diff --git a/kubernetes/apps/kubevirt/cdi/ingress.yaml b/kubernetes/apps/kubevirt/cdi/ingress.yaml new file mode 100644 index 00000000..1d16c9dd --- /dev/null +++ b/kubernetes/apps/kubevirt/cdi/ingress.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: cdi-uploadproxy + namespace: cdi +spec: + ingressClassName: internal-nginx + rules: + - host: &host "cdi.jahanson.tech" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: cdi-uploadproxy + port: + number: 443 + tls: + - hosts: + - *host diff --git a/kubernetes/apps/kubevirt/kustomization.yaml b/kubernetes/apps/kubevirt/kustomization.yaml new file mode 100644 index 00000000..7f43df74 --- /dev/null +++ b/kubernetes/apps/kubevirt/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + # Pre Flux-Kustomizations + - ./namespace.yaml + # Flux-Kustomizations + - ./manager/ks.yaml diff --git a/kubernetes/apps/kubevirt/manager/app/helmrelease.yaml b/kubernetes/apps/kubevirt/manager/app/helmrelease.yaml new file mode 100644 index 00000000..4d446c26 --- /dev/null +++ b/kubernetes/apps/kubevirt/manager/app/helmrelease.yaml @@ -0,0 +1,83 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: &app kubevirt-manager +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.1.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + controllers: + kubevirt-manager: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: docker.io/kubevirtmanager/kubevirt-manager + tag: 1.3.3 + env: + TZ: America/Chicago + resources: + requests: + cpu: 5m + memory: 50Mi + limits: + memory: 150Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + pod: + securityContext: + runAsUser: 10000 + runAsGroup: 30000 + serviceAccount: + create: true + name: kubevirt-manager + service: + app: + controller: kubevirt-manager + ports: + http: + port: 8080 + ingress: + app: + className: internal-nginx + hosts: + - host: &host "kubevirt.jahanson.tech" + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: http + tls: + - hosts: + - *host + persistence: + cache: + type: emptyDir + globalMounts: + - path: /var/cache/nginx + run: + type: emptyDir + globalMounts: + - path: /var/run diff --git a/kubernetes/apps/kubevirt/manager/app/kustomization.yaml b/kubernetes/apps/kubevirt/manager/app/kustomization.yaml new file mode 100644 index 00000000..ac4760d6 --- /dev/null +++ b/kubernetes/apps/kubevirt/manager/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./rbac.yaml diff --git a/kubernetes/apps/kubevirt/manager/app/rbac.yaml b/kubernetes/apps/kubevirt/manager/app/rbac.yaml new file mode 100644 index 00000000..8b8f22c9 --- /dev/null +++ b/kubernetes/apps/kubevirt/manager/app/rbac.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubevirt-manager +rules: + - apiGroups: [""] + resources: ["nodes", "namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["customresourcedefinitions"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumeclaims", "persistentvolumes", "services", "secrets", "serviceaccounts", "configmaps", "deployments"] + verbs: ["*"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["rolebindings"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["*"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list"] + - apiGroups: ["k8s.cni.cncf.io"] + resources: ["network-attachment-definitions"] + verbs: ["get", "list"] + - apiGroups: ["kubevirt.io"] + resources: ["virtualmachines", "virtualmachineinstances"] + verbs: ["*"] + - apiGroups: ["subresources.kubevirt.io"] + resources: ["*"] + verbs: ["get", "list", "update", "patch"] + - apiGroups: ["instancetype.kubevirt.io"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["cdi.kubevirt.io"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["pool.kubevirt.io"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["get", "list"] + - apiGroups: ["autoscaling"] + resources: ["horizontalpodautoscalers"] + verbs: ["*"] + - apiGroups: ["cluster.x-k8s.io"] + resources: ["clusters", "machinedeployments"] + verbs: ["*"] + - apiGroups: ["controlplane.cluster.x-k8s.io"] + resources: ["kubeadmcontrolplanes"] + verbs: ["*"] + - apiGroups: ["infrastructure.cluster.x-k8s.io"] + resources: ["kubevirtmachinetemplates", "kubevirtclusters"] + verbs: ["*"] + - apiGroups: ["bootstrap.cluster.x-k8s.io"] + resources: ["kubeadmconfigtemplates"] + verbs: ["*"] + - apiGroups: ["addons.cluster.x-k8s.io"] + resources: ["clusterresourcesets"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubevirt-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubevirt-manager +subjects: + - kind: ServiceAccount + name: kubevirt-manager + namespace: kubevirt +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubevirt-manager-kccm +rules: + - apiGroups: ["kubevirt.io"] + resources: ["virtualmachines"] + verbs: ["get", "list", "watch"] + - apiGroups: ["kubevirt.io"] + resources: ["virtualmachineinstances"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["services"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubevirt-manager-kccm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubevirt-manager-kccm +subjects: + - kind: ServiceAccount + name: kubevirt-manager + namespace: kubevirt diff --git a/kubernetes/apps/kubevirt/manager/ks.yaml b/kubernetes/apps/kubevirt/manager/ks.yaml new file mode 100644 index 00000000..cb7c41f7 --- /dev/null +++ b/kubernetes/apps/kubevirt/manager/ks.yaml @@ -0,0 +1,18 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kubevirt-manager + namespace: flux-system +spec: + targetNamespace: kubevirt + path: ./kubernetes/apps/kubevirt/manager/app + prune: true + sourceRef: + kind: GitRepository + name: homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kubevirt/namespace.yaml b/kubernetes/apps/kubevirt/namespace.yaml new file mode 100644 index 00000000..cbde5f58 --- /dev/null +++ b/kubernetes/apps/kubevirt/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: kubevirt + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + volsync.backube/privileged-movers: "true" + pod-security.kubernetes.io/enforce: "privileged" + kubevirt.io: "" diff --git a/kubernetes/apps/kubevirt/vms/fj-runner-01.yaml b/kubernetes/apps/kubevirt/vms/fj-runner-01.yaml new file mode 100644 index 00000000..badd911c --- /dev/null +++ b/kubernetes/apps/kubevirt/vms/fj-runner-01.yaml @@ -0,0 +1,56 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kubevirt.io/virtualmachine_v1.json +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: fj-runner-01 + namespace: default + uid: e0725361-eb07-44bc-bb01-7a1dba39622a + labels: + kubevirt-manager.io/managed: "true" + kubevirt.io/domain: fj-runner-01 +spec: + running: true + template: + metadata: + creationTimestamp: null + labels: + kubevirt-manager.io/managed: "true" + kubevirt.io/domain: fj-runner-01 + spec: + architecture: amd64 + domain: + cpu: + cores: 4 + sockets: 1 + threads: 2 + devices: + disks: + - disk: {} + name: disk1 + bootOrder: 0 + - disk: {} + name: disk2 + bootOrder: 1 + interfaces: + - bridge: {} + name: net1 + networkInterfaceMultiqueue: true + machine: + type: q35 + resources: + requests: + memory: 8Gi + networks: + - name: net1 + pod: {} + nodeSelector: + kubernetes.io/hostname: shadowfax + priorityClassName: vm-standard + volumes: + - dataVolume: + name: default-fj-runner-01-disk1 + name: disk1 + - dataVolume: + name: default-fj-runner-01-disk2 + name: disk2