From c0ee377b215f052a93efb9a4510cb71196f49cff Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 8 Jul 2025 17:13:01 +0000 Subject: [PATCH 1/7] feat(docker-image)!: Update nginx Docker tag to v21 --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 0937d41..6ffdf97 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: nginx - version: 19.1.1 + version: 21.0.4 sourceRef: kind: HelmRepository name: bitnami From 410cb991734707318cf1463ec669b2f59711d8ae Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:00:51 +0200 Subject: [PATCH 2/7] change port and add lb --- firewall-s3/vm/fortigate.yaml | 21 +++++------------- network/ks-lb.yaml | 2 +- network/loadbalancers/fortigate-lb.yaml | 29 +++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 16 deletions(-) create mode 100644 network/loadbalancers/fortigate-lb.yaml diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 582ec8e..5fd7914 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -3,6 +3,8 @@ kind: VirtualMachine metadata: name: fortigate-s3 namespace: ${TENANT_NAMESPACE} + annotations: + #kubevirt.io/allow-pod-bridge-network-live-migration: spec: dataVolumeTemplates: - metadata: @@ -29,26 +31,17 @@ spec: guest: 4Gi features: acpi: {} - smm: + smm: enabled: true firmware: bootloader: efi: - secureBoot: true devices: rng: {} networkInterfaceMultiqueue: true interfaces: - - name: internal - masquerade: {} - ports: - - port: 500 - - port: 4500 - #- name: external - # masquerade: {} - # ports: - # - port: 500 - # - port: 4500 + - name: external + bridge: {} disks: - disk: bus: sata @@ -61,9 +54,7 @@ spec: memory: 4Gi cpu: 2 networks: - #- name: external - # pod: {} - - name: internal + - name: external pod: {} terminationGracePeriodSeconds: 180 volumes: diff --git a/network/ks-lb.yaml b/network/ks-lb.yaml index bfb3107..25ae3ef 100644 --- a/network/ks-lb.yaml +++ b/network/ks-lb.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app windows-lb + name: &app lb namespace: ${TENANT_NAMESPACE} spec: commonMetadata: diff --git a/network/loadbalancers/fortigate-lb.yaml b/network/loadbalancers/fortigate-lb.yaml new file mode 100644 index 0000000..13f8eae --- /dev/null +++ b/network/loadbalancers/fortigate-lb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fortigate-lb + namespace: ${TENANT_NAMESPACE} + labels: + app.kubernetes.io/component: fortigate-lb +spec: + type: LoadBalancer + ports: + - port: 4500 + name: ipsec-nat + targetPort: 4500 + protocol: UDP + - port: 500 + name: key-management + targetPort: 500 + protocol: UDP + - port: 22 + name: ssh + targetPort: 22 + protocol: TCP + - port: 443 + name: https + targetPort: 443 + protocol: TCP + selector: + kubevirt.io/domain: fortigate-s3 \ No newline at end of file From da7f7f73c148b7abd93073f20265a8c1946d55c5 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:02:58 +0200 Subject: [PATCH 3/7] added object --- firewall-s3/vm/fortigate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 5fd7914..51cd118 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -35,7 +35,7 @@ spec: enabled: true firmware: bootloader: - efi: + efi: {} devices: rng: {} networkInterfaceMultiqueue: true From 516c1bd03493c5655bbf8e2bc8d3f7e28d9309fe Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:07:05 +0200 Subject: [PATCH 4/7] added secure boot again --- firewall-s3/vm/fortigate.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 51cd118..8964c92 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -35,7 +35,8 @@ spec: enabled: true firmware: bootloader: - efi: {} + efi: + secureBoot: true devices: rng: {} networkInterfaceMultiqueue: true From 6a719ccdc8fdcb4c0c3b218f11eeaf447700f468 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:08:25 +0200 Subject: [PATCH 5/7] set SB to false --- firewall-s3/vm/fortigate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 8964c92..4d462bb 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -36,7 +36,7 @@ spec: firmware: bootloader: efi: - secureBoot: true + secureBoot: false devices: rng: {} networkInterfaceMultiqueue: true From 9980d50b0711b479cc0622ac1124618b3a32b3c3 Mon Sep 17 00:00:00 2001 From: "maximilian.bartz" Date: Wed, 9 Jul 2025 12:34:37 +0200 Subject: [PATCH 6/7] test with masq --- firewall-s3/vm/fortigate.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/firewall-s3/vm/fortigate.yaml b/firewall-s3/vm/fortigate.yaml index 4d462bb..755f5ea 100644 --- a/firewall-s3/vm/fortigate.yaml +++ b/firewall-s3/vm/fortigate.yaml @@ -42,7 +42,12 @@ spec: networkInterfaceMultiqueue: true interfaces: - name: external - bridge: {} + masquerade: {} + ports: + - port: 4500 + - port: 443 + - port: 22 + - port: 500 disks: - disk: bus: sata From 36ecc280d091ea1e9745b125eb85f43306ccbdfe Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 9 Jul 2025 11:16:25 +0000 Subject: [PATCH 7/7] feat(docker-image)!: Update nginx Docker tag to v21 --- templates/image-server/nginx/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml index 0937d41..6ffdf97 100644 --- a/templates/image-server/nginx/helmrelease.yaml +++ b/templates/image-server/nginx/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: nginx - version: 19.1.1 + version: 21.0.4 sourceRef: kind: HelmRepository name: bitnami