testing --- firewall/ks-vm.yaml | 18 ++++++++++ firewall/vm/fortigate.yaml | 71 ++++++++++++++++++++++++++++++++++++++ kustomization.yaml | 1 + 3 files changed, 90 insertions(+) create mode 100644 firewall/ks-vm.yaml create mode 100644 firewall/vm/fortigate.yaml diff --git a/firewall/ks-vm.yaml b/firewall/ks-vm.yaml new file mode 100644 index 0000000..257d4ce --- /dev/null +++ b/firewall/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall/vm/fortigate.yaml b/firewall/vm/fortigate.yaml new file mode 100644 index 0000000..9d6f2f3 --- /dev/null +++ b/firewall/vm/fortigate.yaml @@ -0,0 +1,71 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:8080/fortios_v7_6_3.qcow2 + storage: + resources: + requests: + storage: 20Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + disks: + - disk: + bus: sata + name: rootdisk + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init diff --git a/kustomization.yaml b/kustomization.yaml index 7b3aa28..bc48a2c 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -4,6 +4,7 @@ resources: - vars/ks.yaml - repos/ks.yaml - network/ks-lb.yaml + - firewall/ks-vm.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml From 628d1de0e30b734123f178bf21ca9784455f6f3b Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 25 Jun 2025 11:09:35 +0200 Subject: [PATCH 39/66] removed unneccessary settings and SMM --- firewall/vm/fortigate.yaml | 40 ++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/firewall/vm/fortigate.yaml b/firewall/vm/fortigate.yaml index 9d6f2f3..84f2088 100644 --- a/firewall/vm/fortigate.yaml +++ b/firewall/vm/fortigate.yaml @@ -8,13 +8,10 @@ spec: - metadata: name: fortigate-rootdisk spec: - source: - http: - url: http://nginx.demo.svc.cluster.local:8080/fortios_v7_6_3.qcow2 storage: resources: requests: - storage: 20Gi + storage: 30Gi runStrategy: Always template: metadata: @@ -26,13 +23,6 @@ spec: cores: 2 memory: guest: 4Gi - features: - acpi: {} - smm: - enabled: true - firmware: - bootloader: - efi: {} devices: rng: {} networkInterfaceMultiqueue: true @@ -40,16 +30,21 @@ spec: - name: default masquerade: {} ports: - - port: 8080 - - port: 443 - - port: 22 + - port: 80 + - port: 443 + - port: 22 + - port: 2222 + - port: 5050 disks: - disk: bus: sata name: rootdisk - # - disk: - # bus: scsi - # name: cloudinitdisk + # - disk: + # bus: scsi + # name: datadisk + # - disk: + # bus: scsi + # name: cloudinitdisk resources: requests: memory: 4Gi @@ -65,7 +60,10 @@ spec: - name: rootdisk dataVolume: name: fortigate-rootdisk - #- name: cloudinitdisk - # cloudInitNoCloud: - # secretRef: - # name: windows-cloud-init + # - name: datadisk + # persistentVolumeClaim: + # claimName: gitlab-datadisk + # - name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: gitlab-cloud-init \ No newline at end of file From 8862ff90eb24573b2bddf7921751b34e5ced84ca Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 30 Jun 2025 11:48:40 +0200 Subject: [PATCH 40/66] Added firewall test deploy from S3 Bucket --- firewall-dev/ks-vm.yaml | 18 ++++++++++ firewall-dev/vm/fortigate.yaml | 64 ++++++++++++++++++++++++++++++++++ kustomization.yaml | 1 + 3 files changed, 83 insertions(+) create mode 100644 firewall-dev/ks-vm.yaml create mode 100644 firewall-dev/vm/fortigate.yaml diff --git a/firewall-dev/ks-vm.yaml b/firewall-dev/ks-vm.yaml new file mode 100644 index 0000000..11a4382 --- /dev/null +++ b/firewall-dev/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall-dev/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall-dev/vm/fortigate.yaml b/firewall-dev/vm/fortigate.yaml new file mode 100644 index 0000000..c0433e6 --- /dev/null +++ b/firewall-dev/vm/fortigate.yaml @@ -0,0 +1,64 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate-dev + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk-dev + spec: + source: + http: + url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_v7_6_3.qcow2 + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate-dev + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: true + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 443 + - port: 22 + disks: + - disk: + bus: sata + name: rootdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk-dev \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index bc48a2c..3214af5 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -5,6 +5,7 @@ resources: - repos/ks.yaml - network/ks-lb.yaml - firewall/ks-vm.yaml + - firewall-dev/ks-vm.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml From b30d7684722a150f91b1431a539534025878c099 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 30 Jun 2025 15:39:02 +0200 Subject: [PATCH 41/66] forgot to change app name in ks file --- firewall-dev/ks-vm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-dev/ks-vm.yaml b/firewall-dev/ks-vm.yaml index 11a4382..aa1db72 100644 --- a/firewall-dev/ks-vm.yaml +++ b/firewall-dev/ks-vm.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app fortigate + name: &app fortigate-dev namespace: ${TENANT_NAMESPACE} spec: commonMetadata: From d5f84048356f3ef82e9d77de599e781ab6a69a6b Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Mon, 30 Jun 2025 15:44:12 +0200 Subject: [PATCH 42/66] changed to nginx image --- firewall-dev/vm/fortigate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-dev/vm/fortigate.yaml b/firewall-dev/vm/fortigate.yaml index c0433e6..0a987a8 100644 --- a/firewall-dev/vm/fortigate.yaml +++ b/firewall-dev/vm/fortigate.yaml @@ -10,7 +10,7 @@ spec: spec: source: http: - url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_v7_6_3.qcow2 + url: http://nginx.demo.svc.cluster.local:8080/fortios_v7_6_3.qcow2 storage: resources: requests: From eeaece034fa600849b888dae0e87208f0f7608fc Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 2 Jul 2025 15:18:01 +0200 Subject: [PATCH 43/66] added s3 secret base64 encoded and S3 Firewall --- firewall-s3/ks-vm.yaml | 18 ++++++++++ firewall-s3/vm/fortigate.yaml | 66 +++++++++++++++++++++++++++++++++++ kustomization.yaml | 1 + vars/demo/s3-secret.yaml | 9 +++++ 4 files changed, 94 insertions(+) create mode 100644 firewall-s3/ks-vm.yaml create mode 100644 firewall-s3/vm/fortigate.yaml create mode 100644 vars/demo/s3-secret.yaml diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml new file mode 100644 index 0000000..a365abc --- /dev/null +++ b/firewall-s3/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./firewall-s3/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml new file mode 100644 index 0000000..422038c --- /dev/null +++ b/firewall-s3/vm/fortigate.yaml @@ -0,0 +1,66 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fortigate-s3 + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: fortigate-rootdisk-s3 + spec: + source: + http: + url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 + secretRef: + name: s3-virt-credentials + storage: + resources: + requests: + storage: 30Gi + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: fortigate-s3 + spec: + domain: + cpu: + cores: 2 + memory: + guest: 4Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: + secureBoot: true + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 443 + - port: 22 + disks: + - disk: + bus: sata + name: rootdisk + resources: + requests: + memory: 4Gi + cpu: 2 + limits: + memory: 4Gi + cpu: 2 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk + dataVolume: + name: fortigate-rootdisk-s3 \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index 3214af5..8aec8be 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,7 @@ resources: - network/ks-lb.yaml - firewall/ks-vm.yaml - firewall-dev/ks-vm.yaml + - firewall-s3/ks-vm.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml - windows-vm-standard-dev/ks-vm.yaml diff --git a/vars/demo/s3-secret.yaml b/vars/demo/s3-secret.yaml new file mode 100644 index 0000000..d47fd4a --- /dev/null +++ b/vars/demo/s3-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-virt-credentials + namespace: ${TENANT_NAMESPACE} +type: Opaque +data: + accessKeyId: WWozQTdUdHgzbjNOa3NsS2VodzM= + secretKey: SUZJRWtSbnJnWDRPcnlNWmtSSjlheG41UlpnSTZhMjBvVW82Tm1lRA== \ No newline at end of file From 98ee757f94d24083b5c87ca9a417644306c724a6 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 2 Jul 2025 15:39:53 +0200 Subject: [PATCH 44/66] changed secret reference to Old CDI format --- firewall-s3/vm/fortigate.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 422038c..91352bc 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -11,8 +11,7 @@ spec: source: http: url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 - secretRef: - name: s3-virt-credentials + secretRef: s3-virt-credentials storage: resources: requests: From 633f1ca564e49be2cecb9306ab1dd024e8fdfae6 Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 12:59:34 +0200 Subject: [PATCH 45/66] Set external ingress classname for nginx --- templates/image-server/nginx/helmrelease.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 2822a7e..1175b50 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -22,6 +22,7 @@ spec: ingress: enabled: true hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud + ingressClassName: external extraVolumes: - name: ${TENANT_NAMESPACE}-image-storage persistentVolumeClaim: From de9f1d50147c613bb67832bd744243b1f425445e Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 13:01:28 +0200 Subject: [PATCH 46/66] Set proper domain --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 1175b50..761867c 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -21,7 +21,7 @@ spec: http: 8080 ingress: enabled: true - hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud + hostname: nginx.${TENANT_DOMAIN} ingressClassName: external extraVolumes: - name: ${TENANT_NAMESPACE}-image-storage From 284040d0654c5134a72fff2f5e8f7a8d339b321c Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 13:09:37 +0200 Subject: [PATCH 47/66] Use lb --- templates/image-server/nginx/helmrelease.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 761867c..ba01c8e 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -16,9 +16,7 @@ spec: namespace: ${TENANT_NAMESPACE} values: service: - type: ClusterIP - ports: - http: 8080 + loadBalancer: ingress: enabled: true hostname: nginx.${TENANT_DOMAIN} From 883d8152b837cb0d6005cbc3c0e70dbd108c9030 Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 13:11:34 +0200 Subject: [PATCH 48/66] Use ip --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index ba01c8e..4dddebb 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -16,7 +16,7 @@ spec: namespace: ${TENANT_NAMESPACE} values: service: - loadBalancer: + clusterIP: ingress: enabled: true hostname: nginx.${TENANT_DOMAIN} From 9532ba8fe87c71f233fbdef65168867b6af427cb Mon Sep 17 00:00:00 2001 From: Baptiste Bonnot Date: Fri, 4 Jul 2025 13:16:51 +0200 Subject: [PATCH 49/66] Resolve conflict --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 4dddebb..0937d41 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -16,7 +16,7 @@ spec: namespace: ${TENANT_NAMESPACE} values: service: - clusterIP: + type: ClusterIP ingress: enabled: true hostname: nginx.${TENANT_DOMAIN} From 32ff5115f01299405fc62a721f71fd5183b5a50d Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Fri, 4 Jul 2025 13:48:07 +0200 Subject: [PATCH 50/66] change port and change https to http in URL --- firewall-dev/vm/fortigate.yaml | 2 +- firewall-s3/vm/fortigate.yaml | 2 +- firewall/vm/fortigate.yaml | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/firewall-dev/vm/fortigate.yaml b/firewall-dev/vm/fortigate.yaml index 0a987a8..e0b92a8 100644 --- a/firewall-dev/vm/fortigate.yaml +++ b/firewall-dev/vm/fortigate.yaml @@ -10,7 +10,7 @@ spec: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/fortios_v7_6_3.qcow2 + url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 storage: resources: requests: diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 91352bc..caaaf55 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -10,7 +10,7 @@ spec: spec: source: http: - url: https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 + url: http://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 secretRef: s3-virt-credentials storage: resources: diff --git a/firewall/vm/fortigate.yaml b/firewall/vm/fortigate.yaml index 84f2088..b0f6236 100644 --- a/firewall/vm/fortigate.yaml +++ b/firewall/vm/fortigate.yaml @@ -8,6 +8,9 @@ spec: - metadata: name: fortigate-rootdisk spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 storage: resources: requests: From 1a44751d9473cf6c0872d2275975995b04cc4edd Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 11:23:52 +0200 Subject: [PATCH 51/66] comment out secretref --- firewall-s3/vm/fortigate.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index caaaf55..f026b4c 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -10,8 +10,8 @@ spec: spec: source: http: - url: http://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2 - secretRef: s3-virt-credentials + url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" + #secretRef: s3-virt-credentials storage: resources: requests: From 8e7ea5767393ac1428a636e221f1df1f9f322169 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 16:57:00 +0200 Subject: [PATCH 52/66] multi interface test --- firewall-s3/vm/fortigate.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index f026b4c..40dc30b 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -39,11 +39,15 @@ spec: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: default + - name: public + masquerade: {} + ports: + - port: 500 + - port: 4500 + - name: internal masquerade: {} ports: - port: 443 - - port: 22 disks: - disk: bus: sata From bd27459945d1c6d6389dbdffa3fbd3179403d2a3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 17:31:31 +0200 Subject: [PATCH 53/66] revert changes --- firewall-s3/vm/fortigate.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 40dc30b..3a36963 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -39,15 +39,11 @@ spec: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: public + - name: default masquerade: {} ports: - port: 500 - port: 4500 - - name: internal - masquerade: {} - ports: - - port: 443 disks: - disk: bus: sata From 1e611e5621291a193497f85684f11e5d3a907b4d Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 17:40:47 +0200 Subject: [PATCH 54/66] added network defs --- firewall-s3/vm/fortigate.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 3a36963..23c00e5 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -56,7 +56,9 @@ spec: memory: 4Gi cpu: 2 networks: - - name: default + - name: external + pod: {} + - name: internal pod: {} terminationGracePeriodSeconds: 180 volumes: From 070ef198ed7fc9fb738280277a8bdb4f15f7a053 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 17:50:44 +0200 Subject: [PATCH 55/66] add networks --- firewall-s3/vm/fortigate.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 23c00e5..6e0a2ef 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -39,7 +39,12 @@ spec: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: default + - name: internal + masquerade: {} + ports: + - port: 500 + - port: 4500 + - name: external masquerade: {} ports: - port: 500 From 4cf5bfcceb87039f96211b2acfc7c6f37c09eabb Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 8 Jul 2025 17:58:30 +0200 Subject: [PATCH 56/66] mutlus required --- firewall-s3/vm/fortigate.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 6e0a2ef..582ec8e 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -44,11 +44,11 @@ spec: ports: - port: 500 - port: 4500 - - name: external - masquerade: {} - ports: - - port: 500 - - port: 4500 + #- name: external + # masquerade: {} + # ports: + # - port: 500 + # - port: 4500 disks: - disk: bus: sata @@ -61,8 +61,8 @@ spec: memory: 4Gi cpu: 2 networks: - - name: external - pod: {} + #- name: external + # pod: {} - name: internal pod: {} terminationGracePeriodSeconds: 180 From 410cb991734707318cf1463ec669b2f59711d8ae Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:00:51 +0200 Subject: [PATCH 57/66] change port and add lb --- firewall-s3/vm/fortigate.yaml | 21 +++++------------- network/ks-lb.yaml | 2 +- network/loadbalancers/fortigate-lb.yaml | 29 +++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 16 deletions(-) create mode 100644 network/loadbalancers/fortigate-lb.yaml diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 582ec8e..5fd7914 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -3,6 +3,8 @@ kind: VirtualMachine metadata: name: fortigate-s3 namespace: ${TENANT_NAMESPACE} + annotations: + #kubevirt.io/allow-pod-bridge-network-live-migration: spec: dataVolumeTemplates: - metadata: @@ -29,26 +31,17 @@ spec: guest: 4Gi features: acpi: {} - smm: + smm: enabled: true firmware: bootloader: efi: - secureBoot: true devices: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: internal - masquerade: {} - ports: - - port: 500 - - port: 4500 - #- name: external - # masquerade: {} - # ports: - # - port: 500 - # - port: 4500 + - name: external + bridge: {} disks: - disk: bus: sata @@ -61,9 +54,7 @@ spec: memory: 4Gi cpu: 2 networks: - #- name: external - # pod: {} - - name: internal + - name: external pod: {} terminationGracePeriodSeconds: 180 volumes: diff --git a/network/ks-lb.yaml b/network/ks-lb.yaml index bfb3107..25ae3ef 100644 --- a/network/ks-lb.yaml +++ b/network/ks-lb.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app windows-lb + name: &app lb namespace: ${TENANT_NAMESPACE} spec: commonMetadata: diff --git a/network/loadbalancers/fortigate-lb.yaml b/network/loadbalancers/fortigate-lb.yaml new file mode 100644 index 0000000..13f8eae --- /dev/null +++ b/network/loadbalancers/fortigate-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + - port: 22 + name: ssh + targetPort: 22 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-s3 \ No newline at end of file From da7f7f73c148b7abd93073f20265a8c1946d55c5 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:02:58 +0200 Subject: [PATCH 58/66] added object --- firewall-s3/vm/fortigate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 5fd7914..51cd118 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -35,7 +35,7 @@ spec: enabled: true firmware: bootloader: - efi: + efi: {} devices: rng: {} networkInterfaceMultiqueue: true From 516c1bd03493c5655bbf8e2bc8d3f7e28d9309fe Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:07:05 +0200 Subject: [PATCH 59/66] added secure boot again --- firewall-s3/vm/fortigate.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 51cd118..8964c92 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -35,7 +35,8 @@ spec: enabled: true firmware: bootloader: - efi: {} + efi: + secureBoot: true devices: rng: {} networkInterfaceMultiqueue: true From 6a719ccdc8fdcb4c0c3b218f11eeaf447700f468 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:08:25 +0200 Subject: [PATCH 60/66] set SB to false --- firewall-s3/vm/fortigate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 8964c92..4d462bb 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -36,7 +36,7 @@ spec: firmware: bootloader: efi: - secureBoot: true + secureBoot: false devices: rng: {} networkInterfaceMultiqueue: true From 9980d50b0711b479cc0622ac1124618b3a32b3c3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:34:37 +0200 Subject: [PATCH 61/66] test with masq --- firewall-s3/vm/fortigate.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 4d462bb..755f5ea 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -42,7 +42,12 @@ spec: networkInterfaceMultiqueue: true interfaces: - name: external - bridge: {} + masquerade: {} + ports: + - port: 4500 + - port: 443 + - port: 22 + - port: 500 disks: - disk: bus: sata From f76153ff5dc34551de5515a48a85ab72b4ee4ce4 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 22 Jul 2025 10:47:20 +0200 Subject: [PATCH 62/66] new test of fortigate for KSD --- firewall-dev/ks-vm.yaml | 18 ----- firewall-dev/vm/fortigate.yaml | 64 ----------------- firewall-s3/ks-vm.yaml | 2 +- .../vm/ksd/loadbalancers/fortigate-wan.yaml | 30 ++++++++ .../vm/ksd/network-definitions/lan.yaml | 20 ++++++ .../vm/ksd/network-definitions/mgmt.yaml | 14 ++++ firewall-s3/vm/{ => ksd/vm}/fortigate.yaml | 38 ++++++---- firewall/ks-vm.yaml | 18 ----- firewall/vm/fortigate.yaml | 72 ------------------- ubuntu-vm-1/ubuntu/ubuntu-vm.yaml | 16 +++-- 10 files changed, 97 insertions(+), 195 deletions(-) delete mode 100644 firewall-dev/ks-vm.yaml delete mode 100644 firewall-dev/vm/fortigate.yaml create mode 100644 firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml create mode 100644 firewall-s3/vm/ksd/network-definitions/lan.yaml create mode 100644 firewall-s3/vm/ksd/network-definitions/mgmt.yaml rename firewall-s3/vm/{ => ksd/vm}/fortigate.yaml (66%) delete mode 100644 firewall/ks-vm.yaml delete mode 100644 firewall/vm/fortigate.yaml diff --git a/firewall-dev/ks-vm.yaml b/firewall-dev/ks-vm.yaml deleted file mode 100644 index aa1db72..0000000 --- a/firewall-dev/ks-vm.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app fortigate-dev - namespace: ${TENANT_NAMESPACE} -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./firewall-dev/vm - prune: true - sourceRef: - kind: GitRepository - name: tenant-repos - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m \ No newline at end of file diff --git a/firewall-dev/vm/fortigate.yaml b/firewall-dev/vm/fortigate.yaml deleted file mode 100644 index e0b92a8..0000000 --- a/firewall-dev/vm/fortigate.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: kubevirt.io/v1 -kind: VirtualMachine -metadata: - name: fortigate-dev - namespace: ${TENANT_NAMESPACE} -spec: - dataVolumeTemplates: - - metadata: - name: fortigate-rootdisk-dev - spec: - source: - http: - url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 - storage: - resources: - requests: - storage: 30Gi - runStrategy: Always - template: - metadata: - labels: - kubevirt.io/domain: fortigate-dev - spec: - domain: - cpu: - cores: 2 - memory: - guest: 4Gi - features: - acpi: {} - smm: - enabled: true - firmware: - bootloader: - efi: - secureBoot: true - devices: - rng: {} - networkInterfaceMultiqueue: true - interfaces: - - name: default - masquerade: {} - ports: - - port: 443 - - port: 22 - disks: - - disk: - bus: sata - name: rootdisk - resources: - requests: - memory: 4Gi - cpu: 2 - limits: - memory: 4Gi - cpu: 2 - networks: - - name: default - pod: {} - terminationGracePeriodSeconds: 180 - volumes: - - name: rootdisk - dataVolume: - name: fortigate-rootdisk-dev \ No newline at end of file diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml index a365abc..61e2924 100644 --- a/firewall-s3/ks-vm.yaml +++ b/firewall-s3/ks-vm.yaml @@ -7,7 +7,7 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./firewall-s3/vm + path: ./firewall-s3/vm/ksd prune: true sourceRef: kind: GitRepository diff --git a/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml b/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml new file mode 100644 index 0000000..00ea2c3 --- /dev/null +++ b/firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + #- port: 22 + # name: ssh + # targetPort: 22 + # protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/vm/ksd/network-definitions/lan.yaml b/firewall-s3/vm/ksd/network-definitions/lan.yaml new file mode 100644 index 0000000..ccc343b --- /dev/null +++ b/firewall-s3/vm/ksd/network-definitions/lan.yaml @@ -0,0 +1,20 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: lan-net + namespace: ${TENANT_NAMESPACE} +spec: + config: '{ + "cniVersion": "0.3.1", + "type": "bridge", + "bridge": "br-lan", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "172.168.100.2/24", + "gateway": "172.168.100.1" + } + ] + } + }' \ No newline at end of file diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml new file mode 100644 index 0000000..a1e6f34 --- /dev/null +++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml @@ -0,0 +1,14 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: mgmt-net + namespace: ${TENANT_NAMESPACE} +spec: + config: '{ + "cniVersion": "0.3.1", + "type": "bridge", + "bridge": "br-mgmt", + "ipam": { + "type": "dhcp" + } + }' \ No newline at end of file diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/ksd/vm/fortigate.yaml similarity index 66% rename from firewall-s3/vm/fortigate.yaml rename to firewall-s3/vm/ksd/vm/fortigate.yaml index 755f5ea..83562dd 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/ksd/vm/fortigate.yaml @@ -1,14 +1,12 @@ apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: - name: fortigate-s3 + name: fortigate-ksd namespace: ${TENANT_NAMESPACE} - annotations: - #kubevirt.io/allow-pod-bridge-network-live-migration: spec: dataVolumeTemplates: - metadata: - name: fortigate-rootdisk-s3 + name: fortigate-rootdisk-ksd spec: source: http: @@ -22,16 +20,16 @@ spec: template: metadata: labels: - kubevirt.io/domain: fortigate-s3 + kubevirt.io/domain: fortigate-ksd spec: domain: cpu: - cores: 2 + cores: 1 memory: - guest: 4Gi + guest: 2Gi features: acpi: {} - smm: + smm: enabled: true firmware: bootloader: @@ -41,29 +39,39 @@ spec: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: external + - name: wan masquerade: {} ports: - port: 4500 - port: 443 - port: 22 - port: 500 + - name: mgmt + bridge: {} + - name: lan + bridge: {} disks: - disk: bus: sata name: rootdisk resources: requests: - memory: 4Gi - cpu: 2 + memory: 2Gi + cpu: 1 limits: - memory: 4Gi - cpu: 2 + memory: 2Gi + cpu: 1 networks: - - name: external + - name: wan pod: {} + - name: mgmt + multus: + networkName: ${TENANT_NAMESPACE}/mgmt-net + - name: lan + multus: + networkName: ${TENANT_NAMESPACE}/lan-net terminationGracePeriodSeconds: 180 volumes: - name: rootdisk dataVolume: - name: fortigate-rootdisk-s3 \ No newline at end of file + name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/firewall/ks-vm.yaml b/firewall/ks-vm.yaml deleted file mode 100644 index 257d4ce..0000000 --- a/firewall/ks-vm.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app fortigate - namespace: ${TENANT_NAMESPACE} -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./firewall/vm - prune: true - sourceRef: - kind: GitRepository - name: tenant-repos - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m \ No newline at end of file diff --git a/firewall/vm/fortigate.yaml b/firewall/vm/fortigate.yaml deleted file mode 100644 index b0f6236..0000000 --- a/firewall/vm/fortigate.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: kubevirt.io/v1 -kind: VirtualMachine -metadata: - name: fortigate - namespace: ${TENANT_NAMESPACE} -spec: - dataVolumeTemplates: - - metadata: - name: fortigate-rootdisk - spec: - source: - http: - url: http://nginx.demo.svc.cluster.local:80/fortios_v7_6_3.qcow2 - storage: - resources: - requests: - storage: 30Gi - runStrategy: Always - template: - metadata: - labels: - kubevirt.io/domain: fortigate - spec: - domain: - cpu: - cores: 2 - memory: - guest: 4Gi - devices: - rng: {} - networkInterfaceMultiqueue: true - interfaces: - - name: default - masquerade: {} - ports: - - port: 80 - - port: 443 - - port: 22 - - port: 2222 - - port: 5050 - disks: - - disk: - bus: sata - name: rootdisk - # - disk: - # bus: scsi - # name: datadisk - # - disk: - # bus: scsi - # name: cloudinitdisk - resources: - requests: - memory: 4Gi - cpu: 2 - limits: - memory: 4Gi - cpu: 2 - networks: - - name: default - pod: {} - terminationGracePeriodSeconds: 180 - volumes: - - name: rootdisk - dataVolume: - name: fortigate-rootdisk - # - name: datadisk - # persistentVolumeClaim: - # claimName: gitlab-datadisk - # - name: cloudinitdisk - # cloudInitNoCloud: - # secretRef: - # name: gitlab-cloud-init \ No newline at end of file diff --git a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml index af8a38c..31e1d2e 100644 --- a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml @@ -38,11 +38,13 @@ spec: cloudInitNoCloud: userData: | #cloud-config - hostname: ubuntu-vm-1 - ssh_pwauth: True users: - - name: ubuntu - ssh-authorized-keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu - sudo: ['ALL=(ALL) NOPASSWD:ALL'] - shell: /bin/bash \ No newline at end of file + - name: testuser + groups: [sudo] + sudo: "ALL=(ALL) NOPASSWD:ALL" + lock_passwd: false + passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" + + chpasswd: + expire: false + ssh_pwauth: true \ No newline at end of file From b15d8e68826d01e235161fe1664d858837e82946 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Tue, 22 Jul 2025 12:16:37 +0200 Subject: [PATCH 63/66] changed NAD to static to test --- .../vm/ksd/network-definitions/mgmt.yaml | 8 +- firewall-s3/vm/ksd/vm/strongswan.yaml | 73 +++++++++++++++++++ 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 firewall-s3/vm/ksd/vm/strongswan.yaml diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml index a1e6f34..7be17a8 100644 --- a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml +++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml @@ -9,6 +9,12 @@ spec: "type": "bridge", "bridge": "br-mgmt", "ipam": { - "type": "dhcp" + "type": "static", + "addresses": [ + { + "address": "192.168.10.100/24", + "gateway": "192.168.10.1" + } + ] } }' \ No newline at end of file diff --git a/firewall-s3/vm/ksd/vm/strongswan.yaml b/firewall-s3/vm/ksd/vm/strongswan.yaml new file mode 100644 index 0000000..e346a59 --- /dev/null +++ b/firewall-s3/vm/ksd/vm/strongswan.yaml @@ -0,0 +1,73 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: strongswan + namespace: ${TENANT_NAMESPACE} +spec: + running: true + template: + metadata: + labels: + kubevirt.io/domain: strongswan + spec: + domain: + cpu: + cores: 2 + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 + memory: + guest: 2Gi + devices: + rng: {} + networkInterfaceMultiqueue: true + disks: + - name: containerdisk + disk: + bus: virtio + - name: cloudinitdisk + disk: + bus: virtio + interfaces: + - name: wan + masquerade: {} + ports: + - port: 4500 + - port: 443 + - port: 22 + - port: 500 + - name: mgmt + bridge: {} + - name: lan + bridge: {} + networks: + - name: wan + pod: {} + - name: mgmt + multus: + networkName: ${TENANT_NAMESPACE}/mgmt-net + - name: lan + multus: + networkName: ${TENANT_NAMESPACE}/lan-net + terminationGracePeriodSeconds: 180 + volumes: + - name: containerdisk + containerDisk: + image: quay.io/containerdisks/ubuntu:22.04 + - name: cloudinitdisk + cloudInitNoCloud: + userData: | + #cloud-config + users: + - name: testuser + groups: [sudo] + sudo: "ALL=(ALL) NOPASSWD:ALL" + lock_passwd: false + passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" + chpasswd: + expire: false + ssh_pwauth: true \ No newline at end of file From fb1c82659fd7ccd547388522da35dce7c2d2dd38 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 11:29:24 +0200 Subject: [PATCH 64/66] Update kustomization --- firewall-s3/ks-vm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml index 61e2924..827133e 100644 --- a/firewall-s3/ks-vm.yaml +++ b/firewall-s3/ks-vm.yaml @@ -7,7 +7,7 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./firewall-s3/vm/ksd + path: ./firewall-s3 prune: true sourceRef: kind: GitRepository From c84c1fcd788476ff1d39635753c3c8d17dc8b3f6 Mon Sep 17 00:00:00 2001 From: Efstratios Kolovos Date: Tue, 22 Jul 2025 13:02:04 +0200 Subject: [PATCH 65/66] Add test-connectivity --- .../loadbalancers/fortigate-wan.yaml | 30 ++++++++ .../network-definitions/lan.yaml | 20 +++++ .../network-definitions/mgmt.yaml | 20 +++++ .../test-connectivity/vm/fortigate.yaml | 77 +++++++++++++++++++ .../test-connectivity/vm/strongswan.yaml | 73 ++++++++++++++++++ 5 files changed, 220 insertions(+) create mode 100644 firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml create mode 100644 firewall-s3/test-connectivity/network-definitions/lan.yaml create mode 100644 firewall-s3/test-connectivity/network-definitions/mgmt.yaml create mode 100644 firewall-s3/test-connectivity/vm/fortigate.yaml create mode 100644 firewall-s3/test-connectivity/vm/strongswan.yaml diff --git a/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml new file mode 100644 index 0000000..fd0a1db --- /dev/null +++ b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb-test + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + #- port: 22 + # name: ssh + # targetPort: 22 + # protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/test-connectivity/network-definitions/lan.yaml b/firewall-s3/test-connectivity/network-definitions/lan.yaml new file mode 100644 index 0000000..1c32a21 --- /dev/null +++ b/firewall-s3/test-connectivity/network-definitions/lan.yaml @@ -0,0 +1,20 @@ +# apiVersion: "k8s.cni.cncf.io/v1" +# kind: NetworkAttachmentDefinition +# metadata: +# name: lan-net +# namespace: ${TENANT_NAMESPACE} +# spec: +# config: '{ +# "cniVersion": "0.3.1", +# "type": "bridge", +# "bridge": "br-lan", +# "ipam": { +# "type": "static", +# "addresses": [ +# { +# "address": "172.168.100.2/24", +# "gateway": "172.168.100.1" +# } +# ] +# } +# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/network-definitions/mgmt.yaml b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml new file mode 100644 index 0000000..1f18275 --- /dev/null +++ b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml @@ -0,0 +1,20 @@ +# apiVersion: "k8s.cni.cncf.io/v1" +# kind: NetworkAttachmentDefinition +# metadata: +# name: mgmt-net +# namespace: ${TENANT_NAMESPACE} +# spec: +# config: '{ +# "cniVersion": "0.3.1", +# "type": "bridge", +# "bridge": "br-mgmt", +# "ipam": { +# "type": "static", +# "addresses": [ +# { +# "address": "192.168.10.100/24", +# "gateway": "192.168.10.1" +# } +# ] +# } +# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/fortigate.yaml b/firewall-s3/test-connectivity/vm/fortigate.yaml new file mode 100644 index 0000000..d1d61bf --- /dev/null +++ b/firewall-s3/test-connectivity/vm/fortigate.yaml @@ -0,0 +1,77 @@ +# apiVersion: kubevirt.io/v1 +# kind: VirtualMachine +# metadata: +# name: fortigate-ksd +# namespace: ${TENANT_NAMESPACE} +# spec: +# dataVolumeTemplates: +# - metadata: +# name: fortigate-rootdisk-ksd +# spec: +# source: +# http: +# url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" +# #secretRef: s3-virt-credentials +# storage: +# resources: +# requests: +# storage: 30Gi +# runStrategy: Always +# template: +# metadata: +# labels: +# kubevirt.io/domain: fortigate-ksd +# spec: +# domain: +# cpu: +# cores: 1 +# memory: +# guest: 2Gi +# features: +# acpi: {} +# smm: +# enabled: true +# firmware: +# bootloader: +# efi: +# secureBoot: false +# devices: +# rng: {} +# networkInterfaceMultiqueue: true +# interfaces: +# - name: wan +# masquerade: {} +# ports: +# - port: 4500 +# - port: 443 +# - port: 22 +# - port: 500 +# - name: mgmt +# bridge: {} +# - name: lan +# bridge: {} +# disks: +# - disk: +# bus: sata +# name: rootdisk +# resources: +# requests: +# memory: 2Gi +# cpu: 1 +# limits: +# memory: 2Gi +# cpu: 1 +# networks: +# - name: wan +# pod: {} +# - name: mgmt +# multus: +# networkName: ${TENANT_NAMESPACE}/mgmt-net +# - name: lan +# multus: +# networkName: ${TENANT_NAMESPACE}/lan-net +# terminationGracePeriodSeconds: 180 +# volumes: +# - name: rootdisk +# dataVolume: +# name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/strongswan.yaml b/firewall-s3/test-connectivity/vm/strongswan.yaml new file mode 100644 index 0000000..f982232 --- /dev/null +++ b/firewall-s3/test-connectivity/vm/strongswan.yaml @@ -0,0 +1,73 @@ +# apiVersion: kubevirt.io/v1 +# kind: VirtualMachine +# metadata: +# name: strongswan +# namespace: ${TENANT_NAMESPACE} +# spec: +# running: true +# template: +# metadata: +# labels: +# kubevirt.io/domain: strongswan +# spec: +# domain: +# cpu: +# cores: 2 +# resources: +# requests: +# memory: 2Gi +# cpu: 1 +# limits: +# memory: 2Gi +# cpu: 2 +# memory: +# guest: 2Gi +# devices: +# rng: {} +# networkInterfaceMultiqueue: true +# disks: +# - name: containerdisk +# disk: +# bus: virtio +# - name: cloudinitdisk +# disk: +# bus: virtio +# interfaces: +# - name: wan +# masquerade: {} +# ports: +# - port: 4500 +# - port: 443 +# - port: 22 +# - port: 500 +# - name: mgmt +# bridge: {} +# - name: lan +# bridge: {} +# networks: +# - name: wan +# pod: {} +# - name: mgmt +# multus: +# networkName: ${TENANT_NAMESPACE}/mgmt-net +# - name: lan +# multus: +# networkName: ${TENANT_NAMESPACE}/lan-net +# terminationGracePeriodSeconds: 180 +# volumes: +# - name: containerdisk +# containerDisk: +# image: quay.io/containerdisks/ubuntu:22.04 +# - name: cloudinitdisk +# cloudInitNoCloud: +# userData: | +# #cloud-config +# users: +# - name: testuser +# groups: [sudo] +# sudo: "ALL=(ALL) NOPASSWD:ALL" +# lock_passwd: false +# passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" +# chpasswd: +# expire: false +# ssh_pwauth: true \ No newline at end of file From 94a23cce8e226ff3dc1f2bceff9dd6e15e721bda Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 22 Jul 2025 11:13:55 +0000 Subject: [PATCH 66/66] feat(docker-image)!: Update quay.io/containerdisks/ubuntu Docker tag to v24 --- firewall-s3/vm/ksd/vm/strongswan.yaml | 2 +- ubuntu-vm-1/ubuntu/ubuntu-vm.yaml | 2 +- ubuntu-vm-2/ubuntu/ubuntu-vm.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/firewall-s3/vm/ksd/vm/strongswan.yaml b/firewall-s3/vm/ksd/vm/strongswan.yaml index e346a59..8ef5371 100644 --- a/firewall-s3/vm/ksd/vm/strongswan.yaml +++ b/firewall-s3/vm/ksd/vm/strongswan.yaml @@ -57,7 +57,7 @@ spec: volumes: - name: containerdisk containerDisk: - image: quay.io/containerdisks/ubuntu:22.04 + image: quay.io/containerdisks/ubuntu:24.04 - name: cloudinitdisk cloudInitNoCloud: userData: | diff --git a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml index 31e1d2e..0591d23 100644 --- a/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-1/ubuntu/ubuntu-vm.yaml @@ -33,7 +33,7 @@ spec: volumes: - name: containerdisk containerDisk: - image: quay.io/containerdisks/ubuntu:22.04 + image: quay.io/containerdisks/ubuntu:24.04 - name: cloudinitdisk cloudInitNoCloud: userData: | diff --git a/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml index 78e909a..85e3a0d 100644 --- a/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml +++ b/ubuntu-vm-2/ubuntu/ubuntu-vm.yaml @@ -33,7 +33,7 @@ spec: volumes: - name: containerdisk containerDisk: - image: quay.io/containerdisks/ubuntu:22.04 + image: quay.io/containerdisks/ubuntu:24.04 - name: cloudinitdisk cloudInitNoCloud: userData: |