From 51b12bd5c569e1d0e87b8aed7358174bf6452ada Mon Sep 17 00:00:00 2001 From: "Sm, Hemanthkumar" Date: Tue, 5 Aug 2025 04:01:23 +0000 Subject: [PATCH] TC with VM ingress sample --- .../container_images/ubuntu22-vm/Dockerfile | 4 + .../container_images/ubuntu22-vm/Makefile | 3 + .../tc_with_vm/deployment-package/app.yaml | 37 ++ .../tc_with_vm/deployment-package/dp.yaml | 32 + .../deployment-package/values-httpbin-tc.yaml | 17 + .../values-ubuntu22-nginx-vm.yaml | 497 ++++++++++++++ .../tc_with_vm/helm/kubevirt-vm/Chart.lock | 6 + .../tc_with_vm/helm/kubevirt-vm/Chart.yaml | 16 + .../tc_with_vm/helm/kubevirt-vm/Disks.md | 116 ++++ .../tc_with_vm/helm/kubevirt-vm/README.md | 119 ++++ .../helm/kubevirt-vm/apt-sources.list | 4 + .../kubevirt-vm/charts/cloud-init/.helmignore | 23 + .../kubevirt-vm/charts/cloud-init/Chart.yaml | 7 + .../charts/cloud-init/Compatability.md | 90 +++ .../kubevirt-vm/charts/cloud-init/Dockerfile | 25 + .../kubevirt-vm/charts/cloud-init/README.md | 49 ++ .../example-admin-password-secret.yaml | 8 + .../cloud-init/example-wireguard-secret.yaml | 8 + .../charts/cloud-init/scripts/optimize.sh | 129 ++++ .../charts/cloud-init/templates/_helpers.tpl | 62 ++ .../templates/cluster-role-binding.yaml | 17 + .../cloud-init/templates/cluster-role.yaml | 13 + .../cloud-init/templates/configmap.yaml | 106 +++ .../charts/cloud-init/templates/job.yaml | 100 +++ .../cloud-init/templates/password-secret.yaml | 17 + .../templates/script-configmap.yaml | 13 + .../cloud-init/templates/service-account.yaml | 11 + .../kubevirt-vm/charts/cloud-init/values.yaml | 206 ++++++ .../helm/kubevirt-vm/templates/_helpers.tpl | 62 ++ .../templates/cloud-init-secret.yaml | 73 +++ .../kubevirt-vm/templates/datavolume.yaml | 59 ++ .../kubevirt-vm/templates/global-network.yaml | 26 + .../helm/kubevirt-vm/templates/hpa.yaml | 42 ++ .../helm/kubevirt-vm/templates/ingress.yaml | 28 + .../templates/kubevirt-machine-template.yaml | 274 ++++++++ .../kubevirt-vm/templates/network-policy.yaml | 34 + .../helm/kubevirt-vm/templates/service.yaml | 31 + .../kubevirt-vm/templates/virtualmachine.yaml | 268 ++++++++ .../templates/virtualmachinepool.yaml | 281 ++++++++ .../tc_with_vm/helm/kubevirt-vm/values.yaml | 611 ++++++++++++++++++ .../helm/kubevirt-vm/win-values.yaml | 176 +++++ 41 files changed, 3700 insertions(+) create mode 100644 samples/networking/ingress/tc_with_vm/container_images/ubuntu22-vm/Dockerfile create mode 100644 samples/networking/ingress/tc_with_vm/container_images/ubuntu22-vm/Makefile create mode 100644 samples/networking/ingress/tc_with_vm/deployment-package/app.yaml create mode 100644 samples/networking/ingress/tc_with_vm/deployment-package/dp.yaml create mode 100644 samples/networking/ingress/tc_with_vm/deployment-package/values-httpbin-tc.yaml create mode 100644 samples/networking/ingress/tc_with_vm/deployment-package/values-ubuntu22-nginx-vm.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Chart.lock create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Chart.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Disks.md create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/README.md create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/apt-sources.list create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/.helmignore create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Chart.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Compatability.md create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Dockerfile create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/README.md create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/example-admin-password-secret.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/example-wireguard-secret.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/scripts/optimize.sh create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/_helpers.tpl create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/cluster-role-binding.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/cluster-role.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/configmap.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/job.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/password-secret.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/script-configmap.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/service-account.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/values.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/_helpers.tpl create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/cloud-init-secret.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/datavolume.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/global-network.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/hpa.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/ingress.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/kubevirt-machine-template.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/network-policy.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/service.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/virtualmachine.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/virtualmachinepool.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/values.yaml create mode 100644 samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/win-values.yaml diff --git a/samples/networking/ingress/tc_with_vm/container_images/ubuntu22-vm/Dockerfile b/samples/networking/ingress/tc_with_vm/container_images/ubuntu22-vm/Dockerfile new file mode 100644 index 00000000..e000598d --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/container_images/ubuntu22-vm/Dockerfile @@ -0,0 +1,4 @@ +FROM scratch + +# Download Ubuntu 22.04 cloud image +ADD https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img /disk/ \ No newline at end of file diff --git a/samples/networking/ingress/tc_with_vm/container_images/ubuntu22-vm/Makefile b/samples/networking/ingress/tc_with_vm/container_images/ubuntu22-vm/Makefile new file mode 100644 index 00000000..c28a4680 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/container_images/ubuntu22-vm/Makefile @@ -0,0 +1,3 @@ +.PHONY: all +all: + docker build -t ubuntu22:0.0.1 . \ No newline at end of file diff --git a/samples/networking/ingress/tc_with_vm/deployment-package/app.yaml b/samples/networking/ingress/tc_with_vm/deployment-package/app.yaml new file mode 100644 index 00000000..3bd9d218 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/deployment-package/app.yaml @@ -0,0 +1,37 @@ +# SPDX-FileCopyrightText: 2025 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +--- +specSchema: "Application" +schemaVersion: "0.1" +$schema: "https://schema.intel.com/catalog.orchestrator/0.1/schema" + +name: httpbin-tc +version: 0.1.6 +description: "Helm chart to install httpbingo.org on Kubernetes." +displayName: "HttpBin Go" + +helmRegistry: "harbor-helm-oci" +chartName: "httpbin" +chartVersion: "0.1.6" + +profiles: + - name: "default" + valuesFileName: "values-httpbin-tc.yaml" +--- +specSchema: "Application" +schemaVersion: "0.1" +$schema: "https://schema.intel.com/catalog.orchestrator/0.1/schema" + +name: "ubuntu22-nginx-vm" +version: 0.1.0 +description: "A demo VM running nginx in Ubuntu 22.04" + +imageRegistry: "harbor-docker-oci" +helmRegistry: "harbor-helm-oci" +chartName: "kubevirt-vm" +chartVersion: "0.4.18" + +profiles: + - name: "default" + valuesFileName: "values-ubuntu22-nginx-vm.yaml" \ No newline at end of file diff --git a/samples/networking/ingress/tc_with_vm/deployment-package/dp.yaml b/samples/networking/ingress/tc_with_vm/deployment-package/dp.yaml new file mode 100644 index 00000000..3bb4466f --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/deployment-package/dp.yaml @@ -0,0 +1,32 @@ +# SPDX-FileCopyrightText: 2025 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +--- +specSchema: "DeploymentPackage" +schemaVersion: "0.1" +$schema: "https://schema.intel.com/catalog.orchestrator/0.1/schema" + +name: "tc-with-vm-ingress" +displayName: "TC with VM Ingress" +description: "Deployment package for TC with VM Ingress sample" +version: "0.1.0" + + +applications: + - name: "ubuntu22-nginx-vm" + version: 0.1.0 + - name: "httpbin-tc" + version: 0.1.6 + +defaultNamespaces: + "httpbin-tc": "httpbin-tc" + "ubuntu22-nginx-vm": "ubuntu22-nginx-vm" + +deploymentProfiles: + - name: "default" + applicationProfiles: + - application: "httpbin-tc" + profile: "default" + - application: "ubuntu22-nginx-vm" + profile: "default" diff --git a/samples/networking/ingress/tc_with_vm/deployment-package/values-httpbin-tc.yaml b/samples/networking/ingress/tc_with_vm/deployment-package/values-httpbin-tc.yaml new file mode 100644 index 00000000..0d0046f3 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/deployment-package/values-httpbin-tc.yaml @@ -0,0 +1,17 @@ +# SPDX-FileCopyrightText: (C) 2025 Intel Corporation +# SPDX-License-Identifier: BSD-3-Clause +# +--- +fullnameOverride: httpbin + +runtimeClassName: kata-qemu + +service: + # -- Service type + type: LoadBalancer + # -- Service port + port: 8080 + + # -- Service annotations + annotations: + service-proxy.app.orchestrator.io/ports: "8080" diff --git a/samples/networking/ingress/tc_with_vm/deployment-package/values-ubuntu22-nginx-vm.yaml b/samples/networking/ingress/tc_with_vm/deployment-package/values-ubuntu22-nginx-vm.yaml new file mode 100644 index 00000000..efcedc47 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/deployment-package/values-ubuntu22-nginx-vm.yaml @@ -0,0 +1,497 @@ +# SPDX-FileCopyrightText: 2025 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +--- +virtualMachine: + # -- name of the virtualMachine or virtualMachinePool object + name: ubuntu22-vm + + namespace: ubuntu22-vm + # -- Create the VM as a KubevirtMachineTemplate for use with Cluster API + # Does not support VM Pools + capiMachineTemplate: false + + # -- One of 'Always' `RerunOnFailure` `Manual` `Halted` `Once` + # See: https://kubevirt.io/user-guide/compute/run_strategies/#runstrategy + runStrategy: "Always" + + features: + # -- Enable KVM acceleration. + # Setting the 'hidden' flag to `true` will obscure kvm from the host. + # Set `hidden` to `false` when using vGPU in Windows Guests. + kvm: + enabled: true + hidden: false + + # -- Set default hyperv settings for windows guests + hyperv: false + + # Enable ACPI platform event device + acpiEnabled: true + + # -- Make pod network interface the default for the VM + autoattachPodInterface: true + + # -- Attach a serial console device + autoattachSerialConsole: true + + # -- Attach a basic graphics device for VNC access + autoattachGraphicsDevice: true + + # -- Enhances network performance by allowing multiple TX and RX queues. + networkInterfaceMultiqueue: true + + # -- Options for machine clock + clock: + enabled: true + + # -- Set clock timezone eg: "Europe/Amsterdam" or "utc" + timezone: utc + + # -- High Precision Event Timer + hpet: + enabled: true + present: false + + # -- Programmable interval timer + pit: + enabled: true + tickPolicy: delay + + # -- Real-Time Clock + rtc: + enabled: true + tickPolicy: catchup + + # -- Paravirtualized clock that provides better accuracy and performance. + # Recommended clock source for KVM guest virtual machines. + kvm: true + + # -- Hyper-V's reference time counter for use with Windows guests. + hyperv: false + + firmware: + # Enable System Management Mode (required for secureboot) + smmEnabled: false + + # -- Enable EFI bios and secureboot + efi: + enabled: true + secureBoot: false + uuid: 5d307ca9-b3ef-428c-8861-06e72d69f223 + + + machine: + # -- If a Pod cannot be scheduled, lower priorityClass Pods will be evicted + priorityClassName: kubevirt-cluster-critical + + # -- Define CPU, RAM, GPU, HostDevice settings for VMs. + # Overrides: vCores, memory, gpus + instancetype: + enabled: false + name: standard-small + kind: virtualMachineClusterInstancetype + + # -- System Arch. Supported options are amd64 and arm64 + architecture: amd64 + + # -- QEMU virtual-machine type. Options are q35 and i440fx + machineType: q35 + + # -- Specify hots-passthrough or a named cpu model + # https://www.qemu.org/docs/master/system/qemu-cpu-models.html + cpuModel: host-model + + # -- Number of simulated CPU sockets. + # Note: Multiple cpu-bound microbenchmarks show a significant + # performance advantage when using sockets instead of cores + # Does not work with some cpuManagerPolicy options. + sockets: 1 + + # -- Number of Virtual cores to pass to the Guest + # ignored when instancetype is defined + vCores: 2 + + # -- Enable simulation of Hyperthre ading on Intel CPUs or SMT AMD CPUs. + threads: 1 + + # -- Pin QEMU process threads to specific physical cores + # Requires `--cpu-manager-policy` enabled in kubelet + pinCores: true + + # -- In order to enhance the real-time support in KubeVirt and provide + # improved latency, KubeVirt will allocate an additional dedicated CPU, + # exclusively for the emulator thread, to which it will be pinned. + # Requires `dedicatedCpuPlacement` set to `true` + emulatorThread: false + + # -- Amount of RAM to pass to the Guest. Ignored when instancetype is defined + memory: + base: 2Gi + overcommit: + # -- Enable memory overcommitment. Tells VM it has more RAM than requested. + # VMI becomes Burtable QOS class and may be preempted when node is under memory pressure. + # GPU passthrough and vGPU will not function with overcommit enabled. + enabled: false + limit: 4Gi + + # -- Do not allocate hypervisor overhead memory to VM. Will work for as + # long as most of the VirtualMachineInstances do not request the full memory. + overhead: false + + # -- GPUs to pass to guest, requires that the GPUs are pre-configured in the + # kubevirt custom resource. ignored when instancetype is defined. + # ramFB & display may only be enabled on 1 vGPU + gpus: [] + # - name: gpu0 + # deviceName: nvidia.com/GRID_RTX6000-4Q + # virtualGPUOptions: + # display: + # enabled: true + # ramFB: + # enabled: true + + + # -- virtual network interface config options. + # See: https://kubevirt.io/user-guide/network/interfaces_and_networks/#interfaces + interfaces: + # -- bridge mode, vms are connected to the network via a linux "bridge". + # Pod network IP is delegated to vm via DHCPv4. VM must use DHCP for an IP + - masquerade: {} + name: default + model: virtio + + networks: + # Use the default pod network + - name: default + pod: {} + +######################### +# Create a Virtual Machine Pool +# Vm pools should be used with ephemeral disks or containerdisks +# otherwise they would all fight over the same PVC. +virtualMachinePool: + enabled: false + + # -- number of replicas to create. Ignored when hpa is set to 'true' + replicas: 2 + hpa: + enabled: true + maxReplicas: 5 + minReplicas: 1 + +# -- controls hypervisor behavior when I/O errors occur on disk read or write. +# Possible values are: 'report', 'ignore', 'enospace' +diskErrorPolicy: "report" + +# -- List of disks to create for the VM, Will be used to create Datavolumes or PVCs. +disks: + ################################################# + # DataVolume disk with URL source example + ################################################# + # - name: harddrive + # -- Disk type: disk, cdrom, filesystem, or lun + # type: disk + # -- Bus type: sata or virtio + # bus: virtio + # -- Sets disk position in boot order, lower numbers are checked earlier + # bootorder: 2 + # -- Set disk to be Read-only + # readonly: false + # -- Size of disk in GB + # pvsize: 16Gi + # -- Storage class to use for the pvc + # pvstorageClassName: fast-raid + # -- Access mode for the PVC + # pvaccessMode: ReadWriteOnce + # -- source type of the disk image. One of `url`, `pvc` + # source: url + # -- URL of cloud-image + # url: "https://buildstars.online/debian-12-generic-amd64-daily.qcow2" + + ######################################################### + # Ephemeral disk example + # no persistance, these are deleted after the VM exits + # requires an existing PVC as a backing file. + # Performance degrades at liarge sizes (100G+) + ######################################################### + # - name: harddrive + # type: disk + # bus: virtio + # bootorder: 2 + # readonly: false + # pvc: debian12 + # ephemeral: true + + ######################################################## + # DataVolume disk with existing PVC source example + ######################################################## + # - name: harddrive + # type: disk + # bus: virtio + # bootorder: 2 + # readonly: false + # pvsize: 64G + # pvstorageClassName: local-path + # nodePlacement: scremlin + # pvaccessMode: ReadWriteOnce + # source: pvc + # pvcnamespace: kubevirt + # pvcname: debian12 + + ########################################################## + # ISO live-image example + ########################################################## + # - name: iso + # type: cdrom + # bus: sata + # bootorder: 1 + # readonly: true + # pvsize: 8G + # pvstorageClassName: local-path + # nodePlacement: node0 + # pvaccessMode: ReadWriteOnce + # source: "https://www.itechtics.com/?dl_id=173" + + ########################################################## + # Empty PVC as disk example + ########################################################## + # - name: harddrive + # type: disk + # bus: virtio + # bootorder: 2 + # readonly: false + # pvsize: 32G + # pvstorageClassName: local-path + # nodePlacement: node0 + # pvaccessMode: ReadWriteOnce + + ########################################################## + # Container Disk Example + ########################################################## + - name: ubuntu22-disk + type: disk + bus: virtio + bootorder: 3 + readonly: false + image: "%ImageRegistryURL%/ubuntu22:0.0.1" + imagePullSecret: "%GeneratedDockerCredential%" +########################################################### +# Local Disk example +# Not working, will have to open a ticket +# disks need to be owned by 107:messagebus +# disks cannot be mounted, file systems unidentifiable +########################################################### +# - name: localfile +# type: hostDisk +# # -- Enter a capacity amount to create a new disk +# # otherwise expects an existing disk +# capacity: 500G +# path: /mnt/raid1/hdd2.img + +########################################################### +# ConfigMap example +# Attach a configmap to VM as an ISO disk or FileSystem +# Must be mounted via cloud init +# see https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-disk and +# https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-filesystem +# +# Configmaps may also specify the volumeLable field which informs the guest OS +# of the disk name. Useful for windows vms. +########################################################### +# - name: my-configmap +# type: configmap +# volumeLabel: cfgdata +# method: disk +# bootorder: 3 +# readonly: true +# configMap: my-configmap +# serialNumber: CVLY623300HK240D + +########################################################### +# ConfigMap example +# Attach a configmap to VM as an ISO disk or FileSystem +# Must be mounted via cloud init +# see https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-disk and +# https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-filesystem +########################################################### +# - name: my-secret +# type: secret +# method: disk +# bootorder: 3 +# readonly: true +# secretName: test +# serialNumber: CVLY623300HK240D + +# -- Use an existing cloud-init userdata secret +# ignored if cloudinit subchart is enabled. +userDataSecret: + enabled: false + name: "" + +# -- Enable or disable usage of cloud-init sub-chart +cloudinit: + enabled: true + + # Not all cloud-init modules are currently supported + # https://cloudinit.readthedocs.io/en/latest/reference/modules.html + + # -- name of secret in which to save the user-data file + secret_name: test-scrapmetal-user-data + + # -- image version + image: deserializeme/kv-cloud-init:v0.0.1 + + # -- Choose weather to create a service-account or not. Once a SA has been created + # you should set this to false on subsequent runs. + serviceAccount: + create: true + name: cloud-init-sa + # Ignored is `create` set to true + existingServiceAccountName: "cloud-init-sa" + + # -- Set up mount points. mounts contains a list of lists. + # The inner list contains entries for an /etc/fstab line + mounts: [] + + # -- creates a swap file using human-readable values. + swap: + enabled: false + filename: /swapfile + size: 1G + maxsize: 1G + + disk_setup: {} + # -- The name of the device. + # - name: /dev/vdb + # # -- This is a list of values, with the percentage of disk that + # # the partition will take. When layout is “true”, it instructs cloud-init + # # to single-partition the entire device. When layout is “false” it means + # # “don’t partition” or “ignore existing partitioning”. + # layout: true + # -- “false” is the default which means that the device will be checked for + # # a partition table and/or filesystem. “true” is cowboy mode, no checks. + # overwrite: false + # # -- Supported options ate `gpt` and `mbr` + # table_type: 'gpt' + + fs_setup: [] + # -- The device name. + # - device: /dev/vdb + # # -- The filesystem type. Supports ext{2,3,4} and vfat + # filesystem: ext4 + # # -- The filesystem label to be used. If set to “None”, no label is used. + # label: None + # # -- Options are `auto|any`, `auto`, or `any` + # partition: 'auto|any' + + # -- Dont recreate script configmap. Set to true when keeping multiple + # cloud-init secrets in the same namespace + existingConfigMap: false + + # -- Run envsubst against bootcmd and runcmd fields at the beginning of templating + # Not an official part of cloid-init + envsubst: false + + extraEnvVars: [] + # - name: VNC_PASS + # valueFrom: + # secretKeyRef: + # name: test-password + # key: "password" + + # -- virtual-machine hostname + hostname: test + + # -- namespace in which to create resources + namespace: ubuntu22-vm + + # -- Disable root login over ssh + disable_root: false + + # -- when enabled job sleeps to allow user to exec into the container + debug: false + + # -- salt used for password generation + salt: "saltsaltlettuce" + + # -- networking options + network: + # -- disable cloud-init’s network configuration capability and rely on + # other methods such as embedded configuration or other customisations. + config: disabled + + # -- add wireguard configuration from existing secret or as plain-text + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#wireguard + wireguard: [] + # interfaces: + # - name: wg0 + # config_path: /etc/wireguard/wg0.conf + # existingSecret: + # name: wg0-credentials + # key: wg0.conf + + # -- user configuration options + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#users-and-groups + # do NOT use 'admin' as username - it conflicts with multiele cloud-images + users: + - name: test + groups: users, admin, docker, sudo, kvm + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + lock_passwd: false + + # -- set user password from existing secret or generate random + password: + random: true + # random: false + # existingSecret: + # name: admin-password + # key: password + + # -- import user ssh public keys from github, gitlab, or launchpad + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ssh + ssh_import_id: [] + + # -- provider user ssh pub key as plaintext + ssh_authorized_keys: [] + + # -- Add CA certificates + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ca-certificates + ca_certs: [] + # remove_defaults: true + # trusted: + # - certificate + + # -- Run arbitrary commands early in the boot process + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#bootcmd + boot_cmd: [] + + # -- Write arbitrary files to disk. + # Files my be provided as plain-text or downloaded from a url + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#write-files + write_files: [] + + # -- Update, upgrade, and install packages + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#package-update-upgrade-install + package_reboot_if_required: false + package_update: true + package_upgrade: false + packages: + - docker.io + + # -- Run arbitrary commands + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#runcmd + runcmd: [] + - docker run -d -p 8080:80 nginx + +# -- Service cinfiguration. Used to expose VM to the outside world. +# Accepts a list of ports to open. +service: + - name: nginx-service + type: LoadBalancer + ports: + - name: "test-port" + port: "8080" + targetPort: "8080" + protocol: "TCP" diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Chart.lock b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Chart.lock new file mode 100644 index 00000000..de8d20a7 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cloud-init + repository: https://cloudymax.github.io/kubevirt-community-stack + version: 0.2.13 +digest: sha256:449360d2de272401b858bcad13890678d0622e5b7e077f9ce0c98d9963401ce8 +generated: "2025-04-02T19:42:29.103359781Z" diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Chart.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Chart.yaml new file mode 100644 index 00000000..881ee71f --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +appVersion: 0.1.1 +dependencies: +- alias: cloudinit + condition: cloudinit.enabled + name: cloud-init + repository: https://cloudymax.github.io/kubevirt-community-stack + version: 0.2.13 +description: Configure a virtual machine for use with Kubevirt +maintainers: +- email: emax@cloudydev.net + name: cloudymax + url: https://github.com/cloudymax/ +name: kubevirt-vm +type: application +version: 0.4.18 diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Disks.md b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Disks.md new file mode 100644 index 00000000..52696a47 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/Disks.md @@ -0,0 +1,116 @@ +### Cloud-init no-cloud + +Holds your user-data file. Must be the first boot device + +```yaml +- name: cloudinitvolume + type: cdrom + bus: sata + readonly: true + bootorder: 1 + pv-enable: false +``` + +### DataVolume disk with URL source example + +```yaml +- name: harddrive + type: disk + bus: virtio + bootorder: 2 + readonly: false + pvsize: 32G + pvstorageClass: local-path + pvaccessMode: ReadWriteOnce + source: url + url: "https://cloud.debian.org/images/cloud/bookworm/daily/latest/debian-12-generic-amd64-daily.qcow2" +``` + +### DataVolume disk with existing PVC source example + +```yaml +- name: harddrive + type: disk + bus: virtio + bootorder: 2 + readonly: false + pvsize: 32G + pvstorageClassName: local-path + nodePlacement: node0 + pvaccessMode: ReadWriteOnce + source: pvc + pvcnamespace: default + pvcname: debian12 +``` + +### ISO live-image example + +```yaml +- name: iso + type: cdrom + bus: sata + bootorder: 1 + readonly: true + pvsize: 8G + pvstorageClassName: local-path + nodePlacement: node0 + pvaccessMode: ReadWriteOnce + source: "https://www.itechtics.com/?dl_id=173" +``` + +### Empty PVC as disk example + +```yaml +- name: harddrive + type: disk + bus: virtio + bootorder: 2 + readonly: false + pvsize: 32G + pvstorageClassName: local-path + nodePlacement: node0 + pvaccessMode: ReadWriteOnce +``` + +### Container Disk Example + +```yaml +- name: virtio-drivers + type: cdrom + bus: sata + bootorder: 3 + readonly: true + image: "quay.io/kubevirt/virtio-container-disk:v1.0.0-rc.1-amd64" +``` + +### Ephemeral disk example + +No persistance, these are deleted after the VM exists. Requires an existing PVC as a backing file + +```yaml +- name: harddrive + type: disk + bus: virtio + bootorder: 2 + readonly: false + pvc: debian12 + ephemeral: true +``` + +#WW Local Disk example + +Not working, will have to open a ticket about error: +> disks need to be owned by 107:messagebus disks cannot be mounted, file systems unidentifiable + +```yaml +- name: localfile + type: hostDisk + # -- Enter a capacity amount to create a new disk + # otherwise expects an existing disk + capacity: 500G + path: /mnt/raid1/hdd2.img +``` + + + + diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/README.md b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/README.md new file mode 100644 index 00000000..fd788f70 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/README.md @@ -0,0 +1,119 @@ +# kubevirt-vm + +![Version: 0.4.15](https://img.shields.io/badge/Version-0.4.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +Configure a virtual machine for use with Kubevirt + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| cloudymax | | | + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://cloudymax.github.io/kubevirt-community-stack | cloudinit(cloud-init) | 0.2.13 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cloudinit | object | `{"boot_cmd":[],"ca_certs":[],"debug":false,"disable_root":false,"disk_setup":{},"enabled":true,"envsubst":false,"existingConfigMap":false,"extraEnvVars":[],"fs_setup":[],"hostname":"test","image":"deserializeme/kv-cloud-init:v0.0.1","mounts":[],"namespace":"kubevirt","network":{"config":"disabled"},"package_reboot_if_required":false,"package_update":true,"package_upgrade":false,"packages":[],"runcmd":[],"salt":"saltsaltlettuce","secret_name":"test-scrapmetal-user-data","serviceAccount":{"create":true,"existingServiceAccountName":"cloud-init-sa","name":"cloud-init-sa"},"swap":{"enabled":false,"filename":"/swapfile","maxsize":"1G","size":"1G"},"users":[{"groups":"users, admin, docker, sudo, kvm","lock_passwd":false,"name":"test","password":{"random":true},"shell":"/bin/bash","ssh_authorized_keys":[],"ssh_import_id":[],"sudo":"ALL=(ALL) NOPASSWD:ALL"}],"wireguard":[],"write_files":[]}` | Enable or disable usage of cloud-init sub-chart | +| cloudinit.boot_cmd | list | `[]` | Run arbitrary commands early in the boot process See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#bootcmd | +| cloudinit.ca_certs | list | `[]` | Add CA certificates See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ca-certificates | +| cloudinit.debug | bool | `false` | when enabled job sleeps to allow user to exec into the container | +| cloudinit.disable_root | bool | `false` | Disable root login over ssh | +| cloudinit.envsubst | bool | `false` | Run envsubst against bootcmd and runcmd fields at the beginning of templating Not an official part of cloid-init | +| cloudinit.existingConfigMap | bool | `false` | Dont recreate script configmap. Set to true when keeping multiple cloud-init secrets in the same namespace | +| cloudinit.hostname | string | `"test"` | virtual-machine hostname | +| cloudinit.image | string | `"deserializeme/kv-cloud-init:v0.0.1"` | image version | +| cloudinit.mounts | list | `[]` | Set up mount points. mounts contains a list of lists. The inner list contains entries for an /etc/fstab line | +| cloudinit.namespace | string | `"kubevirt"` | namespace in which to create resources | +| cloudinit.network | object | `{"config":"disabled"}` | networking options | +| cloudinit.network.config | string | `"disabled"` | disable cloud-init’s network configuration capability and rely on other methods such as embedded configuration or other customisations. | +| cloudinit.package_reboot_if_required | bool | `false` | Update, upgrade, and install packages See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#package-update-upgrade-install | +| cloudinit.runcmd | list | `[]` | Run arbitrary commands See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#runcmd | +| cloudinit.salt | string | `"saltsaltlettuce"` | salt used for password generation | +| cloudinit.secret_name | string | `"test-scrapmetal-user-data"` | name of secret in which to save the user-data file | +| cloudinit.serviceAccount | object | `{"create":true,"existingServiceAccountName":"cloud-init-sa","name":"cloud-init-sa"}` | Choose weather to create a service-account or not. Once a SA has been created you should set this to false on subsequent runs. | +| cloudinit.swap | object | `{"enabled":false,"filename":"/swapfile","maxsize":"1G","size":"1G"}` | creates a swap file using human-readable values. | +| cloudinit.users | list | `[{"groups":"users, admin, docker, sudo, kvm","lock_passwd":false,"name":"test","password":{"random":true},"shell":"/bin/bash","ssh_authorized_keys":[],"ssh_import_id":[],"sudo":"ALL=(ALL) NOPASSWD:ALL"}]` | user configuration options See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#users-and-groups do NOT use 'admin' as username - it conflicts with multiele cloud-images | +| cloudinit.users[0].password | object | `{"random":true}` | set user password from existing secret or generate random | +| cloudinit.users[0].ssh_authorized_keys | list | `[]` | provider user ssh pub key as plaintext | +| cloudinit.users[0].ssh_import_id | list | `[]` | import user ssh public keys from github, gitlab, or launchpad See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ssh | +| cloudinit.wireguard | list | `[]` | add wireguard configuration from existing secret or as plain-text See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#wireguard | +| cloudinit.write_files | list | `[]` | Write arbitrary files to disk. Files my be provided as plain-text or downloaded from a url See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#write-files | +| diskErrorPolicy | string | `"report"` | controls hypervisor behavior when I/O errors occur on disk read or write. Possible values are: 'report', 'ignore', 'enospace' | +| disks | list | `[{"bootorder":2,"bus":"virtio","name":"harddrive","pvaccessMode":"ReadWriteOnce","pvsize":"16Gi","pvstorageClassName":"fast-raid","readonly":false,"source":"url","type":"disk","url":"https://buildstars.online/debian-12-generic-amd64-daily.qcow2"}]` | List of disks to create for the VM, Will be used to create Datavolumes or PVCs. | +| disks[0].bootorder | int | `2` | Sets disk position in boot order, lower numbers are checked earlier | +| disks[0].bus | string | `"virtio"` | Bus type: sata or virtio | +| disks[0].pvaccessMode | string | `"ReadWriteOnce"` | Access mode for the PVC | +| disks[0].pvsize | string | `"16Gi"` | Size of disk in GB | +| disks[0].pvstorageClassName | string | `"fast-raid"` | Storage class to use for the pvc | +| disks[0].readonly | bool | `false` | Set disk to be Read-only | +| disks[0].source | string | `"url"` | source type of the disk image. One of `url`, `pvc` | +| disks[0].type | string | `"disk"` | Disk type: disk, cdrom, filesystem, or lun | +| disks[0].url | string | `"https://buildstars.online/debian-12-generic-amd64-daily.qcow2"` | URL of cloud-image | +| ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hostname":"novnc.buildstar.online","tls":[]}` | Ingress configuration | +| networkPolicy.egress[0].ports[0].port | int | `53` | | +| networkPolicy.egress[0].ports[0].protocol | string | `"UDP"` | | +| networkPolicy.egress[0].to[0].namespaceSelector.matchLabels."kubernetes.io/metadata.name" | string | `"kube-system"` | | +| networkPolicy.egress[0].to[1].podSelector.matchLabels.k8s-app | string | `"kube-dns"` | | +| networkPolicy.egress[1].to[0].ipBlock.cidr | string | `"0.0.0.0/0"` | | +| networkPolicy.egress[1].to[0].ipBlock.except[0] | string | `"10.0.0.0/8"` | | +| networkPolicy.egress[1].to[0].ipBlock.except[1] | string | `"172.16.0.0/12"` | | +| networkPolicy.egress[1].to[0].ipBlock.except[2] | string | `"192.168.0.0/16"` | | +| networkPolicy.enabled | bool | `false` | Enable the creation of network policies | +| networkPolicy.ingress[0].from[0].namespaceSelector.matchLabels."kubernetes.io/metadata.name" | string | `"ingress-nginx"` | | +| networkPolicy.ingress[0].from[1].podSelector.matchLabels."app.kubernetes.io/name" | string | `"ingress-nginx"` | | +| service | list | `[{"externalTrafficPolicy":"Cluster","name":"test-service","ports":[{"name":"nginx","port":8080,"protocol":"TCP","targetPort":8080}],"type":"NodePort"}]` | Service cinfiguration. Used to expose VM to the outside world. Accepts a list of ports to open. | +| userDataSecret | object | `{"enabled":false,"name":""}` | Use an existing cloud-init userdata secret ignored if cloudinit subchart is enabled. | +| virtualMachine.capiMachineTemplate | bool | `false` | Create the VM as a KubevirtMachineTemplate for use with Cluster API Does not support VM Pools | +| virtualMachine.clock | object | `{"enabled":true,"hpet":{"enabled":true,"present":false},"hyperv":false,"kvm":true,"pit":{"enabled":true,"tickPolicy":"delay"},"rtc":{"enabled":true,"tickPolicy":"catchup"},"timezone":"utc"}` | Options for machine clock | +| virtualMachine.clock.hpet | object | `{"enabled":true,"present":false}` | High Precision Event Timer | +| virtualMachine.clock.hyperv | bool | `false` | Hyper-V's reference time counter for use with Windows guests. | +| virtualMachine.clock.kvm | bool | `true` | Paravirtualized clock that provides better accuracy and performance. Recommended clock source for KVM guest virtual machines. | +| virtualMachine.clock.pit | object | `{"enabled":true,"tickPolicy":"delay"}` | Programmable interval timer | +| virtualMachine.clock.rtc | object | `{"enabled":true,"tickPolicy":"catchup"}` | Real-Time Clock | +| virtualMachine.clock.timezone | string | `"utc"` | Set clock timezone eg: "Europe/Amsterdam" or "utc" | +| virtualMachine.features.acpiEnabled | bool | `true` | | +| virtualMachine.features.autoattachGraphicsDevice | bool | `true` | Attach a basic graphics device for VNC access | +| virtualMachine.features.autoattachPodInterface | bool | `true` | Make pod network interface the default for the VM | +| virtualMachine.features.autoattachSerialConsole | bool | `true` | Attach a serial console device | +| virtualMachine.features.hyperv | bool | `false` | | +| virtualMachine.features.kvm | object | `{"enabled":true,"hidden":false}` | Enable KVM acceleration. Setting the 'hidden' flag to `true` will obscure kvm from the host. Set `hidden` to `false` when using vGPU in Windows Guests. | +| virtualMachine.features.networkInterfaceMultiqueue | bool | `true` | Enhances network performance by allowing multiple TX and RX queues. | +| virtualMachine.firmware.efi | object | `{"enabled":true,"secureBoot":false}` | Enable EFI bios and secureboot | +| virtualMachine.firmware.smmEnabled | bool | `false` | | +| virtualMachine.firmware.uuid | string | `"5d307ca9-b3ef-428c-8861-06e72d69f223"` | | +| virtualMachine.gpus | list | `[]` | GPUs to pass to guest, requires that the GPUs are pre-configured in the kubevirt custom resource. ignored when instancetype is defined. ramFB & display may only be enabled on 1 vGPU | +| virtualMachine.interfaces | list | `[{"masquerade":{},"model":"virtio","name":"default"}]` | virtual network interface config options. See: https://kubevirt.io/user-guide/network/interfaces_and_networks/#interfaces | +| virtualMachine.interfaces[0] | object | `{"masquerade":{},"model":"virtio","name":"default"}` | bridge mode, vms are connected to the network via a linux "bridge". Pod network IP is delegated to vm via DHCPv4. VM must use DHCP for an IP | +| virtualMachine.machine.architecture | string | `"amd64"` | System Arch. Supported options are amd64 and arm64 | +| virtualMachine.machine.cpuModel | string | `"host-passthrough"` | Specify hots-passthrough or a named cpu model https://www.qemu.org/docs/master/system/qemu-cpu-models.html | +| virtualMachine.machine.emulatorThread | bool | `false` | In order to enhance the real-time support in KubeVirt and provide improved latency, KubeVirt will allocate an additional dedicated CPU, exclusively for the emulator thread, to which it will be pinned. Requires `dedicatedCpuPlacement` set to `true` | +| virtualMachine.machine.instancetype | object | `{"enabled":false,"kind":"virtualMachineClusterInstancetype","name":"standard-small"}` | Define CPU, RAM, GPU, HostDevice settings for VMs. Overrides: vCores, memory, gpus | +| virtualMachine.machine.machineType | string | `"q35"` | QEMU virtual-machine type. Options are q35 and i440fx | +| virtualMachine.machine.memory | object | `{"base":"2Gi","overcommit":{"enabled":false,"limit":"4Gi","overhead":false}}` | Amount of RAM to pass to the Guest. Ignored when instancetype is defined | +| virtualMachine.machine.memory.overcommit.enabled | bool | `false` | Enable memory overcommitment. Tells VM it has more RAM than requested. VMI becomes Burtable QOS class and may be preempted when node is under memory pressure. GPU passthrough and vGPU will not function with overcommit enabled. | +| virtualMachine.machine.memory.overcommit.overhead | bool | `false` | Do not allocate hypervisor overhead memory to VM. Will work for as long as most of the VirtualMachineInstances do not request the full memory. | +| virtualMachine.machine.pinCores | bool | `true` | Pin QEMU process threads to specific physical cores Requires `--cpu-manager-policy` enabled in kubelet | +| virtualMachine.machine.priorityClassName | string | `"vm-standard"` | If a Pod cannot be scheduled, lower priorityClass Pods will be evicted | +| virtualMachine.machine.sockets | int | `1` | Number of simulated CPU sockets. Note: Multiple cpu-bound microbenchmarks show a significant performance advantage when using sockets instead of cores Does not work with some cpuManagerPolicy options. | +| virtualMachine.machine.threads | int | `1` | Enable simulation of Hyperthre ading on Intel CPUs or SMT AMD CPUs. | +| virtualMachine.machine.vCores | int | `2` | Number of Virtual cores to pass to the Guest ignored when instancetype is defined | +| virtualMachine.name | string | `"test"` | name of the virtualMachine or virtualMachinePool object | +| virtualMachine.namespace | string | `"kubevirt"` | namespace to deploy to | +| virtualMachine.networks[0].name | string | `"default"` | | +| virtualMachine.networks[0].pod | object | `{}` | | +| virtualMachine.runStrategy | string | `"Always"` | One of 'Always' `RerunOnFailure` `Manual` `Halted` `Once` See: https://kubevirt.io/user-guide/compute/run_strategies/#runstrategy | +| virtualMachinePool.enabled | bool | `false` | | +| virtualMachinePool.hpa.enabled | bool | `true` | | +| virtualMachinePool.hpa.maxReplicas | int | `5` | | +| virtualMachinePool.hpa.minReplicas | int | `1` | | +| virtualMachinePool.replicas | int | `2` | number of replicas to create. Ignored when hpa is set to 'true' | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/apt-sources.list b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/apt-sources.list new file mode 100644 index 00000000..3734c64c --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/apt-sources.list @@ -0,0 +1,4 @@ +deb-src http://deb.debian.org/debian/ bookworm main contrib non-free +deb http://security.debian.org/debian-security bookworm-security main contrib +deb-src http://security.debian.org/debian-security bookworm-security main contrib +deb http://deb.debian.org/debian/ bookworm main contrib non-free diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/.helmignore b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Chart.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Chart.yaml new file mode 100644 index 00000000..2f24c030 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +description: A Helm chart that generates cloud-init config files +maintainers: +- name: cloudymax +name: cloud-init +type: application +version: 0.2.13 diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Compatability.md b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Compatability.md new file mode 100644 index 00000000..384d1f85 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Compatability.md @@ -0,0 +1,90 @@ +## Operating Systems which Support Cloud-init + +Cloud-init is supported across a wide-range of OS's though I do not and cannot test all of them. +I only test on Ubuntu Server and Debian cloud-images. + +Below is a list of all distros Cloud-init says it supports: + +- AlmaLinux, Alpine Linux, AOSC OS, Arch Linux +- CentOS, CloudLinux, Container-Optimized OS +- Debian, DragonFlyBSD +- EuroLinux +- Fedora, FreeBSD +- Gentoo +- MarinerOS, MIRACLE LINUX +- NetBSD +- OpenBSD, openEuler, OpenCloudOS, OpenMandriva +- PhotonOS +- Red Hat Enterprise Linux, Rocky +- SLES/openSUSE +- TencentOS +- Ubuntu +- Virtuozzo + +## Module List + +Cloud-Init is module-based and now has a very large ecosystem of supported sofware, please be aware of the following: + 1. I do not aim to support all of them and only add the ones I need as I encounter a need for them. + 2. Some modules are redundant as their functionality can be fully or mostly replaced by using the `write_files` or `runcmd` modules. + 3. PRs are welcome but you must provide proof of testing until such a time as automated tests can be written. + + +|Module|Support Status| +|:--|:--| +|Ansible| desired | +|APK Configure| desired | +|⭐️Apt Configure| use write_files | +|Apt Pipelining| Desired | +|⭐️Bootcmd| supported | +|Byobu| not planned | +|CA Certificates| desired | +|Chef| not planned | +|Disable EC2 Instance Metadata Service| not planned | +|⭐️Disk Setup| supported | +|Fan| not planned | +|Final Message| desired | +|Growpart| desired | +|GRUB dpkg| not planned | +|Install Hotplug| not planned | +|⭐️Keyboard| use write_files | +|Keys to Console| desired | +|Landscape| not planned | +|⭐️Locale| use write_files | +|LXD| not planned | +|MCollective| not planned | +|⭐️Mounts| supported | +|⭐️NTP| use write_files | +|⭐️Package Update Upgrade Install| supported | +|Phone Home| desired | +|Power State Change| not planned | +|Puppet| not planned | +|Resizefs| desired | +|⭐️Resolv Conf| use write_files | +|Red Hat Subscription| not planned | +|Rsyslog| desired | +|⭐️Runcmd| supported | +|Salt Minion| not planned | +|⭐️Scripts Per Boot| use write_files | +|⭐️Scripts Per Instance| use write_files | +|⭐️Scripts Per Once| use write_files | +|⭐️Scripts User| use write_files | +|⭐️Scripts Vendor| use write_files | +|Seed Random| desired | +|⭐️Set Hostname| support setting hostname only | +|⭐️Set Passwords| supported in user configuration | +|⭐️Snap| use Runcmd | +|Spacewalk| not planned | +|⭐️SSH| basic support in user configuration| +|SSH AuthKey Fingerprints| not planned | +|⭐️SSH Import ID| supported in user configuration | +|⭐️Timezone| use write_files | +|Ubuntu Drivers| not planned | +|Ubuntu Autoinstall| not planned | +|Ubuntu Pro| not planned | +|⭐️Update Etc Hosts| use write_files | +|Update Hostname| not planned | +|⭐️Users and Groups| supported | +|⭐️Wireguard| supported | +|⭐️Write Files| supported | +|Yum Add Repo| not planned | +|Zypper Add Repo| not planned | diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Dockerfile b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Dockerfile new file mode 100644 index 00000000..905fb38b --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/Dockerfile @@ -0,0 +1,25 @@ +FROM debian:bookworm + +ENV NONINTERACTIVE=1 +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update \ + && apt-get install -y cloud-init \ + git \ + whois \ + gettext-base \ + wget \ + curl \ + apt-transport-https \ + ca-certificates \ + gnupg \ + bc + +RUN mkdir -p /etc/apt/keyrings +RUN curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg +RUN echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list +RUN chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg +RUN apt-get update && apt-get install -y kubectl + +RUN wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq +RUN chmod +x /usr/bin/yq diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/README.md b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/README.md new file mode 100644 index 00000000..a3174a63 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/README.md @@ -0,0 +1,49 @@ +# cloud-init + +![Version: 0.2.13](https://img.shields.io/badge/Version-0.2.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A Helm chart that generates cloud-init config files + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| cloudymax | | | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| boot_cmd | list | `[]` | Run arbitrary commands early in the boot process See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#bootcmd | +| ca_certs | list | `[]` | Add CA certificates See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ca-certificates | +| debug | bool | `false` | when enabled job sleeps to allow user to exec into the container | +| disable_root | bool | `false` | Disable root login over ssh | +| disk_setup | object | `{}` | | +| envsubst | bool | `true` | Run envsubst against bootcmd and runcmd fields at the beginning of templating Not an official part of cloid-init | +| existingConfigMap | bool | `false` | Dont recreate script configmap. Set to true when keeping multiple cloud-init secrets in the same namespace | +| extraEnvVars | list | `[]` | | +| fs_setup | list | `[]` | | +| hostname | string | `"random"` | virtual-machine hostname | +| image | string | `"deserializeme/kv-cloud-init:v0.0.1"` | image version | +| mounts | list | `[]` | Set up mount points. mounts contains a list of lists. The inner list contains entries for an /etc/fstab line | +| namespace | string | `"kubevirt"` | namespace in which to create resources | +| network | object | `{"config":"disabled"}` | networking options | +| network.config | string | `"disabled"` | disable cloud-init’s network configuration capability and rely on other methods such as embedded configuration or other customisations. | +| package_reboot_if_required | bool | `false` | Update, upgrade, and install packages See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#package-update-upgrade-install | +| package_update | bool | `true` | | +| package_upgrade | bool | `false` | | +| packages | list | `[]` | | +| runcmd | list | `[]` | Run arbitrary commands See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#runcmd | +| salt | string | `"saltsaltlettuce"` | salt used for password generation | +| secret_name | string | `"max-scrapmetal-user-data"` | name of secret in which to save the user-data file | +| serviceAccount | object | `{"create":true,"existingServiceAccountName":"cloud-init-sa","name":"cloud-init-sa"}` | Choose weather to create a service-account or not. Once a SA has been created you should set this to false on subsequent runs. | +| swap | object | `{"enabled":false,"filename":"/swapfile","maxsize":"1G","size":"1G"}` | creates a swap file using human-readable values. | +| users | list | `[{"groups":"users, admin, docker, sudo, kvm","lock_passwd":false,"name":"pool","password":{"random":true},"shell":"/bin/bash","ssh_authorized_keys":[],"ssh_import_id":[],"sudo":"ALL=(ALL) NOPASSWD:ALL"}]` | user configuration options See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#users-and-groups do NOT use 'admin' as username - it conflicts with multiele cloud-images | +| users[0].password | object | `{"random":true}` | set user password from existing secret or generate random | +| users[0].ssh_authorized_keys | list | `[]` | provider user ssh pub key as plaintext | +| users[0].ssh_import_id | list | `[]` | import user ssh public keys from github, gitlab, or launchpad See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ssh | +| wireguard | list | `[]` | add wireguard configuration from existing secret or as plain-text See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#wireguard | +| write_files | list | `[]` | Write arbitrary files to disk. Files my be provided as plain-text or downloaded from a url See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#write-files | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/example-admin-password-secret.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/example-admin-password-secret.yaml new file mode 100644 index 00000000..3e6caa42 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/example-admin-password-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: admin-password + namespace: kubevirt +type: "Opaque" +data: + password: cGFzc3dvcmQ= diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/example-wireguard-secret.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/example-wireguard-secret.yaml new file mode 100644 index 00000000..9af0c9ee --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/example-wireguard-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: wg0-credentials + namespace: kubevirt +type: "Opaque" +data: + wg0.conf: W0ludGVyZmFjZV0KUHJpdmF0ZUtleSA9IHNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkYXNkCkFkZHJlc3MgPSAxMC4xLjAuMjUzLzMyCk1UVSA9IDE0MjAKCltQZWVyXQpQdWJsaWNLZXkgPSBhc2Rhc2Rhc2Rhc2Rhc2Rhc2Rhc2Rhc2Rhc2Rhc2QKQWxsb3dlZElQcyA9IDEwLjEuMC4wLzI0LCAxMC4xLjAuMS8xOApFbmRwb2ludCA9IDE5Mi4xNjguMC4xOjUxODIxClBlcnNpc3RlbnRLZWVwYWxpdmUgPSAyMAo= diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/scripts/optimize.sh b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/scripts/optimize.sh new file mode 100644 index 00000000..8835835a --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/scripts/optimize.sh @@ -0,0 +1,129 @@ +#!/bin/bash + +set -e + +trap - SIGINT SIGTERM ERR EXIT +[[ ! -x "$(command -v date)" ]] && echo "💥 date command not found." && exit 1 +[[ ! -x "$(command -v bc)" ]] && echo "💥 bc command not found." && exit 1 +[[ ! -x "$(command -v mkpasswd)" ]] && echo "💥 gettext-base command not found." && exit 1 +[[ ! -x "$(command -v whois)" ]] && echo "💥 whois command not found." && exit 1 +[[ ! -x "$(command -v git)" ]] && echo "💥 git command not found." && exit 1 +[[ ! -x "$(command -v cloud-init)" ]] && echo "💥 cloud-init command not found." && exit 1 +[[ ! -x "$(command -v wget)" ]] && echo "💥 wget command not found." && exit 1 +[[ ! -x "$(command -v curl)" ]] && echo "💥 curl command not found." && exit 1 + +# Generic logging method to return a timestamped string +log() { + echo >&2 -e "[$(date +"%Y-%m-%d %H:%M:%S")] ${1-}" +} + +#export USER_DATA_SECRET_PATH="/home/friend/repos/kubevirt-community-stack/charts/cloud-init/manifests.yaml" +#export USER_DATA_PATH="user-data.yaml" +#export SALT="saltsaltlettuce" +#export ENVSUBST=true +#export SECRET_NAME="my-secret" +#export USERNAME="max" +#export WIREGUARD_PATH="wg0.conf" + +# Run envsubst against the user-data file +run_envsubst(){ + if [ "${ENVSUBST}" == "true" ]; then + log "running envsubst against $USER_DATA_PATH... \n" + envsubst < "${USER_DATA_PATH}" > tmp.yaml + mv tmp.yaml "${USER_DATA_PATH}" + fi +} + +# Hash and insert passwd field for each specified user +admin_password(){ + read -ra users <<< $(yq '.users[].name' $USER_DATA_PATH |xargs) + export COUNT=0 + + for user in "${users[@]}"; do + CHECK=$(yq '.users[env(COUNT)].passwd' $USER_DATA_PATH) + if [ "${CHECK}" != "null" ]; then + log "Setting hashed password for user: $user\n" + CAP_USER=$(echo "${user}" | tr '[:lower:]' '[:upper:]') + PASSWORD=$(env |grep "${CAP_USER}_PASSWORD" |cut -d '=' -f2) + export HASHED_PASSWORD=$(mkpasswd --method=SHA-512 --rounds=4096 "${PASSWORD}" -s "${SALT}") + yq -i '.users[env(COUNT)].passwd = env(HASHED_PASSWORD)' $USER_DATA_PATH + fi + export COUNT=$(($COUNT + 1)) + done +} + +# Download, gzip, then b64 encode files from specified URLs +download_files(){ + read -ra urls <<< $(yq '.write_files[].url' "${USER_DATA_PATH}" |xargs) + export COUNT=0 + + for url in "${urls[@]}"; do + if [ "${url}" != "null" ]; then + log "Downloading and compressing file: $(basename $url)" + export B64GZ_STRING=$(curl -s "${url}" |gzip |base64 -w0) + yq -i '.write_files[env(COUNT)].content = env(B64GZ_STRING)' $USER_DATA_PATH + yq -i '.write_files[env(COUNT)].encoding = "gz+b64"' $USER_DATA_PATH + yq -i 'del(.write_files[env(COUNT)].url)' $USER_DATA_PATH + check_size + fi + export COUNT=$(($COUNT + 1)) + done +} + +# Check the size of the user-data file against ec2 16Kb limit +check_size(){ + export SIZE=$(stat -c%s $USER_DATA_PATH) + export REMAINDER=$((16000 - $SIZE)) + export FULL=$(echo "scale=2; 100-(($REMAINDER/16000)*100)" |bc -l) + log "user-data file is $SIZE bytes - $FULL% of 16Kb limit.\n" + if [[ $SIZE -gt 16000 ]]; then + echo "Warn: user-data file exceeds the 16KB limit" + fi +} + +# Validate user-data is properly formatted +validate(){ + CONFIG_VALID=$(cloud-init schema --config-file $USER_DATA_PATH) + log "$CONFIG_VALID" +} + +create_secret(){ + export SECRET_EXISTS=$(kubectl get secret ${SECRET_NAME} -o yaml |grep -o "${SECRET_NAME}" |wc -l) + + if [ "${SECRET_EXISTS}" -gt 0 ]; then + log "Kubernetes secret ${SECRET_NAME} exists and will be replaced" + kubectl delete secret ${SECRET_NAME} + fi + + log "Creating kubernetes secret ${SECRET_NAME} from ${USER_DATA_PATH}" + kubectl create secret generic ${SECRET_NAME} --from-file=userdata="${USER_DATA_PATH}" +} + +# Add wireguard configs from secrets +wireguard(){ + read -ra interfaces <<< $(yq '.wireguard.interfaces[].name' "${USER_DATA_PATH}" |xargs) + export COUNT=0 + + for interface in "${interfaces[@]}"; do + if [ "${interface}" != "null" ]; then + log "Adding wireguard interface ${interface}\n" + IFS= read -rd '' output < <(/bin/cat "${interface}".conf) + output=$output yq -i '.wireguard.interfaces[env(COUNT)].content = strenv(output)' $USER_DATA_PATH + fi + export COUNT=$(($COUNT + 1)) + done +} + +main(){ + log "Starting Cloud-Init Optomizer" + cp $USER_DATA_SECRET_PATH $USER_DATA_PATH + check_size + run_envsubst + wireguard + admin_password + download_files + validate + create_secret +} + +main $@ diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/_helpers.tpl b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/_helpers.tpl new file mode 100644 index 00000000..654ba1d5 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cloud-init.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloud-init.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloud-init.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cloud-init.labels" -}} +helm.sh/chart: {{ include "cloud-init.chart" . }} +{{ include "cloud-init.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cloud-init.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cloud-init.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cloud-init.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cloud-init.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/cluster-role-binding.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/cluster-role-binding.yaml new file mode 100644 index 00000000..92939e7f --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/cluster-role-binding.yaml @@ -0,0 +1,17 @@ +{{- if eq .Values.serviceAccount.create true}} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cloud-init + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "-1" +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount.name}} + namespace: {{ .Values.namespace }} +roleRef: + kind: ClusterRole + name: secret-admin + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/cluster-role.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/cluster-role.yaml new file mode 100644 index 00000000..b0fe09bb --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/cluster-role.yaml @@ -0,0 +1,13 @@ +{{- if eq .Values.serviceAccount.create true }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: secret-admin + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "-1" +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/configmap.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/configmap.yaml new file mode 100644 index 00000000..3edf8ae3 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/configmap.yaml @@ -0,0 +1,106 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.hostname}}-userdata + namespace: {{ .Values.namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "-1" +data: + user-data.yaml: |- + #cloud-config + hostname: {{ .Values.hostname }} + disable_root: {{ .Values.disable_root }} + {{- with .Values.network }} + network: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.mounts }} + mounts: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if eq .Values.swap.enabled true }} + swap: + filename: {{ .Values.swap.filename }} + size: {{ .Values.swap.size }} + maxsize: {{ .Values.swap.maxsize }} + {{- end }} + {{- range $reg, $props := .Values.disk_setup }} + disk_setup: + {{ $props.name }}: + layout: {{ $props.layout }} + overwrite: {{ $props.overwrite }} + table_type: {{ $props.table_type }} + {{- end }} + {{- with .Values.fs_setup }} + fs_setup: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.groups }} + groups: + {{- toYaml . | nindent 4 }} + {{- end }} + users: + {{- range $reg, $props := .Values.users }} + - name: {{ $props.name }} + groups: {{ $props.groups }} + sudo: {{ $props.sudo }} + shell: {{ $props.shell }} + lock_passwd: {{ $props.lock_passwd }} + {{- if $props.password }} + passwd: + {{- end }} + {{- range $id := $props.ssh_import_id }} + ssh_import_id: + - {{ $id }} + {{- end }} + {{- range $key := $props.ssh_authorized_keys }} + ssh_authorized_keys: + - {{ $key }} + {{- end }} + {{- end }} + {{- with .Values.boot_cmd }} + boot_cmd: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if gt (len .Values.write_files) 0 }} + write_files: + {{- range $reg, $props := .Values.write_files }} + - path: {{ $props.path }} + permissions: {{ $props.permissions | quote }} + {{- if $props.url }} + url: {{ $props.url | quote }} + {{- end}} + {{- if $props.encoding }} + encoding: {{ $props.encoding | quote }} + {{- end}} + {{- if $props.content }} + content: |- + {{- with $props.content }} + {{- . | nindent 10 }} + {{- end }} + {{- if $props.append }} + append: {{ $props.append }} + {{- end}} + {{- end }} + {{- end }} + {{- end }} + package_reboot_if_required: {{ .Values.package_reboot_if_required }} + package_update: {{ .Values.package_update }} + package_upgrade: {{ .Values.package_upgrade }} + {{- with .Values.packages }} + packages: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.runcmd }} + runcmd: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.wireguard }} + wireguard: + interfaces: + {{- range $reg, $props := .Values.wireguard.interfaces }} + - name: {{ $props.name }} + config_path: {{ $props.config_path }} + {{- end }} + {{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/job.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/job.yaml new file mode 100644 index 00000000..cbb7a832 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/job.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Values.hostname }}-cloud-init-job + namespace: {{ .Values.namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-weight": "0" +spec: + backoffLimit: 3 + template: + spec: + restartPolicy: Never + {{- if eq .Values.serviceAccount.create true }} + serviceAccountName: {{ .Values.serviceAccount.name }} + {{- end }} + {{- if eq .Values.serviceAccount.create false }} + serviceAccountName: {{ .Values.serviceAccount.existingServiceAccountName }} + {{- end }} + containers: + - name: cloud-init + image: {{ .Values.image }} + env: + - name: SECRET_NAME + value: {{ .Values.secret_name }} + - name: USER_DATA_SECRET_PATH + value: /secrets/user-data.yaml + - name: USER_DATA_PATH + value: /user-data.yaml + - name: SALT + value: {{ .Values.salt }} + {{- range $reg, $props := .Values.users }} + {{- if $props.password.existingSecret }} + - name: {{ upper $props.name }}_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $props.password.existingSecret.name }} + key: {{ $props.password.existingSecret.key }} + {{- end }} + {{- if $props.password.random }} + - name: {{ upper $props.name }}_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $props.name }}-password + key: password + {{- end }} + {{- end }} + {{- with .Values.extraEnvVars }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if eq .Values.envsubst true }} + - name: ENVSUBST + value: "true" + {{- end }} + {{- if .Values.debug }} + command: ["/bin/sleep", "365d"] + {{- else }} + command: ["/bin/bash", "/optimize.sh"] + {{- end }} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 250m + memory: 512M + requests: + cpu: 250m + memory: 512M + volumeMounts: + - name: userdata + mountPath: /secrets/user-data.yaml + subPath: user-data.yaml + - name: optimizer-script + mountPath: /optimize.sh + subPath: optimize.sh + {{- if .Values.wireguard }} + {{- range $reg, $props := .Values.wireguard.interfaces }} + - name: {{ $props.name }} + mountPath: /secrets + readOnly: true + {{- end }} + {{- end }} + volumes: + - name: userdata + configMap: + name: {{ .Values.hostname }}-userdata + - name: optimizer-script + configMap: + name: optimizer-script + {{- if .Values.wireguard }} + {{- range $reg, $props := .Values.wireguard.interfaces }} + - name: {{ $props.name }} + secret: + secretName: {{ $props.existingSecret.name }} + items: + - key: {{ $props.existingSecret.key }} + path: {{ $props.name }}.conf + {{- end }} + {{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/password-secret.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/password-secret.yaml new file mode 100644 index 00000000..d46deb1f --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/password-secret.yaml @@ -0,0 +1,17 @@ +{{- range $reg, $props := .Values.users }} +{{- if $props.password.random }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $props.name }}-password + namespace: {{ $.Values.namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "-1" +type: "Opaque" +data: + password: {{ randAlphaNum 16 | b64enc }} +{{- end }} +{{- end }} + diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/script-configmap.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/script-configmap.yaml new file mode 100644 index 00000000..b484abd5 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/script-configmap.yaml @@ -0,0 +1,13 @@ +{{ if eq .Values.existingConfigMap false }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: optimizer-script + namespace: {{ .Values.namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "-1" +data: + optimize.sh: | + {{ .Files.Get "scripts/optimize.sh" | nindent 4}} +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/service-account.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/service-account.yaml new file mode 100644 index 00000000..13b007a8 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/templates/service-account.yaml @@ -0,0 +1,11 @@ +{{- if eq .Values.serviceAccount.create true}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Values.namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "-1" +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/values.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/values.yaml new file mode 100644 index 00000000..dc55e7f8 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/charts/cloud-init/values.yaml @@ -0,0 +1,206 @@ +# Not all cloud-init modules are currently supported +# https://cloudinit.readthedocs.io/en/latest/reference/modules.html + +# -- name of secret in which to save the user-data file +secret_name: max-scrapmetal-user-data + +# -- image version +image: deserializeme/kv-cloud-init:v0.0.1 + +# -- Choose weather to create a service-account or not. Once a SA has been created +# you should set this to false on subsequent runs. +serviceAccount: + create: true + name: cloud-init-sa + existingServiceAccountName: "cloud-init-sa" + +# -- Set up mount points. mounts contains a list of lists. +# The inner list contains entries for an /etc/fstab line +mounts: [] + +# -- creates a swap file using human-readable values. +swap: + enabled: false + filename: /swapfile + size: 1G + maxsize: 1G + +disk_setup: {} + # -- The name of the device. +# - name: /dev/vdb +# # -- This is a list of values, with the percentage of disk that +# # the partition will take. When layout is “true”, it instructs cloud-init +# # to single-partition the entire device. When layout is “false” it means +# # “don’t partition” or “ignore existing partitioning”. +# layout: true + # -- “false” is the default which means that the device will be checked for +# # a partition table and/or filesystem. “true” is cowboy mode, no checks. +# overwrite: false +# # -- Supported options ate `gpt` and `mbr` +# table_type: 'gpt' + +fs_setup: [] + # -- The device name. +# - device: /dev/vdb +# # -- The filesystem type. Supports ext{2,3,4} and vfat +# filesystem: ext4 +# # -- The filesystem label to be used. If set to “None”, no label is used. +# label: None +# # -- Options are `auto|any`, `auto`, or `any` +# partition: 'auto|any' + +# -- Dont recreate script configmap. Set to true when keeping multiple +# cloud-init secrets in the same namespace +existingConfigMap: false + +# -- Run envsubst against bootcmd and runcmd fields at the beginning of templating +# Not an official part of cloid-init +envsubst: true + +extraEnvVars: [] +# - name: USERNAME +# value: max +# - name: GITHUB_USER +# value: cloudymax +# - name: REPO_OWNER +# value: buildstar-online +# - name: REPO_NAME +# value: nvidia-desktops +# - name: ACCESS_TOKEN +# valueFrom: +# secretKeyRef: +# name: test +# key: "test.yaml" + +# -- virtual-machine hostname +hostname: random + +# -- namespace in which to create resources +namespace: kubevirt + +# -- Disable root login over ssh +disable_root: false + +# -- when enabled job sleeps to allow user to exec into the container +debug: false + +# -- salt used for password generation +salt: "saltsaltlettuce" + +# -- networking options +network: + # -- disable cloud-init’s network configuration capability and rely on + # other methods such as embedded configuration or other customisations. + config: disabled + +# -- add wireguard configuration from existing secret or as plain-text +# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#wireguard +wireguard: [] +# interfaces: +# - name: wg0 +# config_path: /etc/wireguard/wg0.conf +# existingSecret: +# name: wg0-credentials +# key: wg0.conf + +# -- user configuration options +# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#users-and-groups +# do NOT use 'admin' as username - it conflicts with multiele cloud-images +users: + - name: pool + groups: users, admin, docker, sudo, kvm + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + lock_passwd: false + + # -- set user password from existing secret or generate random + password: + random: true + # random: false + # existingSecret: + # name: admin-password + # key: password + + # -- import user ssh public keys from github, gitlab, or launchpad + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ssh + ssh_import_id: [] + + # -- provider user ssh pub key as plaintext + ssh_authorized_keys: [] + +# -- Add CA certificates +# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ca-certificates +ca_certs: [] +# remove_defaults: true +# trusted: +# - certificate + +# -- Run arbitrary commands early in the boot process +# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#bootcmd +boot_cmd: [] + +# -- Write arbitrary files to disk. +# Files my be provided as plain-text or downloaded from a url +# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#write-files +write_files: [] +# - path: /home/${USERNAME}/runner.sh +# permissions: "0644" +# url: "https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/gha-runner.sh" +# - path: /etc/apt-sources.list +# permissions: "0644" +# url: "https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/etc-apt-sources.list" +# - path: /etc/default/laocalw +# permissions: "0644" +# url: "https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/etc-default-locale" +# - path: /etc/default/keyboard +# permissions: "0644" +# url: "https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/etc-default-keyboard" +# - path: /etc/ssh/sshd_config +# permissions: "0644" +# url: "https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/sshd_config" + +# -- Update, upgrade, and install packages +# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#package-update-upgrade-install +package_reboot_if_required: false +package_update: true +package_upgrade: false +packages: [] +# - ssh-import-id +# - curl +# - tmux +# - apt-transport-https +# - ca-certificates +# - software-properties-common +# - git-extras +# - rsyslog +# - vim +# - gpg +# - open-iscsi +# - nfs-common +# - bc +# - zip +# - pkg-config +# - pipx +# - jq + +# -- Run arbitrary commands +# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#runcmd +runcmd: [] +# - mkdir -p /home/${USERNAME}/shared +# - chown ${USERNAME}:${USERNAME} /home/${USERNAME}/shared +# - sudo -u ${USERNAME} -i ssh-import-id-gh ${GITHUB_USER} +# - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg +# - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +# - sudo apt-get update +# - sudo apt-get install -y docker-ce +# - wget https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh +# - chmod +x /install.sh +# - chmod 777 /install.sh +# - sudo -u ${USERNAME} NONINTERACTIVE=1 /bin/bash /install.sh +# - sudo -u ${USERNAME} /home/linuxbrew/.linuxbrew/bin/brew shellenv >> /home/${USERNAME}/.profile +# - sudo -u ${USERNAME} /home/linuxbrew/.linuxbrew/opt/python@3.11/libexec/bin >> /home/${USERNAME}/.profile +# - sudo -u ${USERNAME} /home/linuxbrew/.linuxbrew/bin/brew install python@3.11 +# - sudo chown -R ${USERNAME}:${USERNAME} /home/linuxbrew +# - sudo chown -R ${USERNAME}:${USERNAME} /home/${USERNAME} +# - wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq +# - chmod +x /usr/bin/yq diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/_helpers.tpl b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/_helpers.tpl new file mode 100644 index 00000000..4871ceec --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kubevirt-vm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubevirt-vm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubevirt-vm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubevirt-vm.labels" -}} +helm.sh/chart: {{ include "kubevirt-vm.chart" . }} +{{ include "kubevirt-vm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kubevirt-vm.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubevirt-vm.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kubevirt-vm.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kubevirt-vm.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/cloud-init-secret.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/cloud-init-secret.yaml new file mode 100644 index 00000000..b3f4db4f --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/cloud-init-secret.yaml @@ -0,0 +1,73 @@ +{{- if eq .Values.cloudinitEnabled true }} +{{- if eq .Values.cloudinitFromSecret true }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.virtualMachine.name }}-cloudinit-secret + namespace: {{ .Values.namespace }} +type: Opaque +stringData: + userdata: #cloud-config + hostname: {{ .Values.cloudinit.hostname }} + disable_root: {{ .Values.cloudinit.disable_root }} + {{- with .Values.cloudinit.network }} + network: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cloudinit.groups }} + groups: + {{- toYaml . | nindent 4 }} + {{- end }} + users: + {{- range $reg, $props := .Values.cloudinit.users }} + - name: {{ $props.name }} + groups: {{ $props.groups }} + sudo: {{ $props.sudo }} + shell: {{ $props.shell }} + lock_passwd: {{ $props.lock_passwd }} + {{- if $props.passwd }} + passwd: {{ $props.passwd | quote }} + {{- end }} + {{- if $props.ssh_import_id }} + ssh_import_id: + - {{ $props.ssh_import_id }} + {{- end }} + {{- if $props.ssh_authorized_keys }} + ssh_authorized_keys: + - {{ $props.ssh_authorized_keys }} + {{- end }} + {{- end }} + {{- with .Values.cloudinit.boot_cmd }} + boot_cmd: + {{- toYaml . | nindent 4 }} + {{- end }} + write_files: + {{- if .Values.cloudinit.write_as_b64 }} + {{- range $reg, $props := .Values.cloudinit.write_files }} + - path: {{ $props.path }} + permissions: {{ $props.permissions | quote }} + content: | + {{- $.Files.Get $props.content | trim |b64enc | nindent 6 }} + {{- end }} + {{- else }} + {{- range $reg, $props := .Values.cloudinit.write_files }} + - path: {{ $props.path }} + permissions: {{ $props.permissions | quote }} + content: | + {{- $.Files.Get $props.content | trim |nindent 6 }} + {{- end }} + {{- end }} + package_update: {{ .Values.cloudinit.package_update }} + package_upgrade: {{ .Values.cloudinit.package_upgrade }} + {{- with .Values.cloudinit.packages }} + packages: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cloudinit.runcmd }} + runcmd: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} + + diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/datavolume.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/datavolume.yaml new file mode 100644 index 00000000..f1898632 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/datavolume.yaml @@ -0,0 +1,59 @@ +{{- range $reg, $props := .Values.disks }} +{{- if $props.pvsize }} +--- +{{ if ne "containerDisk" $props.type }} +{{ if $props.source }} +apiVersion: cdi.kubevirt.io/v1beta1 +kind: DataVolume +{{- else }} +apiVersion: v1 +kind: PersistentVolumeClaim +{{- end}} +metadata: + name: {{ $props.name }} + namespace: {{ $.Values.virtualMachine.namespace }} + annotations: + cdi.kubevirt.io/storage.bind.immediate.requested: "true" + {{- if $props.nodePlacement }} + volume.kubernetes.io/selected-node: {{ $props.nodePlacement }} + {{- end }} +spec: + {{- if $props.source }} + source: + {{- if eq "url" $props.source }} + http: + certConfigMap: {{ $.Values.virtualMachine.name }}-empty-cert + url: {{ $props.url }} + {{- end }} + {{- if eq "pvc" $props.source }} + pvc: + namespace: {{ $props.pvcnamespace }} + name: {{ $props.pvcname }} + {{- end }} + pvc: + storageClassName: {{ $props.pvstorageClassName }} + accessModes: + - {{ $props.pvaccessMode }} + resources: + requests: + storage: {{ $props.pvsize }} + {{- else }} + storageClassName: {{ $props.pvstorageClassName }} + accessModes: + - {{ $props.pvaccessMode }} + resources: + requests: + storage: {{ $props.pvsize }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.virtualMachine.name }}-empty-cert + namespace: {{ .Values.virtualMachine.namespace }} +data: + ca.pem: "" + diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/global-network.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/global-network.yaml new file mode 100644 index 00000000..ec09d559 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/global-network.yaml @@ -0,0 +1,26 @@ +apiVersion: crd.projectcalico.org/v1 +kind: GlobalNetworkPolicy +metadata: + name: {{ .Release.Namespace }}-global +spec: + ingress: + - action: Allow + namespaceSelector: kubernetes.io/metadata.name == {{ .Release.Namespace | quote }} + order: 90 + selector: all() + types: + - Ingress +--- +apiVersion: crd.projectcalico.org/v1 +kind: GlobalNetworkPolicy +metadata: + name: {{ .Release.Namespace }}-global-egress +spec: + egress: + - action: Allow + namespaceSelector: kubernetes.io/metadata.name == {{ .Release.Namespace | quote }} + order: 90 + selector: all() + types: + - Egress + diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/hpa.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/hpa.yaml new file mode 100644 index 00000000..ce0ff567 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/hpa.yaml @@ -0,0 +1,42 @@ +{{ if .Values.virtualMachinePool.hpa.enabled }} +{{ if .Values.virtualMachinePool.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + creationTimestamp: null + name: {{ .Values.virtualMachine.name }} + namespace: {{ .Values.virtualMachine.namespace }} + labels: + kubevirt-manager.io/managed: "true" +spec: + maxReplicas: {{ .Values.virtualMachinePool.hpa.maxReplicas }} + minReplicas: {{ .Values.virtualMachinePool.hpa.minReplicas }} + scaleTargetRef: + apiVersion: pool.kubevirt.io/v1alpha1 + kind: VirtualMachinePool + name: {{ .Values.virtualMachine.name }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 75 + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + scaleUp: + stabilizationWindowSeconds: 60 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + - type: Pods + value: 4 + periodSeconds: 15 +{{- end }} +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/ingress.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/ingress.yaml new file mode 100644 index 00000000..2c6f5e2d --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/ingress.yaml @@ -0,0 +1,28 @@ +{{- if eq .Values.ingress.enabled true }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Values.virtualMachine.name }}-ingress + namespace: {{ .Values.namespace }} + labels: + kubevirt.io/domain: {{ .Values.virtualMachine.name }} +{{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + ingressClassName: {{ .Values.ingress.className }} +{{- if eq .Values.ingress.tls.enabled true }} + tls: + - hosts: + - {{ .Values.ingress.hostname }} + secretName: {{ .Values.ingress.tls.secretName | quote }} +{{- end }} + rules: + - host: {{ .Values.ingress.hostname }} + http: + {{- with .Values.ingress.paths }} + paths: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/kubevirt-machine-template.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/kubevirt-machine-template.yaml new file mode 100644 index 00000000..3bd855bb --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/kubevirt-machine-template.yaml @@ -0,0 +1,274 @@ +{{- if eq .Values.virtualMachine.capiMachineTemplate true }} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 +kind: KubevirtMachineTemplate +metadata: + name: {{ .Values.cluster.name }}-md-0 + namespace: {{ .Values.cluster.namespace }} +spec: + template: + spec: + virtualMachineBootstrapCheck: + checkStrategy: ssh + virtualMachineTemplate: + metadata: + namespace: {{ .Values.cluster.namespace }} + labels: + cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }} + cluster.x-k8s.io/role: worker + spec: + {{- if eq .Values.virtualMachine.machine.instancetype.enabled true }} + instancetype: + name: {{ .Values.virtualMachine.machine.instancetype.name }} + kind: {{ .Values.virtualMachine.machine.instancetype.kind }} + {{- end }} + runStrategy: {{ .Values.virtualMachine.runStrategy }} + template: + metadata: + creationTimestamp: null + labels: + kubevirt.io/domain: {{ .Values.virtualMachine.name }} + kubevirt-service: {{ .Values.virtualMachine.name }} + kubevirt-manager.io/managed: "true" + spec: + architecture: {{ .Values.virtualMachine.machine.architecture }} + domain: + machine: + type: {{ .Values.virtualMachine.machine.machineType }} + {{- if eq .Values.virtualMachine.clock.enabled true }} + clock: + {{- if eq .Values.virtualMachine.clock.timezone "utc" }} + utc: {} + {{ else }} + timezone: {{ .Values.virtualMachine.clock.timezone }} + {{- end }} + timer: + {{- if eq .Values.virtualMachine.clock.hpet.enabled true }} + hpet: + present: {{ .Values.virtualMachine.clock.hpet.present }} + {{- end }} + {{- if eq .Values.virtualMachine.clock.pit.enabled true }} + pit: + tickPolicy: {{ .Values.virtualMachine.clock.pit.tickPolicy }} + {{- end }} + {{- if eq .Values.virtualMachine.clock.rtc.enabled true }} + rtc: + tickPolicy: {{ .Values.virtualMachine.clock.rtc.tickPolicy }} + {{- end }} + {{- if eq .Values.virtualMachine.clock.hyperv true }} + hyperv: {} + {{- end }} + {{- if eq .Values.virtualMachine.clock.kvm true }} + kvm: {} + {{- end }} + {{- end }} + features: + {{- if eq .Values.virtualMachine.features.kvm.enabled true }} + {{- if eq .Values.virtualMachine.features.kvm.hidden false }} + kvm: {} + {{- end }} + {{- if eq .Values.virtualMachine.features.kvm.hidden true }} + kvm: + hidden: {{ .Values.virtualMachine.features.hidden }} + {{- end }} + {{- end }} + {{- if eq .Values.virtualMachine.features.acpiEnabled true }} + acpi: {} + {{- end }} + {{- if eq .Values.virtualMachine.firmware.smmEnabled true }} + smm: + enabled: true + {{- end }} + {{- if eq .Values.virtualMachine.features.hyperv true }} + hyperv: + relaxed: {} + vapic: {} + vpindex: {} + spinlocks: + spinlocks: 8191 + synic: {} + synictimer: + direct: {} + tlbflush: {} + frequencies: {} + reenlightenment: {} + ipi: {} + runtime: {} + reset: {} + {{- end }} + cpu: + {{- if eq .Values.virtualMachine.machine.pinCores true }} + dedicatedCpuPlacement: true + {{- end }} + {{- if eq .Values.virtualMachine.machine.emulatorThread true }} + isolateEmulatorThread: true + {{- end }} + model: {{ .Values.virtualMachine.machine.cpuModel }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + sockets: {{ .Values.virtualMachine.machine.sockets }} + cores: {{ .Values.virtualMachine.machine.vCores }} + threads: {{ .Values.virtualMachine.machine.threads }} + {{- end }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + memory: + {{- if eq .Values.virtualMachine.machine.memory.overcommit.enabled false }} + guest: {{ .Values.virtualMachine.machine.memory.base }} + {{ else }} + guest: {{ .Values.virtualMachine.machine.memory.overcommit.limit }} + {{- end }} + {{- end }} + firmware: + {{- if .Values.virtualMachine.firmware.efi.enabled }} + {{- if .Values.virtualMachine.firmware.uuid }} + uuid: {{ .Values.virtualMachine.firmware.uuid }} + {{- end }} + bootloader: + efi: + secureBoot: {{ .Values.virtualMachine.firmware.efi.secureBoot }} + {{- else }} + bootloader: {} + {{- end }} + devices: + {{- with .Values.virtualMachine.interfaces }} + interfaces: + {{- toYaml . | nindent 18 }} + {{- end }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + {{- with .Values.virtualMachine.gpus }} + gpus: + {{- toYaml . | nindent 18 }} + {{- end }} + {{- end }} + autoattachPodInterface: {{ .Values.virtualMachine.features.autoattachPodInterface }} + autoattachSerialConsole: {{ .Values.virtualMachine.features.autoattachSerialConsole }} + autoattachGraphicsDevice: {{ .Values.virtualMachine.features.autoattachGraphicsDevice }} + networkInterfaceMultiqueue: {{ .Values.virtualMachine.features.networkInterfaceMultiqueue }} + rng: {} + inputs: + - type: tablet + bus: virtio + name: tablet1 + disks: + {{- if or (eq .Values.userDataSecret.enabled true) (eq .Values.cloudinit.enabled true) }} + - name: cloudinitvolume + cdrom: + bus: sata + readonly: true + bootOrder: 1 + errorPolicy: report + {{- end }} + {{- range $reg, $props := .Values.disks }} + {{- if ne "hostDisk" $props.type }} + {{- if ne "configmap" $props.type }} + {{- if ne "secret" $props.type }} + - name: {{ $props.name }} + {{ $props.type }}: + bus: {{ $props.bus }} + {{- if eq $props.readonly true }} + readonly: {{ $props.readonly }} + {{- end }} + bootOrder: {{ $props.bootorder }} + errorPolicy: {{ $.Values.diskErrorPolicy }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq $props.type "configmap" }} + - name: {{ $props.name }} + serial: {{ $props.serialNumber }} + cdrom: + bus: sata + {{- end }} + {{- if eq $props.type "secret" }} + - name: {{ $props.name }} + serial: {{ $props.serialNumber }} + {{- end }} + {{- end }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + resources: + {{- if eq .Values.virtualMachine.machine.memory.overcommit.enabled true }} + overcommitGuestOverhead: {{ .Values.virtualMachine.machine.memory.overcommit.overhead }} + {{- end }} + requests: + memory: {{ .Values.virtualMachine.machine.memory.base | quote }} + limits: + {{- if eq .Values.virtualMachine.machine.memory.overcommit.enabled true }} + memory: {{ .Values.virtualMachine.machine.memory.overcommit.limit | quote }} + {{ else }} + memory: {{ .Values.virtualMachine.machine.memory.base | quote }} + {{- end }} + {{- end }} + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 16 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 16 }} + {{- end }} + {{- with .Values.virtualMachine.networks }} + networks: + {{- toYaml . | nindent 16 }} + {{- end }} + terminationGracePeriodSeconds: 0 + priorityClassName: {{ .Values.virtualMachine.machine.priorityClassName }} + volumes: + {{- range $reg, $props := .Values.disks }} + {{- if ne "cloudinitvolume" $props.name }} + {{- if ne "hostDisk" $props.type }} + {{- if ne "configmap" $props.type }} + {{- if ne "secret" $props.type }} + {{- if not $props.ephemeral }} + {{- if not $props.image }} + - name: {{ $props.name }} + persistentVolumeClaim: + claimName: {{ $props.name }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq "configmap" $props.type }} + - name: {{ $props.name }} + configMap: + volumeLabel: {{ $props.volumeLabel }} + name: {{ $props.configMap }} + {{- end }} + {{- if eq "secret" $props.type }} + - name: {{ $props.name }} + secret: + secretName: {{ $props.secretName }} + {{- end }} + {{- if eq "hostDisk" $props.type }} + - hostDisk: + capacity: {{ $props.capacity }} + path: {{ $props.path }} + type: {{ $props.type }} + name: {{ $props.name }} + {{- end}} + {{- if $props.image }} + - containerDisk: + image: {{ $props.image }} + name: {{ $props.name }} + {{- end }} + {{- if $props.ephemeral }} + - name: {{ $props.name }} + ephemeral: + persistentVolumeClaim: + claimName: {{ $props.pvc }} + {{- end }} + {{- end }} + {{- if or (eq .Values.userDataSecret.enabled true) (eq .Values.cloudinit.enabled true) }} + - name: cloudinitvolume + cloudInitNoCloud: + secretRef: + {{- if eq .Values.userDataSecret.enabled true }} + {{- if eq .Values.cloudinit.enabled false }} + name: {{ .Values.userDataSecret.name }} + {{- end }} + {{- end }} + {{- if eq .Values.cloudinit.enabled true }} + name: {{ .Values.cloudinit.secret_name }} + {{- end }} + {{- end }} +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/network-policy.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/network-policy.yaml new file mode 100644 index 00000000..c5fc3e38 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/network-policy.yaml @@ -0,0 +1,34 @@ +{{- if eq .Values.networkPolicy.enabled true }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: egress-policy + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "5" +spec: + podSelector: {} + policyTypes: + - Egress + {{- with .Values.networkPolicy.egress }} + egress: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: ingress-policy + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "5" +spec: + podSelector: {} + policyTypes: + - Ingress + {{- with .Values.networkPolicy.ingress }} + ingress: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} + diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/service.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/service.yaml new file mode 100644 index 00000000..9613a1d4 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/service.yaml @@ -0,0 +1,31 @@ +{{ if eq .Values.virtualMachine.capiMachineTemplate false }} +{{- range $reg, $props := .Values.service }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $props.name }} + namespace: {{ $.Values.virtualMachine.namespace }} + labels: + kubevirt.io/domain: {{ $.Values.virtualMachine.name }} + kubevirt-manager.io/managed: "true" +spec: + externalTrafficPolicy: {{ $props.externalTrafficPolicy }} + type: {{ $props.type }} + {{- if and (eq $props.type "LoadBalancer") $props.loadBalancerIP }} + loadBalancerIP: {{ $props.loadBalancerIP }} + {{- end }} + ports: + {{- range $key, $value := $props.ports }} + - name: {{ $value.name }} + port: {{ $value.port }} + targetPort: {{ $value.targetPort }} + protocol: {{ $value.protocol }} + {{- if eq $value.type "NodePort" }} + nodePort: {{ $value.nodePort }} + {{- end }} + {{- end }} + selector: + kubevirt.io/domain: {{ $.Values.virtualMachine.name }} +{{- end }} +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/virtualmachine.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/virtualmachine.yaml new file mode 100644 index 00000000..6d40d6b9 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/virtualmachine.yaml @@ -0,0 +1,268 @@ +{{ if not .Values.virtualMachinePool.enabled }} +{{ if eq .Values.virtualMachine.capiMachineTemplate false }} +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + labels: + kubevirt.io/os: linux + metallb-service: {{ .Values.virtualMachine.name }} + namespace: {{ .Values.virtualMachine.namespace }} + name: {{ .Values.virtualMachine.name }} +spec: + {{- if eq .Values.virtualMachine.machine.instancetype.enabled true }} + instancetype: + name: {{ .Values.virtualMachine.machine.instancetype.name }} + kind: {{ .Values.virtualMachine.machine.instancetype.kind }} + {{- end }} + runStrategy: {{ .Values.virtualMachine.runStrategy }} + template: + metadata: + creationTimestamp: null + labels: + kubevirt.io/domain: {{ .Values.virtualMachine.name }} + kubevirt-service: {{ .Values.virtualMachine.name }} + kubevirt-manager.io/managed: "true" + spec: + architecture: {{ .Values.virtualMachine.machine.architecture }} + domain: + machine: + type: {{ .Values.virtualMachine.machine.machineType }} + {{- if eq .Values.virtualMachine.clock.enabled true }} + clock: + {{- if eq .Values.virtualMachine.clock.timezone "utc" }} + utc: {} + {{ else }} + timezone: {{ .Values.virtualMachine.clock.timezone }} + {{- end }} + timer: + {{- if eq .Values.virtualMachine.clock.hpet.enabled true }} + hpet: + present: {{ .Values.virtualMachine.clock.hpet.present }} + {{- end }} + {{- if eq .Values.virtualMachine.clock.pit.enabled true }} + pit: + tickPolicy: {{ .Values.virtualMachine.clock.pit.tickPolicy }} + {{- end }} + {{- if eq .Values.virtualMachine.clock.rtc.enabled true }} + rtc: + tickPolicy: {{ .Values.virtualMachine.clock.rtc.tickPolicy }} + {{- end }} + {{- if eq .Values.virtualMachine.clock.hyperv true }} + hyperv: {} + {{- end }} + {{- if eq .Values.virtualMachine.clock.kvm true }} + kvm: {} + {{- end }} + {{- end }} + features: + {{- if eq .Values.virtualMachine.features.kvm.enabled true }} + {{- if eq .Values.virtualMachine.features.kvm.hidden false }} + kvm: {} + {{- end }} + {{- if eq .Values.virtualMachine.features.kvm.hidden true }} + kvm: + hidden: {{ .Values.virtualMachine.features.hidden }} + {{- end }} + {{- end }} + {{- if eq .Values.virtualMachine.features.acpiEnabled true }} + acpi: {} + {{- end }} + {{- if eq .Values.virtualMachine.firmware.smmEnabled true }} + smm: + enabled: true + {{- end }} + {{- if eq .Values.virtualMachine.features.hyperv true }} + hyperv: + relaxed: {} + vapic: {} + vpindex: {} + spinlocks: + spinlocks: 8191 + synic: {} + synictimer: + direct: {} + tlbflush: {} + frequencies: {} + reenlightenment: {} + ipi: {} + runtime: {} + reset: {} + {{- end }} + cpu: + {{- if eq .Values.virtualMachine.machine.pinCores true }} + dedicatedCpuPlacement: true + {{- end }} + {{- if eq .Values.virtualMachine.machine.emulatorThread true }} + isolateEmulatorThread: true + {{- end }} + model: {{ .Values.virtualMachine.machine.cpuModel }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + sockets: {{ .Values.virtualMachine.machine.sockets }} + cores: {{ .Values.virtualMachine.machine.vCores }} + threads: {{ .Values.virtualMachine.machine.threads }} + {{- end }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + memory: + {{- if eq .Values.virtualMachine.machine.memory.overcommit.enabled false }} + guest: {{ .Values.virtualMachine.machine.memory.base }} + {{ else }} + guest: {{ .Values.virtualMachine.machine.memory.overcommit.limit }} + {{- end }} + {{- end }} + firmware: + {{- if .Values.virtualMachine.firmware.efi.enabled }} + {{- if .Values.virtualMachine.firmware.uuid }} + uuid: {{ .Values.virtualMachine.firmware.uuid }} + {{- end }} + bootloader: + efi: + secureBoot: {{ .Values.virtualMachine.firmware.efi.secureBoot }} + {{- else }} + bootloader: {} + {{- end }} + devices: + {{- with .Values.virtualMachine.interfaces }} + interfaces: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + {{- with .Values.virtualMachine.gpus }} + gpus: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} + autoattachPodInterface: {{ .Values.virtualMachine.features.autoattachPodInterface }} + autoattachSerialConsole: {{ .Values.virtualMachine.features.autoattachSerialConsole }} + autoattachGraphicsDevice: {{ .Values.virtualMachine.features.autoattachGraphicsDevice }} + networkInterfaceMultiqueue: {{ .Values.virtualMachine.features.networkInterfaceMultiqueue }} + rng: {} + inputs: + - type: tablet + bus: virtio + name: tablet1 + disks: + {{- if or (eq .Values.userDataSecret.enabled true) (eq .Values.cloudinit.enabled true) }} + - name: cloudinitvolume + cdrom: + bus: sata + readonly: true + bootOrder: 1 + errorPolicy: report + {{- end }} + {{- range $reg, $props := .Values.disks }} + {{- if ne "hostDisk" $props.type }} + {{- if ne "configmap" $props.type }} + {{- if ne "secret" $props.type }} + - name: {{ $props.name }} + {{ $props.type }}: + bus: {{ $props.bus }} + {{- if eq $props.readonly true }} + readonly: {{ $props.readonly }} + {{- end }} + bootOrder: {{ $props.bootorder }} + errorPolicy: {{ $.Values.diskErrorPolicy }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq $props.type "configmap" }} + - name: {{ $props.name }} + serial: {{ $props.serialNumber }} + cdrom: + bus: sata + {{- end }} + {{- if eq $props.type "secret" }} + - name: {{ $props.name }} + serial: {{ $props.serialNumber }} + {{- end }} + {{- end }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + resources: + {{- if eq .Values.virtualMachine.machine.memory.overcommit.enabled true }} + overcommitGuestOverhead: {{ .Values.virtualMachine.machine.memory.overcommit.overhead }} + {{- end }} + requests: + memory: {{ .Values.virtualMachine.machine.memory.base | quote }} + limits: + {{- if eq .Values.virtualMachine.machine.memory.overcommit.enabled true }} + memory: {{ .Values.virtualMachine.machine.memory.overcommit.limit | quote }} + {{ else }} + memory: {{ .Values.virtualMachine.machine.memory.base | quote }} + {{- end }} + {{- end }} + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.virtualMachine.networks }} + networks: + {{- toYaml . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: 0 + priorityClassName: {{ .Values.virtualMachine.machine.priorityClassName }} + volumes: + {{- range $reg, $props := .Values.disks }} + {{- if ne "cloudinitvolume" $props.name }} + {{- if ne "hostDisk" $props.type }} + {{- if ne "configmap" $props.type }} + {{- if ne "secret" $props.type }} + {{- if not $props.ephemeral }} + {{- if not $props.image }} + - name: {{ $props.name }} + persistentVolumeClaim: + claimName: {{ $props.name }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq "configmap" $props.type }} + - name: {{ $props.name }} + configMap: + volumeLabel: {{ $props.volumeLabel }} + name: {{ $props.configMap }} + {{- end }} + {{- if eq "secret" $props.type }} + - name: {{ $props.name }} + secret: + secretName: {{ $props.secretName }} + {{- end }} + {{- if eq "hostDisk" $props.type }} + - hostDisk: + capacity: {{ $props.capacity }} + path: {{ $props.path }} + type: {{ $props.type }} + name: {{ $props.name }} + {{- end}} + {{- if $props.image }} + - containerDisk: + image: {{ $props.image }} + imagePullSecret: {{ $props.imagePullSecret }} + name: {{ $props.name }} + {{- end }} + {{- if $props.ephemeral }} + - name: {{ $props.name }} + ephemeral: + persistentVolumeClaim: + claimName: {{ $props.pvc }} + {{- end }} + {{- end }} + {{- if or (eq .Values.userDataSecret.enabled true) (eq .Values.cloudinit.enabled true) }} + - name: cloudinitvolume + cloudInitNoCloud: + secretRef: + {{- if eq .Values.userDataSecret.enabled true }} + {{- if eq .Values.cloudinit.enabled false }} + name: {{ .Values.userDataSecret.name }} + {{- end }} + {{- end }} + {{- if eq .Values.cloudinit.enabled true }} + name: {{ .Values.cloudinit.secret_name }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/virtualmachinepool.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/virtualmachinepool.yaml new file mode 100644 index 00000000..7987b67b --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/templates/virtualmachinepool.yaml @@ -0,0 +1,281 @@ +{{ if .Values.virtualMachinePool.enabled }} +apiVersion: pool.kubevirt.io/v1alpha1 +kind: VirtualMachinePool +metadata: + name: {{ .Values.virtualMachine.name }} + namespace: {{ .Values.virtualMachine.namespace }} + labels: + kubevirt-manager.io/managed: "true" + kubevirt.io/vmpool: {{ .Values.virtualMachine.name }} +spec: + replicas: {{ .Values.virtualMachinePool.replicas }} + selector: + matchLabels: + kubevirt.io/vmpool: {{ .Values.virtualMachine.name }} + kubevirt.io/domain: {{ .Values.virtualMachine.name }} + kubevirt-service: {{ .Values.virtualMachine.name }} + kubevirt-manager.io/managed: "true" + virtualMachineTemplate: + metadata: + creationTimestamp: null + labels: + kubevirt.io/vmpool: {{ .Values.virtualMachine.name }} + kubevirt.io/domain: {{ .Values.virtualMachine.name }} + kubevirt-service: {{ .Values.virtualMachine.name }} + kubevirt-manager.io/managed: "true" + spec: + {{- if eq .Values.virtualMachine.machine.instancetype.enabled true }} + instancetype: + name: {{ .Values.virtualMachine.machine.instancetype.name }} + kind: {{ .Values.virtualMachine.machine.instancetype.kind }} + {{- end }} + runStrategy: {{ .Values.virtualMachine.runStrategy }} + template: + metadata: + creationTimestamp: null + labels: + kubevirt.io/domain: {{ .Values.virtualMachine.name }} + kubevirt-service: {{ .Values.virtualMachine.name }} + kubevirt-manager.io/managed: "true" + spec: + architecture: {{ .Values.virtualMachine.machine.architecture }} + domain: + machine: + type: {{ .Values.virtualMachine.machine.machineType }} + {{- if eq .Values.virtualMachine.clock.enabled true }} + clock: + {{- if eq .Values.virtualMachine.clock.timezone "utc" }} + utc: {} + {{ else }} + timezone: {{ .Values.virtualMachine.clock.timezone }} + {{- end }} + timer: + {{- if eq .Values.virtualMachine.clock.hpet.enabled true }} + hpet: + present: {{ .Values.virtualMachine.clock.hpet.present }} + {{- end }} + {{- if eq .Values.virtualMachine.clock.pit.enabled true }} + pit: + tickPolicy: {{ .Values.virtualMachine.clock.pit.tickPolicy }} + {{- end }} + {{- if eq .Values.virtualMachine.clock.rtc.enabled true }} + rtc: + tickPolicy: {{ .Values.virtualMachine.clock.rtc.tickPolicy }} + {{- end }} + {{- if eq .Values.virtualMachine.clock.hyperv true }} + hyperv: {} + {{- end }} + {{- if eq .Values.virtualMachine.clock.kvm true }} + kvm: {} + {{- end }} + {{- end }} + features: + {{- if eq .Values.virtualMachine.features.kvm.enabled true }} + {{- if eq .Values.virtualMachine.features.kvm.hidden false }} + kvm: {} + {{- end }} + {{- if eq .Values.virtualMachine.features.kvm.hidden true }} + kvm: + hidden: {{ .Values.virtualMachine.features.hidden }} + {{- end }} + {{- end }} + {{- if eq .Values.virtualMachine.features.acpiEnabled true }} + acpi: {} + {{- end }} + {{- if eq .Values.virtualMachine.firmware.smmEnabled true }} + smm: + enabled: true + {{- end }} + {{- if eq .Values.virtualMachine.features.hyperv true }} + hyperv: + relaxed: {} + vapic: {} + vpindex: {} + spinlocks: + spinlocks: 8191 + synic: {} + synictimer: + direct: {} + tlbflush: {} + frequencies: {} + reenlightenment: {} + ipi: {} + runtime: {} + reset: {} + {{- end }} + cpu: + {{- if eq .Values.virtualMachine.machine.pinCores true }} + dedicatedCpuPlacement: true + {{- end }} + {{- if eq .Values.virtualMachine.machine.emulatorThread true }} + isolateEmulatorThread: true + {{- end }} + model: {{ .Values.virtualMachine.machine.cpuModel }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + sockets: {{ .Values.virtualMachine.machine.sockets }} + cores: {{ .Values.virtualMachine.machine.vCores }} + threads: {{ .Values.virtualMachine.machine.threads }} + {{- end }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + memory: + {{- if eq .Values.virtualMachine.machine.memory.overcommit.enabled false }} + guest: {{ .Values.virtualMachine.machine.memory.base }} + {{ else }} + guest: {{ .Values.virtualMachine.machine.memory.overcommit.limit }} + {{- end }} + {{- end }} + firmware: + {{- if .Values.virtualMachine.firmware.efi.enabled }} + {{- if .Values.virtualMachine.firmware.uuid }} + uuid: {{ .Values.virtualMachine.firmware.uuid }} + {{- end }} + bootloader: + efi: + secureBoot: {{ .Values.virtualMachine.firmware.efi.secureBoot }} + {{- else }} + bootloader: {} + {{- end }} + devices: + {{- with .Values.virtualMachine.interfaces }} + interfaces: + {{- toYaml . | nindent 14 }} + {{- end }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + {{- with .Values.virtualMachine.gpus }} + gpus: + {{- toYaml . | nindent 14 }} + {{- end }} + {{- end }} + autoattachPodInterface: {{ .Values.virtualMachine.features.autoattachPodInterface }} + autoattachSerialConsole: {{ .Values.virtualMachine.features.autoattachSerialConsole }} + autoattachGraphicsDevice: {{ .Values.virtualMachine.features.autoattachGraphicsDevice }} + networkInterfaceMultiqueue: {{ .Values.virtualMachine.features.networkInterfaceMultiqueue }} + rng: {} + inputs: + - type: tablet + bus: virtio + name: tablet1 + disks: + {{- if or (eq .Values.userDataSecret.enabled true) (eq .Values.cloudinit.enabled true) }} + - name: cloudinitvolume + cdrom: + bus: sata + readonly: true + bootOrder: 1 + errorPolicy: report + {{- end }} + {{- range $reg, $props := .Values.disks }} + {{- if ne "hostDisk" $props.type }} + {{- if ne "configmap" $props.type }} + {{- if ne "secret" $props.type }} + - name: {{ $props.name }} + {{ $props.type }}: + bus: {{ $props.bus }} + {{- if eq $props.readonly true }} + readonly: {{ $props.readonly }} + {{- end }} + bootOrder: {{ $props.bootorder }} + errorPolicy: {{ $.Values.diskErrorPolicy }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq $props.type "configmap" }} + - name: {{ $props.name }} + serial: {{ $props.serialNumber }} + cdrom: + bus: sata + {{- end }} + {{- if eq $props.type "secret" }} + - name: {{ $props.name }} + serial: {{ $props.serialNumber }} + {{- end }} + {{- end }} + {{- if eq .Values.virtualMachine.machine.instancetype.enabled false }} + resources: + {{- if eq .Values.virtualMachine.machine.memory.overcommit.enabled true }} + overcommitGuestOverhead: {{ .Values.virtualMachine.machine.memory.overcommit.overhead }} + {{- end }} + requests: + memory: {{ .Values.virtualMachine.machine.memory.base | quote }} + limits: + {{- if eq .Values.virtualMachine.machine.memory.overcommit.enabled true }} + memory: {{ .Values.virtualMachine.machine.memory.overcommit.limit | quote }} + {{ else }} + memory: {{ .Values.virtualMachine.machine.memory.base | quote }} + {{- end }} + {{- end }} + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.virtualMachine.networks }} + networks: + {{- toYaml . | nindent 12 }} + {{- end }} + terminationGracePeriodSeconds: 0 + priorityClassName: {{ .Values.virtualMachine.machine.priorityClassName }} + volumes: + {{- range $reg, $props := .Values.disks }} + {{- if ne "cloudinitvolume" $props.name }} + {{- if ne "hostDisk" $props.type }} + {{- if ne "configmap" $props.type }} + {{- if ne "secret" $props.type }} + {{- if not $props.ephemeral }} + {{- if not $props.image }} + - name: {{ $props.name }} + persistentVolumeClaim: + claimName: {{ $props.name }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq "configmap" $props.type }} + - name: {{ $props.name }} + configMap: + volumeLabel: {{ $props.volumeLabel }} + name: {{ $props.configMap }} + {{- end }} + {{- if eq "secret" $props.type }} + - name: {{ $props.name }} + secret: + secretName: {{ $props.secretName }} + {{- end }} + {{- if eq "hostDisk" $props.type }} + - hostDisk: + capacity: {{ $props.capacity }} + path: {{ $props.path }} + type: {{ $props.type }} + name: {{ $props.name }} + {{- end}} + {{- if $props.image }} + - containerDisk: + image: {{ $props.image }} + name: {{ $props.name }} + {{- end }} + {{- if $props.ephemeral }} + - name: {{ $props.name }} + ephemeral: + persistentVolumeClaim: + claimName: {{ $props.pvc }} + {{- end }} + {{- end }} + {{- if or (eq .Values.userDataSecret.enabled true) (eq .Values.cloudinit.enabled true) }} + - name: cloudinitvolume + cloudInitNoCloud: + secretRef: + {{- if eq .Values.userDataSecret.enabled true }} + {{- if eq .Values.cloudinit.enabled false }} + name: {{ .Values.userDataSecret.name }} + {{- end }} + {{- end }} + {{- if eq .Values.cloudinit.enabled true }} + name: {{ .Values.cloudinit.secret_name }} + {{- end }} + {{- end }} +{{- end }} diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/values.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/values.yaml new file mode 100644 index 00000000..6818acc5 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/values.yaml @@ -0,0 +1,611 @@ +################################################################################ +# \ \ / (_)_ __| |_ _ _ __ _| | | \/ | __ _ ___| |__ (_)_ __ ___ +# \ \ / /| | '__| __| | | |/ _` | | | |\/| |/ _` |/ __| '_ \| | '_ \ / _ \ +# \ V / | | | | |_| |_| | (_| | | | | | | (_| | (__| | | | | | | | __/ +# \_/ |_|_| \__|\__,_|\__,_|_| |_| |_|\__,_|\___|_| |_|_|_| |_|\___| +############################################################################### +virtualMachine: + # -- name of the virtualMachine or virtualMachinePool object + name: test + + # -- namespace to deploy to + namespace: kubevirt + + # -- Create the VM as a KubevirtMachineTemplate for use with Cluster API + # Does not support VM Pools + capiMachineTemplate: false + + # -- One of 'Always' `RerunOnFailure` `Manual` `Halted` `Once` + # See: https://kubevirt.io/user-guide/compute/run_strategies/#runstrategy + runStrategy: "Always" + + features: + # -- Enable KVM acceleration. + # Setting the 'hidden' flag to `true` will obscure kvm from the host. + # Set `hidden` to `false` when using vGPU in Windows Guests. + kvm: + enabled: true + hidden: false + + # -- Set default hyperv settings for windows guests + hyperv: false + + # Enable ACPI platform event device + acpiEnabled: true + + # -- Make pod network interface the default for the VM + autoattachPodInterface: true + + # -- Attach a serial console device + autoattachSerialConsole: true + + # -- Attach a basic graphics device for VNC access + autoattachGraphicsDevice: true + + # -- Enhances network performance by allowing multiple TX and RX queues. + networkInterfaceMultiqueue: true + + # -- Options for machine clock + clock: + enabled: true + + # -- Set clock timezone eg: "Europe/Amsterdam" or "utc" + timezone: utc + + # -- High Precision Event Timer + hpet: + enabled: true + present: false + + # -- Programmable interval timer + pit: + enabled: true + tickPolicy: delay + + # -- Real-Time Clock + rtc: + enabled: true + tickPolicy: catchup + + # -- Paravirtualized clock that provides better accuracy and performance. + # Recommended clock source for KVM guest virtual machines. + kvm: true + + # -- Hyper-V's reference time counter for use with Windows guests. + hyperv: false + + firmware: + # Enable System Management Mode (required for secureboot) + smmEnabled: false + + # -- Enable EFI bios and secureboot + efi: + enabled: true + secureBoot: false + uuid: 5d307ca9-b3ef-428c-8861-06e72d69f223 + + + machine: + # -- If a Pod cannot be scheduled, lower priorityClass Pods will be evicted + priorityClassName: vm-standard + + # -- Define CPU, RAM, GPU, HostDevice settings for VMs. + # Overrides: vCores, memory, gpus + instancetype: + enabled: false + name: standard-small + kind: virtualMachineClusterInstancetype + + # -- System Arch. Supported options are amd64 and arm64 + architecture: amd64 + + # -- QEMU virtual-machine type. Options are q35 and i440fx + machineType: q35 + + # -- Specify hots-passthrough or a named cpu model + # https://www.qemu.org/docs/master/system/qemu-cpu-models.html + cpuModel: host-passthrough + + # -- Number of simulated CPU sockets. + # Note: Multiple cpu-bound microbenchmarks show a significant + # performance advantage when using sockets instead of cores + # Does not work with some cpuManagerPolicy options. + sockets: 1 + + # -- Number of Virtual cores to pass to the Guest + # ignored when instancetype is defined + vCores: 2 + + # -- Enable simulation of Hyperthre ading on Intel CPUs or SMT AMD CPUs. + threads: 1 + + # -- Pin QEMU process threads to specific physical cores + # Requires `--cpu-manager-policy` enabled in kubelet + pinCores: true + + # -- In order to enhance the real-time support in KubeVirt and provide + # improved latency, KubeVirt will allocate an additional dedicated CPU, + # exclusively for the emulator thread, to which it will be pinned. + # Requires `dedicatedCpuPlacement` set to `true` + emulatorThread: false + + # -- Amount of RAM to pass to the Guest. Ignored when instancetype is defined + memory: + base: 2Gi + overcommit: + # -- Enable memory overcommitment. Tells VM it has more RAM than requested. + # VMI becomes Burtable QOS class and may be preempted when node is under memory pressure. + # GPU passthrough and vGPU will not function with overcommit enabled. + enabled: false + limit: 4Gi + + # -- Do not allocate hypervisor overhead memory to VM. Will work for as + # long as most of the VirtualMachineInstances do not request the full memory. + overhead: false + + # -- GPUs to pass to guest, requires that the GPUs are pre-configured in the + # kubevirt custom resource. ignored when instancetype is defined. + # ramFB & display may only be enabled on 1 vGPU + gpus: [] + # - name: gpu0 + # deviceName: nvidia.com/GRID_RTX6000-4Q + # virtualGPUOptions: + # display: + # enabled: true + # ramFB: + # enabled: true + + + # -- virtual network interface config options. + # See: https://kubevirt.io/user-guide/network/interfaces_and_networks/#interfaces + interfaces: + # -- bridge mode, vms are connected to the network via a linux "bridge". + # Pod network IP is delegated to vm via DHCPv4. VM must use DHCP for an IP + - masquerade: {} + name: default + model: virtio + + networks: + # Use the default pod network + - name: default + pod: {} + +######################### +# Create a Virtual Machine Pool +# Vm pools should be used with ephemeral disks or containerdisks +# otherwise they would all fight over the same PVC. +virtualMachinePool: + enabled: false + + # -- number of replicas to create. Ignored when hpa is set to 'true' + replicas: 2 + hpa: + enabled: true + maxReplicas: 5 + minReplicas: 1 + +############################################################################### +# ____ _ _ +# | _ \(_)___| | _____ +# | | | | / __| |/ / __| +# | |_| | \__ \ <\__ \ +# |____/|_|___/_|\_\___/ +############################################################################### +# -- controls hypervisor behavior when I/O errors occur on disk read or write. +# Possible values are: 'report', 'ignore', 'enospace' +diskErrorPolicy: "report" + +# -- List of disks to create for the VM, Will be used to create Datavolumes or PVCs. +disks: +################################################# +# DataVolume disk with URL source example +################################################# + - name: harddrive + # -- Disk type: disk, cdrom, filesystem, or lun + type: disk + # -- Bus type: sata or virtio + bus: virtio + # -- Sets disk position in boot order, lower numbers are checked earlier + bootorder: 2 + # -- Set disk to be Read-only + readonly: false + # -- Size of disk in GB + pvsize: 16Gi + # -- Storage class to use for the pvc + pvstorageClassName: fast-raid + # -- Access mode for the PVC + pvaccessMode: ReadWriteOnce + # -- source type of the disk image. One of `url`, `pvc` + source: url + # -- URL of cloud-image + url: "https://buildstars.online/debian-12-generic-amd64-daily.qcow2" + +######################################################### +# Ephemeral disk example +# no persistance, these are deleted after the VM exits +# requires an existing PVC as a backing file. +# Performance degrades at liarge sizes (100G+) +######################################################### +# - name: harddrive +# type: disk +# bus: virtio +# bootorder: 2 +# readonly: false +# pvc: debian12 +# ephemeral: true + +######################################################## +# DataVolume disk with existing PVC source example +######################################################## + # - name: harddrive + # type: disk + # bus: virtio + # bootorder: 2 + # readonly: false + # pvsize: 64G + # pvstorageClassName: local-path + # nodePlacement: scremlin + # pvaccessMode: ReadWriteOnce + # source: pvc + # pvcnamespace: kubevirt + # pvcname: debian12 + +########################################################## +# ISO live-image example +########################################################## +# - name: iso +# type: cdrom +# bus: sata +# bootorder: 1 +# readonly: true +# pvsize: 8G +# pvstorageClassName: local-path +# nodePlacement: node0 +# pvaccessMode: ReadWriteOnce +# source: "https://www.itechtics.com/?dl_id=173" + +########################################################## +# Empty PVC as disk example +########################################################## +# - name: harddrive +# type: disk +# bus: virtio +# bootorder: 2 +# readonly: false +# pvsize: 32G +# pvstorageClassName: local-path +# nodePlacement: node0 +# pvaccessMode: ReadWriteOnce + +########################################################## +# Container Disk Example +########################################################## +# - name: virtio-drivers +# type: cdrom +# bus: sata +# bootorder: 3 +# readonly: true +# image: "quay.io/kubevirt/virtio-container-disk:v1.0.0-rc.1-amd64" + +########################################################### +# Local Disk example +# Not working, will have to open a ticket +# disks need to be owned by 107:messagebus +# disks cannot be mounted, file systems unidentifiable +########################################################### +# - name: localfile +# type: hostDisk +# # -- Enter a capacity amount to create a new disk +# # otherwise expects an existing disk +# capacity: 500G +# path: /mnt/raid1/hdd2.img + +########################################################### +# ConfigMap example +# Attach a configmap to VM as an ISO disk or FileSystem +# Must be mounted via cloud init +# see https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-disk and +# https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-filesystem +# +# Configmaps may also specify the volumeLable field which informs the guest OS +# of the disk name. Useful for windows vms. +########################################################### +# - name: my-configmap +# type: configmap +# volumeLabel: cfgdata +# method: disk +# bootorder: 3 +# readonly: true +# configMap: my-configmap +# serialNumber: CVLY623300HK240D + +########################################################### +# ConfigMap example +# Attach a configmap to VM as an ISO disk or FileSystem +# Must be mounted via cloud init +# see https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-disk and +# https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-filesystem +########################################################### +# - name: my-secret +# type: secret +# method: disk +# bootorder: 3 +# readonly: true +# secretName: test +# serialNumber: CVLY623300HK240D + +# -- Use an existing cloud-init userdata secret +# ignored if cloudinit subchart is enabled. +userDataSecret: + enabled: false + name: "" + +################################################################################ +# ____ _ _ ___ _ _ +# / ___| | ___ _ _ __| |_ _|_ __ (_) |_ +# | | | |/ _ \| | | |/ _` || || '_ \| | __| +# | |___| | (_) | |_| | (_| || || | | | | |_ +# \____|_|\___/ \__,_|\__,_|___|_| |_|_|\__| +################################################################################ +# -- Enable or disable usage of cloud-init sub-chart +cloudinit: + enabled: true + + # Not all cloud-init modules are currently supported + # https://cloudinit.readthedocs.io/en/latest/reference/modules.html + + # -- name of secret in which to save the user-data file + secret_name: test-scrapmetal-user-data + + # -- image version + image: deserializeme/kv-cloud-init:v0.0.1 + + # -- Choose weather to create a service-account or not. Once a SA has been created + # you should set this to false on subsequent runs. + serviceAccount: + create: true + name: cloud-init-sa + # Ignored is `create` set to true + existingServiceAccountName: "cloud-init-sa" + + # -- Set up mount points. mounts contains a list of lists. + # The inner list contains entries for an /etc/fstab line + mounts: [] + + # -- creates a swap file using human-readable values. + swap: + enabled: false + filename: /swapfile + size: 1G + maxsize: 1G + + disk_setup: {} + # -- The name of the device. + # - name: /dev/vdb + # # -- This is a list of values, with the percentage of disk that + # # the partition will take. When layout is “true”, it instructs cloud-init + # # to single-partition the entire device. When layout is “false” it means + # # “don’t partition” or “ignore existing partitioning”. + # layout: true + # -- “false” is the default which means that the device will be checked for + # # a partition table and/or filesystem. “true” is cowboy mode, no checks. + # overwrite: false + # # -- Supported options ate `gpt` and `mbr` + # table_type: 'gpt' + + fs_setup: [] + # -- The device name. + # - device: /dev/vdb + # # -- The filesystem type. Supports ext{2,3,4} and vfat + # filesystem: ext4 + # # -- The filesystem label to be used. If set to “None”, no label is used. + # label: None + # # -- Options are `auto|any`, `auto`, or `any` + # partition: 'auto|any' + + # -- Dont recreate script configmap. Set to true when keeping multiple + # cloud-init secrets in the same namespace + existingConfigMap: false + + # -- Run envsubst against bootcmd and runcmd fields at the beginning of templating + # Not an official part of cloid-init + envsubst: false + + extraEnvVars: [] + # - name: VNC_PASS + # valueFrom: + # secretKeyRef: + # name: test-password + # key: "password" + + # -- virtual-machine hostname + hostname: test + + # -- namespace in which to create resources + namespace: kubevirt + + # -- Disable root login over ssh + disable_root: false + + # -- when enabled job sleeps to allow user to exec into the container + debug: false + + # -- salt used for password generation + salt: "saltsaltlettuce" + + # -- networking options + network: + # -- disable cloud-init’s network configuration capability and rely on + # other methods such as embedded configuration or other customisations. + config: disabled + + # -- add wireguard configuration from existing secret or as plain-text + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#wireguard + wireguard: [] + # interfaces: + # - name: wg0 + # config_path: /etc/wireguard/wg0.conf + # existingSecret: + # name: wg0-credentials + # key: wg0.conf + + # -- user configuration options + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#users-and-groups + # do NOT use 'admin' as username - it conflicts with multiele cloud-images + users: + - name: test + groups: users, admin, docker, sudo, kvm + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + lock_passwd: false + + # -- set user password from existing secret or generate random + password: + random: true + # random: false + # existingSecret: + # name: admin-password + # key: password + + # -- import user ssh public keys from github, gitlab, or launchpad + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ssh + ssh_import_id: [] + + # -- provider user ssh pub key as plaintext + ssh_authorized_keys: [] + + # -- Add CA certificates + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ca-certificates + ca_certs: [] + # remove_defaults: true + # trusted: + # - certificate + + # -- Run arbitrary commands early in the boot process + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#bootcmd + boot_cmd: [] + + # -- Write arbitrary files to disk. + # Files my be provided as plain-text or downloaded from a url + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#write-files + write_files: [] + + # -- Update, upgrade, and install packages + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#package-update-upgrade-install + package_reboot_if_required: false + package_update: true + package_upgrade: false + packages: [] + # - docker.io + + # -- Run arbitrary commands + # See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#runcmd + runcmd: [] + # - docker run -d -p 8080:80 nginx + +################################################################################ +# ____ _ ___ ___ +#/ ___| ___ _ ____ _(_) ___ ___ ( _ ) |_ _|_ __ __ _ _ __ ___ ___ ___ +#\___ \ / _ \ '__\ \ / / |/ __/ _ \ / _ \/\ | || '_ \ / _` | '__/ _ \/ __/ __| +# ___) | __/ | \ V /| | (_| __/ | (_> < | || | | | (_| | | | __/\__ \__ \ +#|____/ \___|_| \_/ |_|\___\___| \___/\/ |___|_| |_|\__, |_| \___||___/___/ +# |___/ +################################################################################ +# -- Service cinfiguration. Used to expose VM to the outside world. +# Accepts a list of ports to open. +service: +- name: test-service + type: NodePort + externalTrafficPolicy: Cluster + ports: + - name: nginx + port: 8080 + targetPort: 8080 + protocol: TCP + +# -- Ingress configuration +ingress: + enabled: false + className: "nginx" + hostname: "novnc.buildstar.online" + annotations: {} + # cert-manager.io/cluster-issuer: "letsencrypt-staging" + tls: [] + # enabled: true + # secretName: "tls-kubevirt-manager" + # paths: + # - path: / + # pathType: Prefix + # backend: + # service: + # name: test-service + # port: + # number: 8080 + +################################################################################ +# _ _ _ _ ____ _ _ _ +# | \ | | ___| |___ _____ _ __| | __ | _ \ ___ | (_) ___(_) ___ ___ +# | \| |/ _ \ __\ \ /\ / / _ \| '__| |/ / | |_) / _ \| | |/ __| |/ _ \/ __| +# | |\ | __/ |_ \ V V / (_) | | | < | __/ (_) | | | (__| | __/\__ \ +# |_| \_|\___|\__| \_/\_/ \___/|_| |_|\_\ |_| \___/|_|_|\___|_|\___||___/ +################################################################################ +networkPolicy: + # -- Enable the creation of network policies + enabled: false + egress: + # Allow communication to Kubernetes DNS service + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + - podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - protocol: UDP + port: 53 + + # Allow internet access + - to: + - ipBlock: + cidr: 0.0.0.0/0 + # Exclude traffic to Kubernetes service IPs and pods + except: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + + ingress: + # Allow internet access from the ingress controller + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: "ingress-nginx" + - podSelector: + matchLabels: + app.kubernetes.io/name: "ingress-nginx" + +################################################################################ +# ____ _ +# | _ \ _ __ ___ | |__ ___ ___ +# | |_) | '__/ _ \| '_ \ / _ \/ __| +# | __/| | | (_) | |_) | __/\__ \ +# |_| |_| \___/|_.__/ \___||___/ +################################################################################ +# -- set tieming and port number for liveness probe +# livenessProbe: +# initialDelaySeconds: 60 +# periodSeconds: 10 +# tcpSocket: +# port: 8080 +# timeoutSeconds: 10 + +# -- set tieming and port number for readiness probe +# readinessProbe: +# initialDelaySeconds: 60 +# periodSeconds: 10 +# timeoutSeconds: 10 +# failureThreshold: 6 +# successThreshold: 1 +# httpGet: +# port: 8080 diff --git a/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/win-values.yaml b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/win-values.yaml new file mode 100644 index 00000000..f824cf66 --- /dev/null +++ b/samples/networking/ingress/tc_with_vm/helm/kubevirt-vm/win-values.yaml @@ -0,0 +1,176 @@ +########################## +# Virtual Machine settings +virtualMachine: + name: win10 + namespace: windows10 + runStrategy: "RerunOnFailure" + + features: + kvmEnabled: true + acpiEnabled: true + smmEnabled: false + efiEnabled: false + secureBoot: false + autoattachPodInterface: true + autoattachSerialConsole: true + autoattachGraphicsDevice: true + hyperv: true + clock: + enabled: true + hpet: + enabled: true + present: false + pit: + enabled: true + tickPolicy: delay + rtc: + enabled: true + tickPolicy: catchup + kvm: false + hyperv: true + + machine: + instancetype: + enabled: false + priorityClassName: vm-standard + machineType: "q35" + cpuModel: host-passthrough + vCores: 4 + pinCores: false + hyperThreadingEnabled: true + memory: 8Gi + + gpus: [] + + interfaces: + - name: default + bridge: {} + model: e1000 + + networks: + - name: default + pod: {} + +virtualMachinePool: + enabled: false + replicas: 1 + hpa: + enabled: false + maxReplicas: 5 + minReplicas: 10 + +disks: +- name: win2k19-install-iso + type: cdrom + bus: sata + bootorder: 1 + readonly: true + pvsize: 8Gi + nodePlacement: bradley + pvstorageClass: local-path + pvaccessMode: ReadWriteOnce + source: pvc + pvcnamespace: kubevirt + pvcname: windows10-iso + +- name: answers + type: configmap + method: disk + bootorder: 3 + readonly: true + configMap: answers + serialNumber: CVLY623300HK240D + +- name: windows-install-rootdisk + type: disk + bus: sata + bootorder: 2 + readonly: false + pvsize: 32G + pvstorageClass: local-path + pvaccessMode: ReadWriteOnce + +- name: windows-guest-tools + type: cdrom + bus: sata + bootorder: 4 + readonly: true + image: "quay.io/kubevirt/virtio-container-disk:v1.0.0-rc.1-amd64" + +service: +- name: service + type: LoadBalancer + externalTrafficPolicy: Cluster + ports: + - name: ssh + port: 22 + targetPort: 22 + protocol: TCP + - name: vnc + port: 5900 + targetPort: 5900 + protocol: TCP + - name: rdp + nodePort: 31597 + port: 3389 + protocol: TCP + targetPort: 3389 + - name: sunshine0 + nodePort: 32203 + port: 47984 + protocol: TCP + targetPort: 47984 + - name: sunshine1 + nodePort: 31213 + port: 47985 + protocol: TCP + targetPort: 47985 + - name: sunshine2 + nodePort: 30217 + port: 47986 + protocol: TCP + targetPort: 47986 + - name: sunshine3 + nodePort: 30112 + port: 47987 + protocol: TCP + targetPort: 47987 + - name: sunshine4 + nodePort: 30474 + port: 47988 + protocol: TCP + targetPort: 47988 + - name: sunshine5 + nodePort: 32567 + port: 47989 + protocol: TCP + targetPort: 47989 + - name: sunshine6 + nodePort: 30881 + port: 47990 + protocol: TCP + targetPort: 47990 + - name: sunshine7 + nodePort: 31957 + port: 47998 + protocol: UDP + targetPort: 47998 + - name: sunshine8 + nodePort: 32672 + port: 47999 + protocol: UDP + targetPort: 47999 + - name: sunshine9 + nodePort: 31549 + port: 48000 + protocol: UDP + targetPort: 48000 + - name: sunshine10 + nodePort: 31786 + port: 48010 + protocol: TCP + targetPort: 48010 + +# -- enable or disable usage of cloud-init +cloudinit: + enabled: false