diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..23b6552 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +*.sh text eol=lf +*.yml text eol=lf +*.yaml text eol=lf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4949f76 --- /dev/null +++ b/.gitignore @@ -0,0 +1,33 @@ +# Eclipse +.project +.classpath +.settings/ +bin/ + +# IntelliJ +.idea +*.ipr +*.iml +*.iws + +# NetBeans +nb-configuration.xml + +# Visual Studio Code +.vscode +.factorypath + +# OSX +.DS_Store + +# Vim +*.swp +*.swo + +# patch +*.orig +*.rej + +# Local environment +.env + diff --git a/container/debug2/alpine.yaml b/container/debug2/alpine.yaml new file mode 100644 index 0000000..e272e52 --- /dev/null +++ b/container/debug2/alpine.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: alpine-test2 + namespace: ${TENANT_NAMESPACE} +spec: + containers: + - name: alpine2 + image: alpine:latest + command: ["/bin/sh"] + args: ["-c", "while true; do sleep 3600; done"] + stdin: true + tty: true + restartPolicy: Never \ No newline at end of file diff --git a/firewall-s3/ks-vm.yaml b/firewall-s3/ks-vm.yaml index 827133e..61e2924 100644 --- a/firewall-s3/ks-vm.yaml +++ b/firewall-s3/ks-vm.yaml @@ -7,7 +7,7 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app - path: ./firewall-s3 + path: ./firewall-s3/vm/ksd prune: true sourceRef: kind: GitRepository diff --git a/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml b/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml deleted file mode 100644 index fd0a1db..0000000 --- a/firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: fortigate-lb-test - namespace: ${TENANT_NAMESPACE} - labels: - app.kubernetes.io/component: fortigate-lb -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ports: - - port: 4500 - name: ipsec-nat - targetPort: 4500 - protocol: UDP - - port: 500 - name: key-management - targetPort: 500 - protocol: UDP - #- port: 22 - # name: ssh - # targetPort: 22 - # protocol: TCP - - port: 443 - name: https - targetPort: 443 - protocol: TCP - selector: - kubevirt.io/domain: fortigate-ksd diff --git a/firewall-s3/test-connectivity/network-definitions/lan.yaml b/firewall-s3/test-connectivity/network-definitions/lan.yaml deleted file mode 100644 index 1c32a21..0000000 --- a/firewall-s3/test-connectivity/network-definitions/lan.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# apiVersion: "k8s.cni.cncf.io/v1" -# kind: NetworkAttachmentDefinition -# metadata: -# name: lan-net -# namespace: ${TENANT_NAMESPACE} -# spec: -# config: '{ -# "cniVersion": "0.3.1", -# "type": "bridge", -# "bridge": "br-lan", -# "ipam": { -# "type": "static", -# "addresses": [ -# { -# "address": "172.168.100.2/24", -# "gateway": "172.168.100.1" -# } -# ] -# } -# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/network-definitions/mgmt.yaml b/firewall-s3/test-connectivity/network-definitions/mgmt.yaml deleted file mode 100644 index 1f18275..0000000 --- a/firewall-s3/test-connectivity/network-definitions/mgmt.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# apiVersion: "k8s.cni.cncf.io/v1" -# kind: NetworkAttachmentDefinition -# metadata: -# name: mgmt-net -# namespace: ${TENANT_NAMESPACE} -# spec: -# config: '{ -# "cniVersion": "0.3.1", -# "type": "bridge", -# "bridge": "br-mgmt", -# "ipam": { -# "type": "static", -# "addresses": [ -# { -# "address": "192.168.10.100/24", -# "gateway": "192.168.10.1" -# } -# ] -# } -# }' \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/fortigate.yaml b/firewall-s3/test-connectivity/vm/fortigate.yaml deleted file mode 100644 index d1d61bf..0000000 --- a/firewall-s3/test-connectivity/vm/fortigate.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# apiVersion: kubevirt.io/v1 -# kind: VirtualMachine -# metadata: -# name: fortigate-ksd -# namespace: ${TENANT_NAMESPACE} -# spec: -# dataVolumeTemplates: -# - metadata: -# name: fortigate-rootdisk-ksd -# spec: -# source: -# http: -# url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2" -# #secretRef: s3-virt-credentials -# storage: -# resources: -# requests: -# storage: 30Gi -# runStrategy: Always -# template: -# metadata: -# labels: -# kubevirt.io/domain: fortigate-ksd -# spec: -# domain: -# cpu: -# cores: 1 -# memory: -# guest: 2Gi -# features: -# acpi: {} -# smm: -# enabled: true -# firmware: -# bootloader: -# efi: -# secureBoot: false -# devices: -# rng: {} -# networkInterfaceMultiqueue: true -# interfaces: -# - name: wan -# masquerade: {} -# ports: -# - port: 4500 -# - port: 443 -# - port: 22 -# - port: 500 -# - name: mgmt -# bridge: {} -# - name: lan -# bridge: {} -# disks: -# - disk: -# bus: sata -# name: rootdisk -# resources: -# requests: -# memory: 2Gi -# cpu: 1 -# limits: -# memory: 2Gi -# cpu: 1 -# networks: -# - name: wan -# pod: {} -# - name: mgmt -# multus: -# networkName: ${TENANT_NAMESPACE}/mgmt-net -# - name: lan -# multus: -# networkName: ${TENANT_NAMESPACE}/lan-net -# terminationGracePeriodSeconds: 180 -# volumes: -# - name: rootdisk -# dataVolume: -# name: fortigate-rootdisk-ksd \ No newline at end of file diff --git a/firewall-s3/test-connectivity/vm/strongswan.yaml b/firewall-s3/test-connectivity/vm/strongswan.yaml deleted file mode 100644 index f982232..0000000 --- a/firewall-s3/test-connectivity/vm/strongswan.yaml +++ /dev/null @@ -1,73 +0,0 @@ -# apiVersion: kubevirt.io/v1 -# kind: VirtualMachine -# metadata: -# name: strongswan -# namespace: ${TENANT_NAMESPACE} -# spec: -# running: true -# template: -# metadata: -# labels: -# kubevirt.io/domain: strongswan -# spec: -# domain: -# cpu: -# cores: 2 -# resources: -# requests: -# memory: 2Gi -# cpu: 1 -# limits: -# memory: 2Gi -# cpu: 2 -# memory: -# guest: 2Gi -# devices: -# rng: {} -# networkInterfaceMultiqueue: true -# disks: -# - name: containerdisk -# disk: -# bus: virtio -# - name: cloudinitdisk -# disk: -# bus: virtio -# interfaces: -# - name: wan -# masquerade: {} -# ports: -# - port: 4500 -# - port: 443 -# - port: 22 -# - port: 500 -# - name: mgmt -# bridge: {} -# - name: lan -# bridge: {} -# networks: -# - name: wan -# pod: {} -# - name: mgmt -# multus: -# networkName: ${TENANT_NAMESPACE}/mgmt-net -# - name: lan -# multus: -# networkName: ${TENANT_NAMESPACE}/lan-net -# terminationGracePeriodSeconds: 180 -# volumes: -# - name: containerdisk -# containerDisk: -# image: quay.io/containerdisks/ubuntu:22.04 -# - name: cloudinitdisk -# cloudInitNoCloud: -# userData: | -# #cloud-config -# users: -# - name: testuser -# groups: [sudo] -# sudo: "ALL=(ALL) NOPASSWD:ALL" -# lock_passwd: false -# passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" -# chpasswd: -# expire: false -# ssh_pwauth: true \ No newline at end of file diff --git a/firewall-s3/vm/ksd/network-definitions/lan.yaml b/firewall-s3/vm/ksd/network-definitions/lan.yaml index ccc343b..db390ad 100644 --- a/firewall-s3/vm/ksd/network-definitions/lan.yaml +++ b/firewall-s3/vm/ksd/network-definitions/lan.yaml @@ -12,7 +12,7 @@ spec: "type": "static", "addresses": [ { - "address": "172.168.100.2/24", + "address": "172.168.100.0/24", "gateway": "172.168.100.1" } ] diff --git a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml index 7be17a8..9917a83 100644 --- a/firewall-s3/vm/ksd/network-definitions/mgmt.yaml +++ b/firewall-s3/vm/ksd/network-definitions/mgmt.yaml @@ -12,7 +12,7 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.10.100/24", + "address": "192.168.10.0/24", "gateway": "192.168.10.1" } ] diff --git a/kustomization.yaml b/kustomization.yaml index 8aec8be..4ed98a0 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -4,8 +4,6 @@ resources: - vars/ks.yaml - repos/ks.yaml - network/ks-lb.yaml - - firewall/ks-vm.yaml - - firewall-dev/ks-vm.yaml - firewall-s3/ks-vm.yaml - windows-vm-standard/ks-vm.yaml - windows-vm-standard/ks-pvc.yaml @@ -13,9 +11,15 @@ resources: - windows-vm-standard-dev/ks-pvc.yaml - ubuntu-vm-1/ks.yaml - ubuntu-vm-2/ks.yaml + - ubuntu-vm-3/ks.yaml + - ubuntu-vm-4-john/ks.yaml - container/ks-debug.yaml - templates/image-server/ks-nginx.yaml - templates/image-server/ks-pvc.yaml - templates/image-server/ks-route.yaml - templates/windowsserver/ks-flavor.yaml - - templates/windowsserver-rh/ks-flavor.yaml \ No newline at end of file + - templates/windowsserver-rh/ks-flavor.yaml + - postgres/ks.yaml +# - windows-vm-standard-john/ks-vm.yaml +# - windows-vm-standard-john/ks-pvc.yaml +# - windows-vm-standard-john/windows-lb.yaml diff --git a/postgres/app/helmrelease.yaml b/postgres/app/helmrelease.yaml new file mode 100644 index 0000000..9af65c0 --- /dev/null +++ b/postgres/app/helmrelease.yaml @@ -0,0 +1,122 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgres + namespace: ${TENANT_NAMESPACE} +spec: + serviceAccountName: ${TECHNICAL_ACCOUNT} + interval: 30m + chart: + spec: + chart: cluster + version: 0.3.1 + sourceRef: + kind: HelmRepository + name: cloudnative-pg + namespace: ${TENANT_NAMESPACE} + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + # check the complete configuration options at + # https://raw.githubusercontent.com/cloudnative-pg/charts/refs/tags/cluster-v0.3.1/charts/cluster/values.yaml + type: postgresql + mode: standalone + version: + postgresql: "17.5" + cluster: + instances: 3 + storage: + size: 10Gi + # default storage class on ai-2 cluster, on basel or staging you + # should use 'ocs-storagecluster-ceph-rbd' instead + storageClass: ibm-spectrum-scale-fileset + walStorage: + # It's not mandatory to split WAL from the main data volume. + # However, doing so helps to avoid issues with the main data volume + # in cases where WAL exporting to the backup server experiences + # issues. For example, in scenarios where there's network congestion + # or even failures, the WAL may end up accumulating too much data + # to the point where the volume fills up, blocking the cluster from + # operating properly. + enabled: true + size: 10Gi + storageClass: ibm-spectrum-scale-fileset + resources: + requests: + cpu: "500m" + memory: 1Gi + limits: + cpu: "1" + memory: 1Gi + enableSuperuserAccess: true + superuserSecret: postgres-superuser + affinity: + topologyKey: failure-domain.beta.kubernetes.io/zone + postgresql: + parameters: + shared_buffers: 256MB + max_connections: "400" + initdb: + database: app + owner: app + options: [] + encoding: UTF8 + backups: + # As indicated by the 'enabled' flag, backups are disabled on + # this deployment. But the remaining of the block serves as an + # example of how to configure this cluster to export backups to + # a S3 bucket hosted on a MinIO server. + # + # For more information, refer to the helm chart's values.yaml + # or the official documentation at + # https://cloudnative-pg.io/documentation/1.26/backup/ + enabled: false + endpointURL: https://glacier-1.kvant.cloud + provider: s3 + s3: + bucket: phoenix-openshift-backups + path: /demo-postgres + # Ideally, you will never commit credentials in plain text; + # these values are here just for illustration. For a way to + # properly load them from kubernetes' secrets, refer to the + # commented-ou section 'valuesFrom' placed right below + accessKey: your-access-key + secretKey: your-secret-key + secret: + create: true + wal: + # If exporting to MinIO S3, you may have to disable encryption. + # This is how you achieve it + encryption: "" + data: + encryption: "" + scheduledBackups: + # You can give it any name and change the scheduled time to what + # fits your strategy. This serves as an example of how to configure + # the cluster to export a daily backup to the S3 bucket using + # barman object storage. You can also back up volumes instead. + # Check the backup documentation to find more information on + # which option suits you best. + - name: daily-minio + schedule: "@daily" + backupOwnerReference: self + method: barmanObjectStore + retentionPolicy: "180d" # It is mandatory to match this value with the bucket's retention period +# valuesFrom: +# - kind: Secret +# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair +# valuesKey: ACCESS_KEY_ID # name of the key inside the secret that holds the access key value +# targetPath: backups.s3.accessKey # path of the configuration that will be assigned the access key value +# optional: false +# - kind: Secret +# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair +# valuesKey: ACCESS_SECRET_KEY # name of the key inside the secret that holds the secret key value +# targetPath: backups.s3.secretKey # path of the configuration that will be assigned the secret key value +# optional: false diff --git a/postgres/ks.yaml b/postgres/ks.yaml new file mode 100644 index 0000000..0383647 --- /dev/null +++ b/postgres/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app postgres + namespace: ${TENANT_NAMESPACE} +spec: + targetNamespace: ${TENANT_NAMESPACE} + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./postgres/app + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: true + interval: 10m + retryInterval: 1m + timeout: 5m + dependsOn: + - name: vars diff --git a/repos/helm/cloudnative-pg.yaml b/repos/helm/cloudnative-pg.yaml new file mode 100644 index 0000000..e42af28 --- /dev/null +++ b/repos/helm/cloudnative-pg.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cloudnative-pg + namespace: ${TENANT_NAMESPACE} +spec: + interval: 5m0s + url: https://cloudnative-pg.github.io/charts \ No newline at end of file diff --git a/ubuntu-vm-3/ks.yaml b/ubuntu-vm-3/ks.yaml new file mode 100644 index 0000000..12912dc --- /dev/null +++ b/ubuntu-vm-3/ks.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ubuntu-vm-3 + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./ubuntu-vm-3/ubuntu + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml new file mode 100644 index 0000000..1d08b69 --- /dev/null +++ b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml @@ -0,0 +1,50 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: ubuntu-vm-3 + namespace: ${TENANT_NAMESPACE} +spec: + running: true + template: + metadata: + labels: + kubevirt.io/domain: ubuntu-vm-3 + spec: + domain: + cpu: + cores: 2 + devices: + disks: + - disk: + bus: virtio + name: containerdisk + - disk: + bus: virtio + name: cloudinitdisk + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 + memory: + guest: 2Gi + volumes: + - name: containerdisk + containerDisk: + image: quay.io/containerdisks/ubuntu:24.04 + - name: cloudinitdisk + cloudInitNoCloud: + userData: | + #cloud-config + users: + - name: testuser + groups: [sudo] + sudo: "ALL=(ALL) NOPASSWD:ALL" + lock_passwd: false + passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1" + + chpasswd: + expire: false + ssh_pwauth: true \ No newline at end of file diff --git a/ubuntu-vm-4-john/ks.yaml b/ubuntu-vm-4-john/ks.yaml new file mode 100644 index 0000000..f117b31 --- /dev/null +++ b/ubuntu-vm-4-john/ks.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ubuntu-vm-4-john + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./ubuntu-vm-4-john/ubuntu + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/ubuntu-vm-4-john/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-4-john/ubuntu/ubuntu-vm.yaml new file mode 100644 index 0000000..46a95e5 --- /dev/null +++ b/ubuntu-vm-4-john/ubuntu/ubuntu-vm.yaml @@ -0,0 +1,48 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: ubuntu-vm-4-john + namespace: kubevirt-vms +spec: + running: true + template: + metadata: + labels: + kubevirt.io/domain: ubuntu-vm-4-john + spec: + domain: + cpu: + cores: 2 + devices: + disks: + - disk: + bus: virtio + name: containerdisk + - disk: + bus: virtio + name: cloudinitdisk + resources: + requests: + memory: 2Gi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 + memory: + guest: 2Gi + volumes: + - name: containerdisk + containerDisk: + image: quay.io/containerdisks/ubuntu:24.04 + - name: cloudinitdisk + cloudInitNoCloud: + userData: | + #cloud-config + hostname: ubuntu-vm-2 + ssh_pwauth: True + users: + - name: ubuntu + ssh-authorized-keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu + sudo: ['ALL=(ALL) NOPASSWD:ALL'] + shell: /bin/bash \ No newline at end of file diff --git a/windows-vm-standard-dev/pvc/datadisk.yaml b/windows-vm-standard-dev/pvc/datadisk.yaml index 86461b8..5d858e6 100644 --- a/windows-vm-standard-dev/pvc/datadisk.yaml +++ b/windows-vm-standard-dev/pvc/datadisk.yaml @@ -9,4 +9,4 @@ spec: - ReadWriteMany resources: requests: - storage: 200Gi + storage: 50Gi diff --git a/windows-vm-standard-dev/vm/server.yaml b/windows-vm-standard-dev/vm/server.yaml index df3b980..1b42bdc 100644 --- a/windows-vm-standard-dev/vm/server.yaml +++ b/windows-vm-standard-dev/vm/server.yaml @@ -10,7 +10,7 @@ spec: spec: source: http: - url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2 + url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/windows-server-2022-uefi-ns.qcow2" storage: resources: requests: diff --git a/windows-vm-standard-john/ks-pvc.yaml b/windows-vm-standard-john/ks-pvc.yaml new file mode 100644 index 0000000..68e3154 --- /dev/null +++ b/windows-vm-standard-john/ks-pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-pvc-john + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-john/pvc + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-john/ks-vm.yaml b/windows-vm-standard-john/ks-vm.yaml new file mode 100644 index 0000000..4b8608c --- /dev/null +++ b/windows-vm-standard-john/ks-vm.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app windows-vm-standard-john + namespace: ${TENANT_NAMESPACE} +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./windows-vm-standard-john/vm + prune: true + sourceRef: + kind: GitRepository + name: tenant-repos + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m \ No newline at end of file diff --git a/windows-vm-standard-john/pvc/datadisk.yaml b/windows-vm-standard-john/pvc/datadisk.yaml new file mode 100644 index 0000000..6c901ab --- /dev/null +++ b/windows-vm-standard-john/pvc/datadisk.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-vm-datadisk-john +spec: + storageClassName: ibm-spectrum-scale-fileset + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Gi diff --git a/windows-vm-standard-john/vm/server.yaml b/windows-vm-standard-john/vm/server.yaml new file mode 100644 index 0000000..bf952a8 --- /dev/null +++ b/windows-vm-standard-john/vm/server.yaml @@ -0,0 +1,82 @@ +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: windows-vm-standard-john + namespace: ${TENANT_NAMESPACE} +spec: + dataVolumeTemplates: + - metadata: + name: windows-rootdisk-john + spec: + source: + http: + url: http://nginx.demo.svc.cluster.local:80/windows-server-2022-uefi-ns.qcow2 + storage: + resources: + requests: + storage: 80Gi +# sourceRef: +# kind: DataSource +# name: win2k22 +# namespace: openshift-virtualization-os-images + runStrategy: Always + template: + metadata: + labels: + kubevirt.io/domain: windows-vm-standard-john + spec: + domain: + cpu: + cores: 4 + memory: + guest: 8Gi + features: + acpi: {} + smm: + enabled: true + firmware: + bootloader: + efi: {} + devices: + rng: {} + networkInterfaceMultiqueue: true + interfaces: + - name: default + masquerade: {} + ports: + - port: 8080 + - port: 443 + - port: 22 + - port: 3389 + disks: + - disk: + bus: sata + name: rootdisk-john + - disk: + bus: sata + name: datadisk-john + # - disk: + # bus: scsi + # name: cloudinitdisk + resources: + requests: + memory: 8Gi + cpu: 4 + limits: + memory: 8Gi + cpu: 4 + networks: + - name: default + pod: {} + terminationGracePeriodSeconds: 180 + volumes: + - name: rootdisk-john + dataVolume: + name: windows-rootdisk-john + - name: datadisk-john + persistentVolumeClaim: + claimName: windows-vm-datadisk-john + #- name: cloudinitdisk + # cloudInitNoCloud: + # secretRef: + # name: windows-cloud-init diff --git a/windows-vm-standard-john/windows-lb.yaml b/windows-vm-standard-john/windows-lb.yaml new file mode 100644 index 0000000..e9ad9f8 --- /dev/null +++ b/windows-vm-standard-john/windows-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: windows-lb-john + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: windows-lb-john +spec: + type: LoadBalancer + ports: + - port: 8080 + name: http + targetPort: 8080 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + - port: 65022 + name: ssh + targetPort: 22 + protocol: TCP + - port: 3389 + name: rdp + targetPort: 3389 + protocol: TCP + selector: + kubevirt.io/domain: windows-vm-standard-john