From 2a7ba1e4e60a8655251c0eaa0538e3fa90e52a9a Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Tue, 26 Dec 2023 10:44:57 +0800 Subject: [PATCH] feat(kubevirt): add ad --- kube/clusters/biohazard/config/vars.sops.env | 8 ++- .../vm/_base/app/preferences/windows.yaml | 42 +++++++++++ .../vm/_base/app/types/cpu-2-mem-8g.yaml | 10 +++ kube/deploy/vm/_base/ks.yaml | 10 +++ kube/deploy/vm/_base/kustomization.yaml | 5 ++ kube/deploy/vm/ad/ks.yaml | 34 +++++++++ kube/deploy/vm/ad/kustomization.yaml | 6 ++ kube/deploy/vm/ad/ns.yaml | 5 ++ .../vm/ad/template-dc/kustomization.yaml | 6 ++ kube/deploy/vm/ad/template-dc/pvc.yaml | 18 +++++ kube/deploy/vm/ad/template-dc/vm.yaml | 70 +++++++++++++++++++ 11 files changed, 212 insertions(+), 2 deletions(-) create mode 100644 kube/deploy/vm/_base/app/preferences/windows.yaml create mode 100644 kube/deploy/vm/_base/app/types/cpu-2-mem-8g.yaml create mode 100644 kube/deploy/vm/_base/ks.yaml create mode 100644 kube/deploy/vm/_base/kustomization.yaml create mode 100644 kube/deploy/vm/ad/ks.yaml create mode 100644 kube/deploy/vm/ad/kustomization.yaml create mode 100644 kube/deploy/vm/ad/ns.yaml create mode 100644 kube/deploy/vm/ad/template-dc/kustomization.yaml create mode 100644 kube/deploy/vm/ad/template-dc/pvc.yaml create mode 100644 kube/deploy/vm/ad/template-dc/vm.yaml diff --git a/kube/clusters/biohazard/config/vars.sops.env b/kube/clusters/biohazard/config/vars.sops.env index 8fa37657..a23955b6 100644 --- a/kube/clusters/biohazard/config/vars.sops.env +++ b/kube/clusters/biohazard/config/vars.sops.env @@ -28,6 +28,7 @@ IP_WG_GUEST_V4=ENC[AES256_GCM,data:zNwOAgzou0T8cAduDBY=,iv:matZ/IhxDQ+CGO3Ielqls IP_CLUSTER_VIP=ENC[AES256_GCM,data:ghu7xLzr91gN,iv:4KNr0G6tjdzsoyy8TLCIdCp4vvWNGHOJfob7XCLTDto=,tag:cO9O4nhuLR3hFtHJpdoE9Q==,type:str] IP_POD_CIDR_V4=ENC[AES256_GCM,data:3SN16w9wO79Kt2OlZg==,iv:8Q+GVVGU6NZRHR5E3FZXpyev4CC6e7k1NYRb8GhpZUE=,tag:i9WluteN3JdWDePWEANzOw==,type:str] IP_SVC_CIDR_V4=ENC[AES256_GCM,data:uHwTCCtbTpo4UwHgJw==,iv:+I2V+I0jffCJknDomBQ9Zw7btm2sJupbsKl5mnHka2Y=,tag:kxGqfwSEtRdMS/0CL5FpvA==,type:str] +IP_KUBEVIRT_AD_CIDR=ENC[AES256_GCM,data:Wr9B2gEoO5tr6ZMM2cA=,iv:XeRnRbmHpp9SlV+4ejKpFi6dlAerzwiLlNRoWGSc9ts=,tag:m70pJNbnZRSZFbaDEMBOQA==,type:str] IP_LB_CIDR=ENC[AES256_GCM,data:NHEFdMzcHnBca+8tgA==,iv:ZQLZfYJNmDrJOyW8OPG4fNL5KYylcJTPx6wYZDGYoFU=,tag:uQFBVjIhhddl+wZwnIgEBQ==,type:str] IP_LB_DNS_CIDR=ENC[AES256_GCM,data:n++ZYPrjSQCEaNC6YVM=,iv:LnTTl2kaFgKK8HZLotkZBLqpCFEBH6GOAkTFihgXpHY=,tag:w4PLDrN/Ba/KAVEoOBn2wA==,type:str] IP_LB_DNS=ENC[AES256_GCM,data:LX0wu1WB2Hj0Dyc=,iv:rxdCTNbgCvLmJ7MMz6O3E+BXcdKgT3atSM0pbYPOgQ4=,tag:oJmPV4avTj6qbyCRCxUC3Q==,type:str] @@ -59,6 +60,7 @@ DNS_FUNNY=ENC[AES256_GCM,data:XGYFv5xnZ6M=,iv:teiYncvQ44vTK+cYiJTSHSYQFv0JxXRs6q DNS_TS=ENC[AES256_GCM,data:1ADXn74Pji65N3WayXvV,iv:vFcTDd90+5pxNV+J98iOgRQPy3glePQ0vFEVlEqeHdE=,tag:tK4JUZTydlP0SWZjGBQu5Q==,type:str] DNS_KAH=ENC[AES256_GCM,data:MUJI1U6bNmvzvAU=,iv:1eTSLdbbuMwx1YVo0STg8wL9lKy3OaR9KLMznw9LZFs=,tag:BYnkE2X/jKM5Fr/9/6GbfQ==,type:str] DNS_NAS=ENC[AES256_GCM,data:tXgzzi0q8Q/4GSL8oPpw3JzgobLF+Zhl/A==,iv:Qr+PpJwgzvSjo4dUA5lnszfwIkdnyT/Y+O7WP8vppls=,tag:eeht1Fj20CJHIWA4o2YW/g==,type:str] +DNS_AD=ENC[AES256_GCM,data:VrCMDaEyVY/GxCuATQUIhkE=,iv:p9mze7JKIWLIZ4GTTLyzKDqegzaBGo4xupfA37F3xqQ=,tag:blAxKDqsZug7u80NPNoVYQ==,type:str] DNS_OLD_DOCKER=ENC[AES256_GCM,data:9nDHAHXCge/1+Ht8ufHWbqCoCC61,iv:8OsS2kwc+wM91JP2UGAOk9pIV1NMbJftivNRHpS7GMo=,tag:ahE6gj74E60iszNOGrqSzQ==,type:str] PATH_NAS_MEDIA=ENC[AES256_GCM,data:ZpKa4xnMHKWOO9pDQ1b1NlHWQPfuybn81u4uQ409,iv:dB84+0jnUJDylWpOABTdylsT0gR10l2LNGE6trHZtNk=,tag:l/bt9asoFhEosRlpfLncgw==,type:str] PATH_NAS_PERSIST_K8S=ENC[AES256_GCM,data:nS9umA3p29pVqWJoB5HpupInDSrg0N6GSvjEkM0l8uVaOcL2,iv:+3mMWya4stoQ3KHO1HmPUQ+Q4bq3y5farOhRJw5xPws=,tag:Jo9eSG8dfR1qn6mu6n7HDg==,type:str] @@ -205,10 +207,12 @@ TAILSCALE_APISERVER_ADMIN_1=ENC[AES256_GCM,data:lb6hDhxpcylC23bC96Yftj8=,iv:CODH SECRET_TAILSCALE_TALOS_AUTHKEY_ANGE=ENC[AES256_GCM,data:9+LbF335viQmmfVdFBnHMjBf0P8R+K95YzlfaHOtVYhF1BLukEBIT6+QpLP8LgMP1IrJufiOi1A=,iv:+8N+LKuhdBJCwI/204GS7ajO1BqkyNFLkv04yEjuebw=,tag:h7ejlVU/0Nv+0d5/POcU/g==,type:str] SECRET_TAILSCALE_TALOS_AUTHKEY_CHARLOTTE=ENC[AES256_GCM,data:R99pfS9Nw4UD5drLMxCHhukZvY14LVFwueqE2Wx4i2Q4ancL2UvEO5EOyYE1hNF6XrgALImQjmhQ,iv:NLAAx32E9m5YIxgDyUhr3XogYerQgUo7zHCTg+dyAUA=,tag:cAn85+8C85XSUSkIL1i7+w==,type:str] SECRET_TAILSCALE_TALOS_AUTHKEY_CHISE=ENC[AES256_GCM,data:io5oMtjzwQk0+ypUhNOTRrZV9sfcUKKrr5UApBrHXbNX1pCP8W2Tcpl2OoXRb1q2rgdZNQL2k+WS,iv:MpOxyFc+PgNBK11vQMbOc0shKX12LVEvFetfDuIxcvg=,tag:OAd0hGkAviTr+vheEe5EBg==,type:str] +VM_UUID_AD_DC1=ENC[AES256_GCM,data:IS+IhA/KhbFuv0XxIEzOyV9yLwaw2RpHoguMBKsfD4urYnn7,iv:f3+t8DQUi6GXWd3lCMOUrRAgBgPRiJjMyCe2dK0tfRE=,tag:mzYjaYSgBkSyKPNkxItRAQ==,type:str] +VM_UUID_AD_DC2=ENC[AES256_GCM,data:wdGQCok1cHLNfubTXA636+0FpKJex1MY9IRYvGX05Rrl+8E/,iv:DdGleAp8cT9xhsMmgFMnoJgb5Ctem9tVm6qI6xXgUBo=,tag:BmMdCbhCYOmOgi+NudfAgQ==,type:str] sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj -sops_lastmodified=2023-12-17T13:53:01Z -sops_mac=ENC[AES256_GCM,data:a/CnV26kEouH174+jbWXPcp3/3W7myJn34igK5M3T51FtJoy7D321BZ512qvk78RvAz8wXaezOLFhAQ0rssm+NWDonnXnQL4NeX7/QfT/Uiv8hx9oGzuMHQO3KuBndcDm7zZmuYeU17GPNjE7DnrmusAl9jfOvVC541unDfIEec=,iv:mVxCT7nH2S5PC12s9zSaQuXgcKsJh0QCRZQvjT5Xn8U=,tag:AdfHZG5P4WeeODQx2wk2hg==,type:str] +sops_lastmodified=2023-12-26T01:52:37Z +sops_mac=ENC[AES256_GCM,data:isdwxALfASkTiV/g6x8UNekgk20mTsdeQLjgggFz/f90gTsQQwDWCEMRuAgWdxTm3r0Lv449mrH1GiEeouzTbCWu+SzIdi2I/b96Bny63nyzD3PrsrxXIWURdFopQ5UN5Ev/aaX7pfUs5A8wnbGDkqgmWrUBgRr/+YpGWbvWmOo=,iv:pD5/kI8KWgl2J2MEqorXm8OZD8/+LOHkVB3hVCWgOaY=,tag:wvPHqNgpKxZb1oXQOY1u3g==,type:str] sops_pgp__list_0__map_created_at=2023-06-01T18:01:04Z sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 diff --git a/kube/deploy/vm/_base/app/preferences/windows.yaml b/kube/deploy/vm/_base/app/preferences/windows.yaml new file mode 100644 index 00000000..808a1026 --- /dev/null +++ b/kube/deploy/vm/_base/app/preferences/windows.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: instancetype.kubevirt.io/v1beta1 +kind: VirtualMachinePreference +metadata: + name: "windows" # Windows Server 2022 & Windows 11 +# from https://github.com/kubevirt/kubevirt/blob/2c5e56f2cd0fcde341f47a7da0b94bc812c2f43f/examples/windows.yaml +spec: + clock: + preferredClockOffset: + timezone: "${CONFIG_TZ}" + preferredTimer: + hpet: + present: false + hyperv: {} + pit: + tickPolicy: delay + rtc: + tickPolicy: catchup + cpu: + preferredCPUTopology: preferSockets + devices: + preferredDiskBus: sata + preferredInterfaceModel: virtio + preferredTPM: + persistent: true + features: + preferredAcpi: {} + preferredApic: {} + preferredHyperv: + relaxed: {} + spinlocks: + spinlocks: 8191 + vapic: {} + preferredSmm: {} + firmware: + preferredUseEfi: true + preferredUseSecureBoot: true + volumes: + preferredStorageClassName: "block" + preferredTerminationGracePeriodSeconds: 180 + machine: + preferredMachineType: "pc-q35-6.0" diff --git a/kube/deploy/vm/_base/app/types/cpu-2-mem-8g.yaml b/kube/deploy/vm/_base/app/types/cpu-2-mem-8g.yaml new file mode 100644 index 00000000..c4183198 --- /dev/null +++ b/kube/deploy/vm/_base/app/types/cpu-2-mem-8g.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: instancetype.kubevirt.io/v1beta1 +kind: VirtualMachineInstancetype +metadata: + name: "cpu-2-mem-8g" +spec: + cpu: + guest: 2 + memory: + guest: 8192Mi diff --git a/kube/deploy/vm/_base/ks.yaml b/kube/deploy/vm/_base/ks.yaml new file mode 100644 index 00000000..8ad31bf5 --- /dev/null +++ b/kube/deploy/vm/_base/ks.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: zz-vm-1-kubevirt-base + namespace: flux-system +spec: + path: ./kube/deploy/vm/_base/app + dependsOn: + - name: zz-vm-1-kubevirt-app \ No newline at end of file diff --git a/kube/deploy/vm/_base/kustomization.yaml b/kube/deploy/vm/_base/kustomization.yaml new file mode 100644 index 00000000..70a77029 --- /dev/null +++ b/kube/deploy/vm/_base/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ks.yaml diff --git a/kube/deploy/vm/ad/ks.yaml b/kube/deploy/vm/ad/ks.yaml new file mode 100644 index 00000000..d2d5d657 --- /dev/null +++ b/kube/deploy/vm/ad/ks.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: zz-vm-ad-dc1 + namespace: flux-system +spec: + path: ./kube/deploy/vm/ad/template-dc + targetNamespace: "vm-ad" + dependsOn: + - name: zz-vm-1-kubevirt-app + - name: zz-vm-1-kubevirt-base + - name: 1-core-storage-rook-ceph-cluster + postBuild: + substitute: + NUM: "1" + UUID: "${VM_UUID_AD_DC1}" +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: zz-vm-ad-dc2 + namespace: flux-system +spec: + path: ./kube/deploy/vm/ad/template-dc + targetNamespace: "vm-ad" + dependsOn: + - name: zz-vm-1-kubevirt-app + - name: zz-vm-1-kubevirt-base + - name: 1-core-storage-rook-ceph-cluster + postBuild: + substitute: + NUM: "2" + UUID: "${VM_UUID_AD_DC2}" \ No newline at end of file diff --git a/kube/deploy/vm/ad/kustomization.yaml b/kube/deploy/vm/ad/kustomization.yaml new file mode 100644 index 00000000..5eeb2657 --- /dev/null +++ b/kube/deploy/vm/ad/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - ks.yaml diff --git a/kube/deploy/vm/ad/ns.yaml b/kube/deploy/vm/ad/ns.yaml new file mode 100644 index 00000000..c02e690f --- /dev/null +++ b/kube/deploy/vm/ad/ns.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: vm-ad \ No newline at end of file diff --git a/kube/deploy/vm/ad/template-dc/kustomization.yaml b/kube/deploy/vm/ad/template-dc/kustomization.yaml new file mode 100644 index 00000000..17af6468 --- /dev/null +++ b/kube/deploy/vm/ad/template-dc/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - pvc.yaml + - vm.yaml diff --git a/kube/deploy/vm/ad/template-dc/pvc.yaml b/kube/deploy/vm/ad/template-dc/pvc.yaml new file mode 100644 index 00000000..e98e9e91 --- /dev/null +++ b/kube/deploy/vm/ad/template-dc/pvc.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "vm-ad-dc${NUM}-c-drive" + labels: + snapshot.home.arpa/enabled: "true" +spec: + storageClassName: "block" + accessModes: ["ReadWriteOnce"] + volumeMode: "Filesystem" + resources: + requests: + storage: "105Gi" + # dataSourceRef: + # apiGroup: "volsync.backube" + # kind: "ReplicationDestination" + # name: "vm-ad-dc1-c-drive-bootstrap" diff --git a/kube/deploy/vm/ad/template-dc/vm.yaml b/kube/deploy/vm/ad/template-dc/vm.yaml new file mode 100644 index 00000000..a50af437 --- /dev/null +++ b/kube/deploy/vm/ad/template-dc/vm.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: kubevirt.io/v1 +kind: VirtualMachine +metadata: + name: "ad-dc${NUM}" +spec: + preference: + kind: "VirtualMachinePreference" + name: "windows" + instancetype: + kind: "VirtualMachineInstancetype" + name: "cpu-2-mem-8g" + runStrategy: "Always" + template: + metadata: + labels: + vm.home.arpa/os: "windows" + vm.home.arpa/windows: "ad" + vm.home.arpa/ad: "dc${NUM}" + spec: + hostname: "thunder-DC${NUM}" + subdomain: "${DNS_AD}" + evictionStrategy: "LiveMigrate" + networks: + - name: "main" + pod: + vmNetworkCIDR: "${IP_KUBEVIRT_AD_CIDR_V4}" + volumes: + - name: "c-drive" + persistentVolumeClaim: + claimName: "vm-ad-dc${NUM}-c-drive" + domain: + devices: + disks: + - name: "c-drive" + disk: + bus: "sata" + autoattachMemBalloon: false + autoattachGraphicsDevice: true + autoattachInputDevice: true + inputs: + - name: "tablet" + type: "tablet" + autoattachPodInterface: true + interfaces: + - name: "main" + masquerade: {} + ports: + - name: "wireguard" + port: 45678 + protocol: "UDP" + - name: "tailscale" + port: 41641 + protocol: "UDP" + firmware: + uuid: "${UUID}" + resources: + requests: + cpu: "100m" + memory: "8192Mi" + limits: + cpu: "2000m" + memory: "10240Mi" + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: "DoNotSchedule" + labelSelector: + matchLabels: + vm.home.arpa/windows: "ad" \ No newline at end of file