mirror of
https://github.com/outbackdingo/Biohazard.git
synced 2026-01-27 18:18:26 +00:00
feat(kubevirt): add ad
This commit is contained in:
JJGadgets
@@ -28,6 +28,7 @@ IP_WG_GUEST_V4=ENC[AES256_GCM,data:zNwOAgzou0T8cAduDBY=,iv:matZ/IhxDQ+CGO3Ielqls
|
||||
IP_CLUSTER_VIP=ENC[AES256_GCM,data:ghu7xLzr91gN,iv:4KNr0G6tjdzsoyy8TLCIdCp4vvWNGHOJfob7XCLTDto=,tag:cO9O4nhuLR3hFtHJpdoE9Q==,type:str]
|
||||
IP_POD_CIDR_V4=ENC[AES256_GCM,data:3SN16w9wO79Kt2OlZg==,iv:8Q+GVVGU6NZRHR5E3FZXpyev4CC6e7k1NYRb8GhpZUE=,tag:i9WluteN3JdWDePWEANzOw==,type:str]
|
||||
IP_SVC_CIDR_V4=ENC[AES256_GCM,data:uHwTCCtbTpo4UwHgJw==,iv:+I2V+I0jffCJknDomBQ9Zw7btm2sJupbsKl5mnHka2Y=,tag:kxGqfwSEtRdMS/0CL5FpvA==,type:str]
|
||||
IP_KUBEVIRT_AD_CIDR=ENC[AES256_GCM,data:Wr9B2gEoO5tr6ZMM2cA=,iv:XeRnRbmHpp9SlV+4ejKpFi6dlAerzwiLlNRoWGSc9ts=,tag:m70pJNbnZRSZFbaDEMBOQA==,type:str]
|
||||
IP_LB_CIDR=ENC[AES256_GCM,data:NHEFdMzcHnBca+8tgA==,iv:ZQLZfYJNmDrJOyW8OPG4fNL5KYylcJTPx6wYZDGYoFU=,tag:uQFBVjIhhddl+wZwnIgEBQ==,type:str]
|
||||
IP_LB_DNS_CIDR=ENC[AES256_GCM,data:n++ZYPrjSQCEaNC6YVM=,iv:LnTTl2kaFgKK8HZLotkZBLqpCFEBH6GOAkTFihgXpHY=,tag:w4PLDrN/Ba/KAVEoOBn2wA==,type:str]
|
||||
IP_LB_DNS=ENC[AES256_GCM,data:LX0wu1WB2Hj0Dyc=,iv:rxdCTNbgCvLmJ7MMz6O3E+BXcdKgT3atSM0pbYPOgQ4=,tag:oJmPV4avTj6qbyCRCxUC3Q==,type:str]
|
||||
@@ -59,6 +60,7 @@ DNS_FUNNY=ENC[AES256_GCM,data:XGYFv5xnZ6M=,iv:teiYncvQ44vTK+cYiJTSHSYQFv0JxXRs6q
|
||||
DNS_TS=ENC[AES256_GCM,data:1ADXn74Pji65N3WayXvV,iv:vFcTDd90+5pxNV+J98iOgRQPy3glePQ0vFEVlEqeHdE=,tag:tK4JUZTydlP0SWZjGBQu5Q==,type:str]
|
||||
DNS_KAH=ENC[AES256_GCM,data:MUJI1U6bNmvzvAU=,iv:1eTSLdbbuMwx1YVo0STg8wL9lKy3OaR9KLMznw9LZFs=,tag:BYnkE2X/jKM5Fr/9/6GbfQ==,type:str]
|
||||
DNS_NAS=ENC[AES256_GCM,data:tXgzzi0q8Q/4GSL8oPpw3JzgobLF+Zhl/A==,iv:Qr+PpJwgzvSjo4dUA5lnszfwIkdnyT/Y+O7WP8vppls=,tag:eeht1Fj20CJHIWA4o2YW/g==,type:str]
|
||||
DNS_AD=ENC[AES256_GCM,data:VrCMDaEyVY/GxCuATQUIhkE=,iv:p9mze7JKIWLIZ4GTTLyzKDqegzaBGo4xupfA37F3xqQ=,tag:blAxKDqsZug7u80NPNoVYQ==,type:str]
|
||||
DNS_OLD_DOCKER=ENC[AES256_GCM,data:9nDHAHXCge/1+Ht8ufHWbqCoCC61,iv:8OsS2kwc+wM91JP2UGAOk9pIV1NMbJftivNRHpS7GMo=,tag:ahE6gj74E60iszNOGrqSzQ==,type:str]
|
||||
PATH_NAS_MEDIA=ENC[AES256_GCM,data:ZpKa4xnMHKWOO9pDQ1b1NlHWQPfuybn81u4uQ409,iv:dB84+0jnUJDylWpOABTdylsT0gR10l2LNGE6trHZtNk=,tag:l/bt9asoFhEosRlpfLncgw==,type:str]
|
||||
PATH_NAS_PERSIST_K8S=ENC[AES256_GCM,data:nS9umA3p29pVqWJoB5HpupInDSrg0N6GSvjEkM0l8uVaOcL2,iv:+3mMWya4stoQ3KHO1HmPUQ+Q4bq3y5farOhRJw5xPws=,tag:Jo9eSG8dfR1qn6mu6n7HDg==,type:str]
|
||||
@@ -205,10 +207,12 @@ TAILSCALE_APISERVER_ADMIN_1=ENC[AES256_GCM,data:lb6hDhxpcylC23bC96Yftj8=,iv:CODH
|
||||
SECRET_TAILSCALE_TALOS_AUTHKEY_ANGE=ENC[AES256_GCM,data:9+LbF335viQmmfVdFBnHMjBf0P8R+K95YzlfaHOtVYhF1BLukEBIT6+QpLP8LgMP1IrJufiOi1A=,iv:+8N+LKuhdBJCwI/204GS7ajO1BqkyNFLkv04yEjuebw=,tag:h7ejlVU/0Nv+0d5/POcU/g==,type:str]
|
||||
SECRET_TAILSCALE_TALOS_AUTHKEY_CHARLOTTE=ENC[AES256_GCM,data:R99pfS9Nw4UD5drLMxCHhukZvY14LVFwueqE2Wx4i2Q4ancL2UvEO5EOyYE1hNF6XrgALImQjmhQ,iv:NLAAx32E9m5YIxgDyUhr3XogYerQgUo7zHCTg+dyAUA=,tag:cAn85+8C85XSUSkIL1i7+w==,type:str]
|
||||
SECRET_TAILSCALE_TALOS_AUTHKEY_CHISE=ENC[AES256_GCM,data:io5oMtjzwQk0+ypUhNOTRrZV9sfcUKKrr5UApBrHXbNX1pCP8W2Tcpl2OoXRb1q2rgdZNQL2k+WS,iv:MpOxyFc+PgNBK11vQMbOc0shKX12LVEvFetfDuIxcvg=,tag:OAd0hGkAviTr+vheEe5EBg==,type:str]
|
||||
VM_UUID_AD_DC1=ENC[AES256_GCM,data:IS+IhA/KhbFuv0XxIEzOyV9yLwaw2RpHoguMBKsfD4urYnn7,iv:f3+t8DQUi6GXWd3lCMOUrRAgBgPRiJjMyCe2dK0tfRE=,tag:mzYjaYSgBkSyKPNkxItRAQ==,type:str]
|
||||
VM_UUID_AD_DC2=ENC[AES256_GCM,data:wdGQCok1cHLNfubTXA636+0FpKJex1MY9IRYvGX05Rrl+8E/,iv:DdGleAp8cT9xhsMmgFMnoJgb5Ctem9tVm6qI6xXgUBo=,tag:BmMdCbhCYOmOgi+NudfAgQ==,type:str]
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
sops_lastmodified=2023-12-17T13:53:01Z
|
||||
sops_mac=ENC[AES256_GCM,data:a/CnV26kEouH174+jbWXPcp3/3W7myJn34igK5M3T51FtJoy7D321BZ512qvk78RvAz8wXaezOLFhAQ0rssm+NWDonnXnQL4NeX7/QfT/Uiv8hx9oGzuMHQO3KuBndcDm7zZmuYeU17GPNjE7DnrmusAl9jfOvVC541unDfIEec=,iv:mVxCT7nH2S5PC12s9zSaQuXgcKsJh0QCRZQvjT5Xn8U=,tag:AdfHZG5P4WeeODQx2wk2hg==,type:str]
|
||||
sops_lastmodified=2023-12-26T01:52:37Z
|
||||
sops_mac=ENC[AES256_GCM,data:isdwxALfASkTiV/g6x8UNekgk20mTsdeQLjgggFz/f90gTsQQwDWCEMRuAgWdxTm3r0Lv449mrH1GiEeouzTbCWu+SzIdi2I/b96Bny63nyzD3PrsrxXIWURdFopQ5UN5Ev/aaX7pfUs5A8wnbGDkqgmWrUBgRr/+YpGWbvWmOo=,iv:pD5/kI8KWgl2J2MEqorXm8OZD8/+LOHkVB3hVCWgOaY=,tag:wvPHqNgpKxZb1oXQOY1u3g==,type:str]
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:04Z
|
||||
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
|
||||
42
kube/deploy/vm/_base/app/preferences/windows.yaml
Normal file
42
kube/deploy/vm/_base/app/preferences/windows.yaml
Normal file
@@ -0,0 +1,42 @@
|
||||
---
|
||||
apiVersion: instancetype.kubevirt.io/v1beta1
|
||||
kind: VirtualMachinePreference
|
||||
metadata:
|
||||
name: "windows" # Windows Server 2022 & Windows 11
|
||||
# from https://github.com/kubevirt/kubevirt/blob/2c5e56f2cd0fcde341f47a7da0b94bc812c2f43f/examples/windows.yaml
|
||||
spec:
|
||||
clock:
|
||||
preferredClockOffset:
|
||||
timezone: "${CONFIG_TZ}"
|
||||
preferredTimer:
|
||||
hpet:
|
||||
present: false
|
||||
hyperv: {}
|
||||
pit:
|
||||
tickPolicy: delay
|
||||
rtc:
|
||||
tickPolicy: catchup
|
||||
cpu:
|
||||
preferredCPUTopology: preferSockets
|
||||
devices:
|
||||
preferredDiskBus: sata
|
||||
preferredInterfaceModel: virtio
|
||||
preferredTPM:
|
||||
persistent: true
|
||||
features:
|
||||
preferredAcpi: {}
|
||||
preferredApic: {}
|
||||
preferredHyperv:
|
||||
relaxed: {}
|
||||
spinlocks:
|
||||
spinlocks: 8191
|
||||
vapic: {}
|
||||
preferredSmm: {}
|
||||
firmware:
|
||||
preferredUseEfi: true
|
||||
preferredUseSecureBoot: true
|
||||
volumes:
|
||||
preferredStorageClassName: "block"
|
||||
preferredTerminationGracePeriodSeconds: 180
|
||||
machine:
|
||||
preferredMachineType: "pc-q35-6.0"
|
||||
10
kube/deploy/vm/_base/app/types/cpu-2-mem-8g.yaml
Normal file
10
kube/deploy/vm/_base/app/types/cpu-2-mem-8g.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
apiVersion: instancetype.kubevirt.io/v1beta1
|
||||
kind: VirtualMachineInstancetype
|
||||
metadata:
|
||||
name: "cpu-2-mem-8g"
|
||||
spec:
|
||||
cpu:
|
||||
guest: 2
|
||||
memory:
|
||||
guest: 8192Mi
|
||||
10
kube/deploy/vm/_base/ks.yaml
Normal file
10
kube/deploy/vm/_base/ks.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: zz-vm-1-kubevirt-base
|
||||
namespace: flux-system
|
||||
spec:
|
||||
path: ./kube/deploy/vm/_base/app
|
||||
dependsOn:
|
||||
- name: zz-vm-1-kubevirt-app
|
||||
5
kube/deploy/vm/_base/kustomization.yaml
Normal file
5
kube/deploy/vm/_base/kustomization.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ks.yaml
|
||||
34
kube/deploy/vm/ad/ks.yaml
Normal file
34
kube/deploy/vm/ad/ks.yaml
Normal file
@@ -0,0 +1,34 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: zz-vm-ad-dc1
|
||||
namespace: flux-system
|
||||
spec:
|
||||
path: ./kube/deploy/vm/ad/template-dc
|
||||
targetNamespace: "vm-ad"
|
||||
dependsOn:
|
||||
- name: zz-vm-1-kubevirt-app
|
||||
- name: zz-vm-1-kubevirt-base
|
||||
- name: 1-core-storage-rook-ceph-cluster
|
||||
postBuild:
|
||||
substitute:
|
||||
NUM: "1"
|
||||
UUID: "${VM_UUID_AD_DC1}"
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: zz-vm-ad-dc2
|
||||
namespace: flux-system
|
||||
spec:
|
||||
path: ./kube/deploy/vm/ad/template-dc
|
||||
targetNamespace: "vm-ad"
|
||||
dependsOn:
|
||||
- name: zz-vm-1-kubevirt-app
|
||||
- name: zz-vm-1-kubevirt-base
|
||||
- name: 1-core-storage-rook-ceph-cluster
|
||||
postBuild:
|
||||
substitute:
|
||||
NUM: "2"
|
||||
UUID: "${VM_UUID_AD_DC2}"
|
||||
6
kube/deploy/vm/ad/kustomization.yaml
Normal file
6
kube/deploy/vm/ad/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ns.yaml
|
||||
- ks.yaml
|
||||
5
kube/deploy/vm/ad/ns.yaml
Normal file
5
kube/deploy/vm/ad/ns.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: vm-ad
|
||||
6
kube/deploy/vm/ad/template-dc/kustomization.yaml
Normal file
6
kube/deploy/vm/ad/template-dc/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- pvc.yaml
|
||||
- vm.yaml
|
||||
18
kube/deploy/vm/ad/template-dc/pvc.yaml
Normal file
18
kube/deploy/vm/ad/template-dc/pvc.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: "vm-ad-dc${NUM}-c-drive"
|
||||
labels:
|
||||
snapshot.home.arpa/enabled: "true"
|
||||
spec:
|
||||
storageClassName: "block"
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
volumeMode: "Filesystem"
|
||||
resources:
|
||||
requests:
|
||||
storage: "105Gi"
|
||||
# dataSourceRef:
|
||||
# apiGroup: "volsync.backube"
|
||||
# kind: "ReplicationDestination"
|
||||
# name: "vm-ad-dc1-c-drive-bootstrap"
|
||||
70
kube/deploy/vm/ad/template-dc/vm.yaml
Normal file
70
kube/deploy/vm/ad/template-dc/vm.yaml
Normal file
@@ -0,0 +1,70 @@
|
||||
---
|
||||
apiVersion: kubevirt.io/v1
|
||||
kind: VirtualMachine
|
||||
metadata:
|
||||
name: "ad-dc${NUM}"
|
||||
spec:
|
||||
preference:
|
||||
kind: "VirtualMachinePreference"
|
||||
name: "windows"
|
||||
instancetype:
|
||||
kind: "VirtualMachineInstancetype"
|
||||
name: "cpu-2-mem-8g"
|
||||
runStrategy: "Always"
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
vm.home.arpa/os: "windows"
|
||||
vm.home.arpa/windows: "ad"
|
||||
vm.home.arpa/ad: "dc${NUM}"
|
||||
spec:
|
||||
hostname: "thunder-DC${NUM}"
|
||||
subdomain: "${DNS_AD}"
|
||||
evictionStrategy: "LiveMigrate"
|
||||
networks:
|
||||
- name: "main"
|
||||
pod:
|
||||
vmNetworkCIDR: "${IP_KUBEVIRT_AD_CIDR_V4}"
|
||||
volumes:
|
||||
- name: "c-drive"
|
||||
persistentVolumeClaim:
|
||||
claimName: "vm-ad-dc${NUM}-c-drive"
|
||||
domain:
|
||||
devices:
|
||||
disks:
|
||||
- name: "c-drive"
|
||||
disk:
|
||||
bus: "sata"
|
||||
autoattachMemBalloon: false
|
||||
autoattachGraphicsDevice: true
|
||||
autoattachInputDevice: true
|
||||
inputs:
|
||||
- name: "tablet"
|
||||
type: "tablet"
|
||||
autoattachPodInterface: true
|
||||
interfaces:
|
||||
- name: "main"
|
||||
masquerade: {}
|
||||
ports:
|
||||
- name: "wireguard"
|
||||
port: 45678
|
||||
protocol: "UDP"
|
||||
- name: "tailscale"
|
||||
port: 41641
|
||||
protocol: "UDP"
|
||||
firmware:
|
||||
uuid: "${UUID}"
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
memory: "8192Mi"
|
||||
limits:
|
||||
cpu: "2000m"
|
||||
memory: "10240Mi"
|
||||
topologySpreadConstraints:
|
||||
- maxSkew: 1
|
||||
topologyKey: "kubernetes.io/hostname"
|
||||
whenUnsatisfiable: "DoNotSchedule"
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
vm.home.arpa/windows: "ad"
|
||||
Reference in New Issue
Block a user