From aebdbda8ac37a2f36aa40e8c633878585d82fb04 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Wed, 27 Dec 2023 03:04:13 +0800
Subject: [PATCH] fix(kubevirt): netpols, auto resource limits

---
 kube/deploy/vm/_kubevirt/ks.yaml      |  1 +
 kube/deploy/vm/ad/_deps/netpol.yaml   | 28 +++++++++++++++++++++++++++
 kube/deploy/vm/ad/_deps/svc.yaml      | 10 ++++++++++
 kube/deploy/vm/ad/template-dc/vm.yaml |  9 ---------
 4 files changed, 39 insertions(+), 9 deletions(-)
 create mode 100644 kube/deploy/vm/ad/_deps/netpol.yaml
 create mode 100644 kube/deploy/vm/ad/_deps/svc.yaml

diff --git a/kube/deploy/vm/_kubevirt/ks.yaml b/kube/deploy/vm/_kubevirt/ks.yaml
index cd3d6d0e..60eb237f 100644
--- a/kube/deploy/vm/_kubevirt/ks.yaml
+++ b/kube/deploy/vm/_kubevirt/ks.yaml
@@ -41,6 +41,7 @@ spec:
             developerConfiguration:
               featureGates:
                 - VMPersistentState
+                - AutoResourceLimitsGate
       target:
         group: kubevirt.io
         kind: KubeVirt
diff --git a/kube/deploy/vm/ad/_deps/netpol.yaml b/kube/deploy/vm/ad/_deps/netpol.yaml
new file mode 100644
index 00000000..5dff5731
--- /dev/null
+++ b/kube/deploy/vm/ad/_deps/netpol.yaml
@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumnetworkpolicy_v2.json
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: &app vm-ad
+  namespace: *app
+spec:
+  endpointSelector: {}
+  ingress:
+    # same namespace
+    - fromEntities:
+        - cluster
+        - world
+      toPorts:
+        - ports:
+            - port: "45678"
+              protocol: UDP
+            - port: "41641"
+              protocol: UDP
+  egress:
+    # same namespace
+    - toEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: *app
+    # TODO: egress to everything
+    - toEntities:
+        - world
\ No newline at end of file
diff --git a/kube/deploy/vm/ad/_deps/svc.yaml b/kube/deploy/vm/ad/_deps/svc.yaml
new file mode 100644
index 00000000..761b9591
--- /dev/null
+++ b/kube/deploy/vm/ad/_deps/svc.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: "vm-ad"
+spec:
+  type: ClusterIP
+  clusterIP: None
+  selector:
+    vm.home.arpa/windows: "ad"
diff --git a/kube/deploy/vm/ad/template-dc/vm.yaml b/kube/deploy/vm/ad/template-dc/vm.yaml
index 8ebee16f..4b294e62 100644
--- a/kube/deploy/vm/ad/template-dc/vm.yaml
+++ b/kube/deploy/vm/ad/template-dc/vm.yaml
@@ -33,8 +33,6 @@ spec:
         devices:
           disks:
             - name: "c-drive"
-              disk:
-                bus: "sata"
           interfaces:
             - name: "main"
               masquerade: {}
@@ -50,13 +48,6 @@ spec:
           bootloader:
             efi:
               persistent: true
-        resources:
-        #   requests:
-        #     cpu: "100m"
-        #     memory: "8192Mi"
-          limits:
-            cpu: "2000m"
-            memory: "12Gi"
       topologySpreadConstraints:
         - maxSkew: 1
           topologyKey: "kubernetes.io/hostname"