generated from phoenix-oss/tenant-tpl
Compare commits
1 commit
main
...
renovate/h
| Author | SHA1 | Date | |
|---|---|---|---|
| 90c8aa812c |
46 changed files with 175 additions and 1245 deletions
3
.gitattributes
vendored
3
.gitattributes
vendored
|
|
@ -1,3 +0,0 @@
|
|||
*.sh text eol=lf
|
||||
*.yml text eol=lf
|
||||
*.yaml text eol=lf
|
||||
33
.gitignore
vendored
33
.gitignore
vendored
|
|
@ -1,33 +0,0 @@
|
|||
# Eclipse
|
||||
.project
|
||||
.classpath
|
||||
.settings/
|
||||
bin/
|
||||
|
||||
# IntelliJ
|
||||
.idea
|
||||
*.ipr
|
||||
*.iml
|
||||
*.iws
|
||||
|
||||
# NetBeans
|
||||
nb-configuration.xml
|
||||
|
||||
# Visual Studio Code
|
||||
.vscode
|
||||
.factorypath
|
||||
|
||||
# OSX
|
||||
.DS_Store
|
||||
|
||||
# Vim
|
||||
*.swp
|
||||
*.swo
|
||||
|
||||
# patch
|
||||
*.orig
|
||||
*.rej
|
||||
|
||||
# Local environment
|
||||
.env
|
||||
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: alpine-test
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
containers:
|
||||
- name: alpine
|
||||
image: alpine:latest
|
||||
command: ["/bin/sh"]
|
||||
args: ["-c", "while true; do sleep 3600; done"]
|
||||
stdin: true
|
||||
tty: true
|
||||
restartPolicy: Never
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: alpine-test2
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
containers:
|
||||
- name: alpine2
|
||||
image: alpine:latest
|
||||
command: ["/bin/sh"]
|
||||
args: ["-c", "while true; do sleep 3600; done"]
|
||||
stdin: true
|
||||
tty: true
|
||||
restartPolicy: Never
|
||||
103
echo-server/app/helmrelease.yaml
Normal file
103
echo-server/app/helmrelease.yaml
Normal file
|
|
@ -0,0 +1,103 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: &app echo-server
|
||||
spec:
|
||||
serviceAccountName: ${TECHNICAL_ACCOUNT}
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 3.2.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjw-s
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
strategy: rollback
|
||||
retries: 3
|
||||
values:
|
||||
controllers:
|
||||
echo-server:
|
||||
replicas: 2
|
||||
strategy: RollingUpdate
|
||||
containers:
|
||||
app:
|
||||
image:
|
||||
repository: ghcr.io/mendhak/http-https-echo
|
||||
tag: 33
|
||||
env:
|
||||
HTTP_PORT: &port 8080
|
||||
LOG_WITHOUT_NEWLINE: true
|
||||
LOG_IGNORE_PATH: /healthz
|
||||
PROMETHEUS_ENABLED: true
|
||||
probes:
|
||||
liveness: &probes
|
||||
enabled: true
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: *port
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
readiness: *probes
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities: { drop: ["ALL"] }
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 64Mi
|
||||
limits:
|
||||
memory: 64Mi
|
||||
cpu: 100m
|
||||
defaultPodOptions:
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile: { type: RuntimeDefault }
|
||||
topologySpreadConstraints:
|
||||
- maxSkew: 1
|
||||
topologyKey: kubernetes.io/hostname
|
||||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: *app
|
||||
service:
|
||||
app:
|
||||
controller: echo-server
|
||||
ports:
|
||||
http:
|
||||
port: *port
|
||||
serviceMonitor:
|
||||
app:
|
||||
serviceName: echo-server
|
||||
endpoints:
|
||||
- port: http
|
||||
scheme: http
|
||||
path: /metrics
|
||||
interval: 1m
|
||||
scrapeTimeout: 10s
|
||||
ingress:
|
||||
app:
|
||||
className: external
|
||||
hosts:
|
||||
- host: "{{ .Release.Name }}-${TENANT_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
identifier: app
|
||||
port: http
|
||||
|
||||
|
|
@ -3,21 +3,18 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app postgres
|
||||
name: &app echo-server
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
targetNamespace: ${TENANT_NAMESPACE}
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./postgres/app
|
||||
path: ./echo-server/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: true
|
||||
interval: 10m
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
dependsOn:
|
||||
- name: vars
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app fortigate-s3
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./firewall-s3/vm/ksd
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: fortigate-lb
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
labels:
|
||||
app.kubernetes.io/component: fortigate-lb
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
ports:
|
||||
- port: 4500
|
||||
name: ipsec-nat
|
||||
targetPort: 4500
|
||||
protocol: UDP
|
||||
- port: 500
|
||||
name: key-management
|
||||
targetPort: 500
|
||||
protocol: UDP
|
||||
#- port: 22
|
||||
# name: ssh
|
||||
# targetPort: 22
|
||||
# protocol: TCP
|
||||
- port: 443
|
||||
name: https
|
||||
targetPort: 443
|
||||
protocol: TCP
|
||||
selector:
|
||||
kubevirt.io/domain: fortigate-ksd
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
apiVersion: "k8s.cni.cncf.io/v1"
|
||||
kind: NetworkAttachmentDefinition
|
||||
metadata:
|
||||
name: lan-net
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
config: '{
|
||||
"cniVersion": "0.3.1",
|
||||
"type": "bridge",
|
||||
"bridge": "br-lan",
|
||||
"ipam": {
|
||||
"type": "static",
|
||||
"addresses": [
|
||||
{
|
||||
"address": "172.168.100.0/24",
|
||||
"gateway": "172.168.100.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}'
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
apiVersion: "k8s.cni.cncf.io/v1"
|
||||
kind: NetworkAttachmentDefinition
|
||||
metadata:
|
||||
name: mgmt-net
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
config: '{
|
||||
"cniVersion": "0.3.1",
|
||||
"type": "bridge",
|
||||
"bridge": "br-mgmt",
|
||||
"ipam": {
|
||||
"type": "static",
|
||||
"addresses": [
|
||||
{
|
||||
"address": "192.168.10.0/24",
|
||||
"gateway": "192.168.10.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}'
|
||||
|
|
@ -1,77 +0,0 @@
|
|||
apiVersion: kubevirt.io/v1
|
||||
kind: VirtualMachine
|
||||
metadata:
|
||||
name: fortigate-ksd
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
dataVolumeTemplates:
|
||||
- metadata:
|
||||
name: fortigate-rootdisk-ksd
|
||||
spec:
|
||||
source:
|
||||
http:
|
||||
url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2"
|
||||
#secretRef: s3-virt-credentials
|
||||
storage:
|
||||
resources:
|
||||
requests:
|
||||
storage: 30Gi
|
||||
runStrategy: Always
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
kubevirt.io/domain: fortigate-ksd
|
||||
spec:
|
||||
domain:
|
||||
cpu:
|
||||
cores: 1
|
||||
memory:
|
||||
guest: 2Gi
|
||||
features:
|
||||
acpi: {}
|
||||
smm:
|
||||
enabled: true
|
||||
firmware:
|
||||
bootloader:
|
||||
efi:
|
||||
secureBoot: false
|
||||
devices:
|
||||
rng: {}
|
||||
networkInterfaceMultiqueue: true
|
||||
interfaces:
|
||||
- name: wan
|
||||
masquerade: {}
|
||||
ports:
|
||||
- port: 4500
|
||||
- port: 443
|
||||
- port: 22
|
||||
- port: 500
|
||||
- name: mgmt
|
||||
bridge: {}
|
||||
- name: lan
|
||||
bridge: {}
|
||||
disks:
|
||||
- disk:
|
||||
bus: sata
|
||||
name: rootdisk
|
||||
resources:
|
||||
requests:
|
||||
memory: 2Gi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 1
|
||||
networks:
|
||||
- name: wan
|
||||
pod: {}
|
||||
- name: mgmt
|
||||
multus:
|
||||
networkName: ${TENANT_NAMESPACE}/mgmt-net
|
||||
- name: lan
|
||||
multus:
|
||||
networkName: ${TENANT_NAMESPACE}/lan-net
|
||||
terminationGracePeriodSeconds: 180
|
||||
volumes:
|
||||
- name: rootdisk
|
||||
dataVolume:
|
||||
name: fortigate-rootdisk-ksd
|
||||
|
|
@ -1,73 +0,0 @@
|
|||
apiVersion: kubevirt.io/v1
|
||||
kind: VirtualMachine
|
||||
metadata:
|
||||
name: strongswan
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
running: true
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
kubevirt.io/domain: strongswan
|
||||
spec:
|
||||
domain:
|
||||
cpu:
|
||||
cores: 2
|
||||
resources:
|
||||
requests:
|
||||
memory: 2Gi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
memory:
|
||||
guest: 2Gi
|
||||
devices:
|
||||
rng: {}
|
||||
networkInterfaceMultiqueue: true
|
||||
disks:
|
||||
- name: containerdisk
|
||||
disk:
|
||||
bus: virtio
|
||||
- name: cloudinitdisk
|
||||
disk:
|
||||
bus: virtio
|
||||
interfaces:
|
||||
- name: wan
|
||||
masquerade: {}
|
||||
ports:
|
||||
- port: 4500
|
||||
- port: 443
|
||||
- port: 22
|
||||
- port: 500
|
||||
- name: mgmt
|
||||
bridge: {}
|
||||
- name: lan
|
||||
bridge: {}
|
||||
networks:
|
||||
- name: wan
|
||||
pod: {}
|
||||
- name: mgmt
|
||||
multus:
|
||||
networkName: ${TENANT_NAMESPACE}/mgmt-net
|
||||
- name: lan
|
||||
multus:
|
||||
networkName: ${TENANT_NAMESPACE}/lan-net
|
||||
terminationGracePeriodSeconds: 180
|
||||
volumes:
|
||||
- name: containerdisk
|
||||
containerDisk:
|
||||
image: quay.io/containerdisks/ubuntu:22.04
|
||||
- name: cloudinitdisk
|
||||
cloudInitNoCloud:
|
||||
userData: |
|
||||
#cloud-config
|
||||
users:
|
||||
- name: testuser
|
||||
groups: [sudo]
|
||||
sudo: "ALL=(ALL) NOPASSWD:ALL"
|
||||
lock_passwd: false
|
||||
passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
|
||||
chpasswd:
|
||||
expire: false
|
||||
ssh_pwauth: true
|
||||
|
|
@ -3,22 +3,10 @@ kind: Kustomization
|
|||
resources:
|
||||
- vars/ks.yaml
|
||||
- repos/ks.yaml
|
||||
- network/ks-lb.yaml
|
||||
- firewall-s3/ks-vm.yaml
|
||||
- windows-vm-standard/ks-vm.yaml
|
||||
- windows-vm-standard/ks-pvc.yaml
|
||||
- windows-vm-standard-dev/ks-vm.yaml
|
||||
- windows-vm-standard-dev/ks-pvc.yaml
|
||||
- echo-server/ks.yaml
|
||||
- ubuntu-vm-1/ks.yaml
|
||||
- ubuntu-vm-2/ks.yaml
|
||||
- ubuntu-vm-3-john/ks.yaml
|
||||
- container/ks-debug.yaml
|
||||
- templates/image-server/ks-nginx.yaml
|
||||
- templates/image-server/ks-pvc.yaml
|
||||
- templates/image-server/ks-route.yaml
|
||||
- templates/windowsserver/ks-dv.yaml
|
||||
- templates/windowsserver/ks-flavor.yaml
|
||||
- templates/windowsserver-rh/ks-flavor.yaml
|
||||
- postgres/ks.yaml
|
||||
# - windows-vm-standard-john/ks-vm.yaml
|
||||
# - windows-vm-standard-john/ks-pvc.yaml
|
||||
# - windows-vm-standard-john/windows-lb.yaml
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app lb
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./network/loadbalancers
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: fortigate-lb
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
labels:
|
||||
app.kubernetes.io/component: fortigate-lb
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- port: 4500
|
||||
name: ipsec-nat
|
||||
targetPort: 4500
|
||||
protocol: UDP
|
||||
- port: 500
|
||||
name: key-management
|
||||
targetPort: 500
|
||||
protocol: UDP
|
||||
- port: 22
|
||||
name: ssh
|
||||
targetPort: 22
|
||||
protocol: TCP
|
||||
- port: 443
|
||||
name: https
|
||||
targetPort: 443
|
||||
protocol: TCP
|
||||
selector:
|
||||
kubevirt.io/domain: fortigate-s3
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: windows-lb
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
labels:
|
||||
app.kubernetes.io/component: windows-lb
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- port: 8080
|
||||
name: http
|
||||
targetPort: 8080
|
||||
protocol: TCP
|
||||
- port: 443
|
||||
name: https
|
||||
targetPort: 443
|
||||
protocol: TCP
|
||||
- port: 65022
|
||||
name: ssh
|
||||
targetPort: 22
|
||||
protocol: TCP
|
||||
- port: 3389
|
||||
name: rdp
|
||||
targetPort: 3389
|
||||
protocol: TCP
|
||||
selector:
|
||||
kubevirt.io/domain: windows-vm-standard
|
||||
|
|
@ -1,122 +0,0 @@
|
|||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: postgres
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
serviceAccountName: ${TECHNICAL_ACCOUNT}
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: cluster
|
||||
version: 0.3.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cloudnative-pg
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
strategy: rollback
|
||||
retries: 3
|
||||
values:
|
||||
# check the complete configuration options at
|
||||
# https://raw.githubusercontent.com/cloudnative-pg/charts/refs/tags/cluster-v0.3.1/charts/cluster/values.yaml
|
||||
type: postgresql
|
||||
mode: standalone
|
||||
version:
|
||||
postgresql: "17.5"
|
||||
cluster:
|
||||
instances: 3
|
||||
storage:
|
||||
size: 10Gi
|
||||
# default storage class on ai-2 cluster, on basel or staging you
|
||||
# should use 'ocs-storagecluster-ceph-rbd' instead
|
||||
storageClass: ibm-spectrum-scale-fileset
|
||||
walStorage:
|
||||
# It's not mandatory to split WAL from the main data volume.
|
||||
# However, doing so helps to avoid issues with the main data volume
|
||||
# in cases where WAL exporting to the backup server experiences
|
||||
# issues. For example, in scenarios where there's network congestion
|
||||
# or even failures, the WAL may end up accumulating too much data
|
||||
# to the point where the volume fills up, blocking the cluster from
|
||||
# operating properly.
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
storageClass: ibm-spectrum-scale-fileset
|
||||
resources:
|
||||
requests:
|
||||
cpu: "500m"
|
||||
memory: 1Gi
|
||||
limits:
|
||||
cpu: "1"
|
||||
memory: 1Gi
|
||||
enableSuperuserAccess: true
|
||||
superuserSecret: postgres-superuser
|
||||
affinity:
|
||||
topologyKey: failure-domain.beta.kubernetes.io/zone
|
||||
postgresql:
|
||||
parameters:
|
||||
shared_buffers: 256MB
|
||||
max_connections: "400"
|
||||
initdb:
|
||||
database: app
|
||||
owner: app
|
||||
options: []
|
||||
encoding: UTF8
|
||||
backups:
|
||||
# As indicated by the 'enabled' flag, backups are disabled on
|
||||
# this deployment. But the remaining of the block serves as an
|
||||
# example of how to configure this cluster to export backups to
|
||||
# a S3 bucket hosted on a MinIO server.
|
||||
#
|
||||
# For more information, refer to the helm chart's values.yaml
|
||||
# or the official documentation at
|
||||
# https://cloudnative-pg.io/documentation/1.26/backup/
|
||||
enabled: false
|
||||
endpointURL: https://glacier-1.kvant.cloud
|
||||
provider: s3
|
||||
s3:
|
||||
bucket: phoenix-openshift-backups
|
||||
path: /demo-postgres
|
||||
# Ideally, you will never commit credentials in plain text;
|
||||
# these values are here just for illustration. For a way to
|
||||
# properly load them from kubernetes' secrets, refer to the
|
||||
# commented-ou section 'valuesFrom' placed right below
|
||||
accessKey: your-access-key
|
||||
secretKey: your-secret-key
|
||||
secret:
|
||||
create: true
|
||||
wal:
|
||||
# If exporting to MinIO S3, you may have to disable encryption.
|
||||
# This is how you achieve it
|
||||
encryption: ""
|
||||
data:
|
||||
encryption: ""
|
||||
scheduledBackups:
|
||||
# You can give it any name and change the scheduled time to what
|
||||
# fits your strategy. This serves as an example of how to configure
|
||||
# the cluster to export a daily backup to the S3 bucket using
|
||||
# barman object storage. You can also back up volumes instead.
|
||||
# Check the backup documentation to find more information on
|
||||
# which option suits you best.
|
||||
- name: daily-minio
|
||||
schedule: "@daily"
|
||||
backupOwnerReference: self
|
||||
method: barmanObjectStore
|
||||
retentionPolicy: "180d" # It is mandatory to match this value with the bucket's retention period
|
||||
# valuesFrom:
|
||||
# - kind: Secret
|
||||
# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair
|
||||
# valuesKey: ACCESS_KEY_ID # name of the key inside the secret that holds the access key value
|
||||
# targetPath: backups.s3.accessKey # path of the configuration that will be assigned the access key value
|
||||
# optional: false
|
||||
# - kind: Secret
|
||||
# name: postgres-backup-s3 # name of the pre-existing secret that holds the key pair
|
||||
# valuesKey: ACCESS_SECRET_KEY # name of the key inside the secret that holds the secret key value
|
||||
# targetPath: backups.s3.secretKey # path of the configuration that will be assigned the secret key value
|
||||
# optional: false
|
||||
|
|
@ -5,5 +5,5 @@ metadata:
|
|||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
type: oci
|
||||
interval: 60m
|
||||
interval: 5m
|
||||
url: oci://registry-1.docker.io/bitnamicharts
|
||||
|
|
@ -3,8 +3,10 @@
|
|||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: cloudnative-pg
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
name: bjw-s
|
||||
namespace: ${TENANT_NAMESPACE}-ns
|
||||
spec:
|
||||
interval: 5m0s
|
||||
url: https://cloudnative-pg.github.io/charts
|
||||
type: oci
|
||||
interval: 5m
|
||||
url: oci://ghcr.io/bjw-s/helm
|
||||
|
||||
|
|
@ -15,5 +15,4 @@ spec:
|
|||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
targetNamespace: ${TENANT_NAMESPACE}
|
||||
timeout: 5m
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app route
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./templates/image-server/route
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,15 +1,15 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: nginx
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
serviceAccountName: ${TECHNICAL_ACCOUNT}
|
||||
interval: 10m
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: nginx
|
||||
version: 19.1.1
|
||||
version: 20.0.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bitnami
|
||||
|
|
@ -17,14 +17,19 @@ spec:
|
|||
values:
|
||||
service:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
http: 80
|
||||
https: 443
|
||||
ingress:
|
||||
enabled: true
|
||||
hostname: nginx.${TENANT_DOMAIN}
|
||||
ingressClassName: external
|
||||
hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud
|
||||
tls:
|
||||
- hosts:
|
||||
- nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud
|
||||
extraVolumes:
|
||||
- name: ${TENANT_NAMESPACE}-image-storage
|
||||
persistentVolumeClaim:
|
||||
claimName: ${TENANT_NAMESPACE}-image-storage
|
||||
extraVolumeMounts:
|
||||
- name: ${TENANT_NAMESPACE}-image-storage
|
||||
mountPath: /app
|
||||
mountPath: /usr/share/nginx/html
|
||||
|
|
@ -2,11 +2,11 @@ apiVersion: v1
|
|||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: ${TENANT_NAMESPACE}-image-storage
|
||||
annotations:
|
||||
helm.sh/resource-policy: keep
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 120Gi
|
||||
storageClassName: ocs-storagecluster-ceph-rbd
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
apiVersion: route.openshift.io/v1
|
||||
kind: Route
|
||||
metadata:
|
||||
name: nginx
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
to:
|
||||
kind: Service
|
||||
name: nginx
|
||||
port:
|
||||
targetPort: 8080
|
||||
tls:
|
||||
termination: edge
|
||||
insecureEdgeTerminationPolicy: Allow
|
||||
|
|
@ -1,87 +0,0 @@
|
|||
apiVersion: template.openshift.io/v1
|
||||
kind: Template
|
||||
metadata:
|
||||
name: windows-server-2022-small-redhat
|
||||
namespace: '${TENANT_NAMESPACE}'
|
||||
labels:
|
||||
template.kubevirt.io/type: 'vm'
|
||||
os.template.kubevirt.io/win2k22: 'true'
|
||||
workload.template.kubevirt.io/server: 'true'
|
||||
annotations:
|
||||
name.os.template.kubevirt.io/win2k22: Windows Server 2022
|
||||
description: Windows Server 2022 VM
|
||||
openshift.io/display-name: Windows Server 2022
|
||||
iconClass: icon-windows
|
||||
objects:
|
||||
- apiVersion: kubevirt.io/v1
|
||||
kind: VirtualMachine
|
||||
metadata:
|
||||
name: windows-server-2022-small-redhat
|
||||
annotations:
|
||||
description: Windows Server 2022 VM example
|
||||
labels:
|
||||
app: windows-server-2022-small-redhat
|
||||
vm.kubevirt.io/template: 'windows-server-2022-template'
|
||||
os.template.kubevirt.io/win2k22: 'true'
|
||||
spec:
|
||||
running: false
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
vm.kubevirt.io/flavor: small
|
||||
vm.kubevirt.io/os: win2k22
|
||||
vm.kubevirt.io/workload: server
|
||||
labels:
|
||||
kubevirt.io/domain: windows-server-2022-small-redhat
|
||||
kubevirt.io/size: small
|
||||
spec:
|
||||
domain:
|
||||
cpu:
|
||||
cores: 1
|
||||
sockets: 1
|
||||
threads: 1
|
||||
devices:
|
||||
disks:
|
||||
- disk:
|
||||
bus: virtio
|
||||
name: rootdisk
|
||||
interfaces:
|
||||
- masquerade: {}
|
||||
model: virtio
|
||||
name: default
|
||||
networkInterfaceMultiqueue: true
|
||||
rng: {}
|
||||
features:
|
||||
acpi: {}
|
||||
smm:
|
||||
enabled: true
|
||||
firmware:
|
||||
bootloader:
|
||||
efi: {}
|
||||
memory:
|
||||
guest: 4Gi
|
||||
hostname: windows-server-2022-small-redhat
|
||||
networks:
|
||||
- name: default
|
||||
pod: {}
|
||||
terminationGracePeriodSeconds: 180
|
||||
volumes:
|
||||
- name: rootdisk
|
||||
dataVolume:
|
||||
name: windows-server-2022-small-redhat-dv
|
||||
- apiVersion: cdi.kubevirt.io/v1beta1
|
||||
kind: DataVolume
|
||||
metadata:
|
||||
name: windows-server-2022-small-redhat-dv
|
||||
namespace: '${TENANT_NAMESPACE}'
|
||||
spec:
|
||||
source:
|
||||
http:
|
||||
url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2
|
||||
pvc:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 120Gi
|
||||
storageClassName: ibm-spectrum-scale-fileset
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app flavor-rh
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./templates/windowsserver-rh/flavor
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
15
templates/windowsserver/dv/windows-1-dv.yaml
Normal file
15
templates/windowsserver/dv/windows-1-dv.yaml
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
apiVersion: cdi.kubevirt.io/v1beta1
|
||||
kind: DataVolume
|
||||
metadata:
|
||||
name: windows-server-datavolume
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
source:
|
||||
http:
|
||||
url: "http://nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud/windows-server-2022.qcow2"
|
||||
pvc:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 120Gi
|
||||
|
|
@ -2,94 +2,49 @@ apiVersion: template.openshift.io/v1
|
|||
kind: Template
|
||||
metadata:
|
||||
name: windows-server-2022-small
|
||||
namespace: '${TENANT_NAMESPACE}'
|
||||
labels:
|
||||
template.kubevirt.io/type: 'vm'
|
||||
os.template.kubevirt.io/win2k22: 'true'
|
||||
workload.template.kubevirt.io/server: 'true'
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
annotations:
|
||||
name.os.template.kubevirt.io/win2k22: Windows Server 2022
|
||||
description: Windows Server 2022 VM template (Small)
|
||||
openshift.io/display-name: Windows Server 2022
|
||||
iconClass: icon-windows
|
||||
openshift.io/display-name: "Windows Server 2022 VM"
|
||||
openshift.io/documentation-url: "https://docs.microsoft.com/en-us/windows-server/"
|
||||
description: "Template for deploying a Windows Server 2022 Virtual Machine on OpenShift with KubeVirt."
|
||||
tags: virtualmachine,windows,server,2022
|
||||
objects:
|
||||
- apiVersion: kubevirt.io/v1
|
||||
kind: VirtualMachine
|
||||
metadata:
|
||||
name: windows-server-demo
|
||||
annotations:
|
||||
description: Windows Server 2022 VM Demo
|
||||
name: ${VM_NAME}
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
labels:
|
||||
app: windows-server-demo
|
||||
vm.kubevirt.io/template: 'windows-server-2022-template'
|
||||
os.template.kubevirt.io/win2k22: 'true'
|
||||
app: windows-server
|
||||
spec:
|
||||
running: false
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
vm.kubevirt.io/flavor: small
|
||||
vm.kubevirt.io/os: win2k22
|
||||
vm.kubevirt.io/workload: server
|
||||
labels:
|
||||
kubevirt.io/domain: windows-server-demo
|
||||
kubevirt.io/size: small
|
||||
kubevirt.io/domain: ${VM_NAME}
|
||||
spec:
|
||||
domain:
|
||||
cpu:
|
||||
cores: 2
|
||||
sockets: 1
|
||||
threads: 1
|
||||
cores: 4
|
||||
devices:
|
||||
disks:
|
||||
- disk:
|
||||
- name: rootdisk
|
||||
disk:
|
||||
bus: virtio
|
||||
name: rootdisk
|
||||
interfaces:
|
||||
- masquerade: {}
|
||||
model: virtio
|
||||
name: default
|
||||
networkInterfaceMultiqueue: true
|
||||
rng: {}
|
||||
features:
|
||||
acpi: {}
|
||||
smm:
|
||||
enabled: true
|
||||
firmware:
|
||||
bootloader:
|
||||
efi: {}
|
||||
memory:
|
||||
guest: 4Gi
|
||||
hostname: windows-server-demo
|
||||
guest: 8Gi
|
||||
networks:
|
||||
- name: default
|
||||
pod: {}
|
||||
terminationGracePeriodSeconds: 180
|
||||
volumes:
|
||||
- name: rootdisk
|
||||
dataVolume:
|
||||
name: windows-server-datavolume-small
|
||||
- apiVersion: cdi.kubevirt.io/v1beta1
|
||||
kind: DataVolume
|
||||
metadata:
|
||||
name: windows-server-datavolume-small
|
||||
namespace: '${TENANT_NAMESPACE}'
|
||||
spec:
|
||||
source:
|
||||
http:
|
||||
url: http://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2
|
||||
pvc:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: '${PVC_SIZE}'
|
||||
persistentVolumeClaim:
|
||||
claimName: windows-server-datavolume
|
||||
parameters:
|
||||
#- name: IMAGE_URL
|
||||
# description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image
|
||||
# required: true
|
||||
# value: https://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2
|
||||
- name: PVC_SIZE
|
||||
description: Size of the root disk PVC
|
||||
- name: windows_server_2022_small
|
||||
description: Name of the Virtual Machine
|
||||
required: true
|
||||
value: 120Gi
|
||||
- name: NAMESPACE
|
||||
description: Namespace where to deploy
|
||||
required: true
|
||||
value: ${TENANT_NAMESPACE}
|
||||
|
|
@ -1,13 +1,13 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app debug
|
||||
name: &app dv
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./container/debug
|
||||
path: ./templates/windowsserver/dv
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
|
|
@ -38,13 +38,11 @@ spec:
|
|||
cloudInitNoCloud:
|
||||
userData: |
|
||||
#cloud-config
|
||||
hostname: ubuntu-vm-1
|
||||
ssh_pwauth: True
|
||||
users:
|
||||
- name: testuser
|
||||
groups: [sudo]
|
||||
sudo: "ALL=(ALL) NOPASSWD:ALL"
|
||||
lock_passwd: false
|
||||
passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
|
||||
|
||||
chpasswd:
|
||||
expire: false
|
||||
ssh_pwauth: true
|
||||
- name: ubuntu
|
||||
ssh-authorized-keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu
|
||||
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
||||
shell: /bin/bash
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app ubuntu-vm-2
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./ubuntu-vm-2/ubuntu
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,48 +0,0 @@
|
|||
apiVersion: kubevirt.io/v1
|
||||
kind: VirtualMachine
|
||||
metadata:
|
||||
name: ubuntu-vm-3-
|
||||
namespace: kubevirt-vms
|
||||
spec:
|
||||
running: true
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
kubevirt.io/domain: ubuntu-vm-2
|
||||
spec:
|
||||
domain:
|
||||
cpu:
|
||||
cores: 2
|
||||
devices:
|
||||
disks:
|
||||
- disk:
|
||||
bus: virtio
|
||||
name: containerdisk
|
||||
- disk:
|
||||
bus: virtio
|
||||
name: cloudinitdisk
|
||||
resources:
|
||||
requests:
|
||||
memory: 2Gi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
memory:
|
||||
guest: 2Gi
|
||||
volumes:
|
||||
- name: containerdisk
|
||||
containerDisk:
|
||||
image: quay.io/containerdisks/ubuntu:22.04
|
||||
- name: cloudinitdisk
|
||||
cloudInitNoCloud:
|
||||
userData: |
|
||||
#cloud-config
|
||||
hostname: ubuntu-vm-2
|
||||
ssh_pwauth: True
|
||||
users:
|
||||
- name: ubuntu
|
||||
ssh-authorized-keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu
|
||||
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
||||
shell: /bin/bash
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: s3-virt-credentials
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
type: Opaque
|
||||
data:
|
||||
accessKeyId: WWozQTdUdHgzbjNOa3NsS2VodzM=
|
||||
secretKey: SUZJRWtSbnJnWDRPcnlNWmtSSjlheG41UlpnSTZhMjBvVW82Tm1lRA==
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app windows-pvc-dev
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./windows-vm-standard-dev/pvc
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app windows-vm-standard-dev
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./windows-vm-standard-dev/vm
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: windows-vm-datadisk-dev
|
||||
spec:
|
||||
storageClassName: ibm-spectrum-scale-fileset
|
||||
volumeMode: Filesystem
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 50Gi
|
||||
|
|
@ -1,83 +0,0 @@
|
|||
apiVersion: kubevirt.io/v1
|
||||
kind: VirtualMachine
|
||||
metadata:
|
||||
name: windows-vm-standard-dev
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
dataVolumeTemplates:
|
||||
- metadata:
|
||||
name: windows-rootdisk-dev
|
||||
spec:
|
||||
source:
|
||||
http:
|
||||
url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/windows-server-2022-uefi-ns.qcow2"
|
||||
storage:
|
||||
resources:
|
||||
requests:
|
||||
storage: 80Gi
|
||||
sourceRef:
|
||||
kind: DataSource
|
||||
name: win2k22
|
||||
namespace: kubevirt-os-images
|
||||
runStrategy: Always
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
kubevirt.io/domain: windows-vm-standard-dev
|
||||
spec:
|
||||
domain:
|
||||
cpu:
|
||||
cores: 4
|
||||
memory:
|
||||
guest: 8Gi
|
||||
features:
|
||||
acpi: {}
|
||||
smm:
|
||||
enabled: true
|
||||
firmware:
|
||||
bootloader:
|
||||
efi:
|
||||
secureBoot: true
|
||||
devices:
|
||||
rng: {}
|
||||
networkInterfaceMultiqueue: true
|
||||
interfaces:
|
||||
- name: default
|
||||
masquerade: {}
|
||||
ports:
|
||||
- port: 8080
|
||||
- port: 443
|
||||
- port: 22
|
||||
- port: 3389
|
||||
disks:
|
||||
- disk:
|
||||
bus: sata
|
||||
name: rootdisk-dev
|
||||
- disk:
|
||||
bus: sata
|
||||
name: datadisk-dev
|
||||
# - disk:
|
||||
# bus: scsi
|
||||
# name: cloudinitdisk
|
||||
resources:
|
||||
requests:
|
||||
memory: 8Gi
|
||||
cpu: 4
|
||||
limits:
|
||||
memory: 8Gi
|
||||
cpu: 4
|
||||
networks:
|
||||
- name: default
|
||||
pod: {}
|
||||
terminationGracePeriodSeconds: 180
|
||||
volumes:
|
||||
- name: rootdisk-dev
|
||||
dataVolume:
|
||||
name: windows-rootdisk-dev
|
||||
- name: datadisk-dev
|
||||
persistentVolumeClaim:
|
||||
claimName: windows-vm-datadisk-dev
|
||||
#- name: cloudinitdisk
|
||||
# cloudInitNoCloud:
|
||||
# secretRef:
|
||||
# name: windows-cloud-init
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app windows-pvc-john
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./windows-vm-standard-john/pvc
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app windows-vm-standard-john
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./windows-vm-standard-john/vm
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: windows-vm-datadisk-john
|
||||
spec:
|
||||
storageClassName: ibm-spectrum-scale-fileset
|
||||
volumeMode: Filesystem
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 200Gi
|
||||
|
|
@ -1,82 +0,0 @@
|
|||
apiVersion: kubevirt.io/v1
|
||||
kind: VirtualMachine
|
||||
metadata:
|
||||
name: windows-vm-standard-john
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
dataVolumeTemplates:
|
||||
- metadata:
|
||||
name: windows-rootdisk-john
|
||||
spec:
|
||||
source:
|
||||
http:
|
||||
url: http://nginx.demo.svc.cluster.local:80/windows-server-2022-uefi-ns.qcow2
|
||||
storage:
|
||||
resources:
|
||||
requests:
|
||||
storage: 80Gi
|
||||
# sourceRef:
|
||||
# kind: DataSource
|
||||
# name: win2k22
|
||||
# namespace: openshift-virtualization-os-images
|
||||
runStrategy: Always
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
kubevirt.io/domain: windows-vm-standard-john
|
||||
spec:
|
||||
domain:
|
||||
cpu:
|
||||
cores: 4
|
||||
memory:
|
||||
guest: 8Gi
|
||||
features:
|
||||
acpi: {}
|
||||
smm:
|
||||
enabled: true
|
||||
firmware:
|
||||
bootloader:
|
||||
efi: {}
|
||||
devices:
|
||||
rng: {}
|
||||
networkInterfaceMultiqueue: true
|
||||
interfaces:
|
||||
- name: default
|
||||
masquerade: {}
|
||||
ports:
|
||||
- port: 8080
|
||||
- port: 443
|
||||
- port: 22
|
||||
- port: 3389
|
||||
disks:
|
||||
- disk:
|
||||
bus: sata
|
||||
name: rootdisk-john
|
||||
- disk:
|
||||
bus: sata
|
||||
name: datadisk-john
|
||||
# - disk:
|
||||
# bus: scsi
|
||||
# name: cloudinitdisk
|
||||
resources:
|
||||
requests:
|
||||
memory: 8Gi
|
||||
cpu: 4
|
||||
limits:
|
||||
memory: 8Gi
|
||||
cpu: 4
|
||||
networks:
|
||||
- name: default
|
||||
pod: {}
|
||||
terminationGracePeriodSeconds: 180
|
||||
volumes:
|
||||
- name: rootdisk-john
|
||||
dataVolume:
|
||||
name: windows-rootdisk-john
|
||||
- name: datadisk-john
|
||||
persistentVolumeClaim:
|
||||
claimName: windows-vm-datadisk-john
|
||||
#- name: cloudinitdisk
|
||||
# cloudInitNoCloud:
|
||||
# secretRef:
|
||||
# name: windows-cloud-init
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: windows-lb-john
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
labels:
|
||||
app.kubernetes.io/component: windows-lb-john
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- port: 8080
|
||||
name: http
|
||||
targetPort: 8080
|
||||
protocol: TCP
|
||||
- port: 443
|
||||
name: https
|
||||
targetPort: 443
|
||||
protocol: TCP
|
||||
- port: 65022
|
||||
name: ssh
|
||||
targetPort: 22
|
||||
protocol: TCP
|
||||
- port: 3389
|
||||
name: rdp
|
||||
targetPort: 3389
|
||||
protocol: TCP
|
||||
selector:
|
||||
kubevirt.io/domain: windows-vm-standard-john
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app windows-pvc
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./windows-vm-standard/pvc
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app windows-vm-standard
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./windows-vm-standard/vm
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: tenant-repos
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: windows-vm-datadisk
|
||||
spec:
|
||||
storageClassName: ibm-spectrum-scale-fileset
|
||||
volumeMode: Filesystem
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 200Gi
|
||||
|
|
@ -1,82 +0,0 @@
|
|||
apiVersion: kubevirt.io/v1
|
||||
kind: VirtualMachine
|
||||
metadata:
|
||||
name: windows-vm-standard
|
||||
namespace: ${TENANT_NAMESPACE}
|
||||
spec:
|
||||
dataVolumeTemplates:
|
||||
- metadata:
|
||||
name: windows-rootdisk
|
||||
spec:
|
||||
source:
|
||||
http:
|
||||
url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2
|
||||
storage:
|
||||
resources:
|
||||
requests:
|
||||
storage: 80Gi
|
||||
sourceRef:
|
||||
kind: DataSource
|
||||
name: win2k22
|
||||
namespace: kubevirt-os-images
|
||||
runStrategy: Always
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
kubevirt.io/domain: windows-vm-standard
|
||||
spec:
|
||||
domain:
|
||||
cpu:
|
||||
cores: 4
|
||||
memory:
|
||||
guest: 8Gi
|
||||
features:
|
||||
acpi: {}
|
||||
smm:
|
||||
enabled: true
|
||||
firmware:
|
||||
bootloader:
|
||||
efi: {}
|
||||
devices:
|
||||
rng: {}
|
||||
networkInterfaceMultiqueue: true
|
||||
interfaces:
|
||||
- name: default
|
||||
masquerade: {}
|
||||
ports:
|
||||
- port: 8080
|
||||
- port: 443
|
||||
- port: 22
|
||||
- port: 3389
|
||||
disks:
|
||||
- disk:
|
||||
bus: sata
|
||||
name: rootdisk
|
||||
- disk:
|
||||
bus: sata
|
||||
name: datadisk
|
||||
# - disk:
|
||||
# bus: scsi
|
||||
# name: cloudinitdisk
|
||||
resources:
|
||||
requests:
|
||||
memory: 8Gi
|
||||
cpu: 4
|
||||
limits:
|
||||
memory: 8Gi
|
||||
cpu: 4
|
||||
networks:
|
||||
- name: default
|
||||
pod: {}
|
||||
terminationGracePeriodSeconds: 180
|
||||
volumes:
|
||||
- name: rootdisk
|
||||
dataVolume:
|
||||
name: windows-rootdisk
|
||||
- name: datadisk
|
||||
persistentVolumeClaim:
|
||||
claimName: windows-vm-datadisk
|
||||
#- name: cloudinitdisk
|
||||
# cloudInitNoCloud:
|
||||
# secretRef:
|
||||
# name: windows-cloud-init
|
||||
Loading…
Add table
Add a link
Reference in a new issue