docs: add creation of virtual machine

Author: addetz

terraform/vmo-cluster/cluster_profiles.tf

@@ -16,41 +16,41 @@ resource "spectrocloud_cluster_profile" "maas-vmo-profile" {
     name   = data.spectrocloud_pack.maas_ubuntu.name
     tag    = data.spectrocloud_pack.maas_ubuntu.version
     uid    = data.spectrocloud_pack.maas_ubuntu.id
-    values =  file("manifests/ubuntu-values.yaml")
+    values = file("manifests/ubuntu-values.yaml")
     type   = "spectro"
   }
 
   pack {
     name   = data.spectrocloud_pack.maas_k8s.name
     tag    = data.spectrocloud_pack.maas_k8s.version
     uid    = data.spectrocloud_pack.maas_k8s.id
-    values =  file("manifests/k8s-values.yaml")
+    values = file("manifests/k8s-values.yaml")
     type   = "spectro"
   }
 
   pack {
     name   = data.spectrocloud_pack.maas_cni.name
     tag    = data.spectrocloud_pack.maas_cni.version
     uid    = data.spectrocloud_pack.maas_cni.id
-    values =  file("manifests/cni-values.yaml")
+    values = file("manifests/cni-values.yaml")
     type   = "spectro"
   }
 
   pack {
-    name   = data.spectrocloud_pack.maas_csi.name
-    tag    = data.spectrocloud_pack.maas_csi.version
-    uid    = data.spectrocloud_pack.maas_csi.id
-    values =  templatefile("manifests/csi-values.yaml", {
-      worker_nodes    = var.maas-worker-nodes,
+    name = data.spectrocloud_pack.maas_csi.name
+    tag  = data.spectrocloud_pack.maas_csi.version
+    uid  = data.spectrocloud_pack.maas_csi.id
+    values = templatefile("manifests/csi-values.yaml", {
+      worker_nodes = var.maas-worker-nodes,
     })
-    type   = "spectro"
+    type = "spectro"
   }
 
   pack {
     name   = data.spectrocloud_pack.maas_vmo.name
     tag    = data.spectrocloud_pack.maas_vmo.version
     uid    = data.spectrocloud_pack.maas_vmo.id
-    values =  file("manifests/vmo-values.yaml")
+    values = file("manifests/vmo-values.yaml")
     type   = "spectro"
   }
 

terraform/vmo-cluster/clusters.tf

@@ -6,11 +6,12 @@
 ################
 
 resource "spectrocloud_cluster_maas" "cluster" {
-    count = var.deploy-maas ? 1 : 0
+  count = var.deploy-maas ? 1 : 0
 
-    name             = "vmo-cluster-maas"
-    tags             = concat(var.tags, ["env:maas"])
-    cloud_account_id = data.spectrocloud_cloudaccount_maas.account[0].id
+  name                 = "vmo-cluster-maas"
+  tags                 = concat(var.tags, ["env:maas"])
+  cloud_account_id     = data.spectrocloud_cloudaccount_maas.account[0].id
+  pause_agent_upgrades = "unlock"
 
   cloud_config {
     domain = var.maas-domain
@@ -21,28 +22,28 @@ resource "spectrocloud_cluster_maas" "cluster" {
   }
 
   machine_pool {
-    name                 = "maas-control-plane"
-    count                = 1
-    control_plane        = true
-    azs = var.maas-control-plane-azs
-    node_tags = var.maas-control-plane-node-tags
+    name          = "maas-control-plane"
+    count         = 1
+    control_plane = true
+    azs           = var.maas-control-plane-azs
+    node_tags     = var.maas-control-plane-node-tags
     instance_type {
-      min_cpu          = 8
-      min_memory_mb    = 16000
+      min_cpu       = 8
+      min_memory_mb = 16000
     }
     placement {
       resource_pool = var.maas-control-plane-resource-pool
     }
   }
 
   machine_pool {
-    name                 = "maas-worker-basic"
-    count                = 1
-    azs = var.maas-worker-azs
+    name      = "maas-worker-basic"
+    count     = 1
+    azs       = var.maas-worker-azs
     node_tags = var.maas-worker-node-tags
     instance_type {
-      min_cpu          = 8
-      min_memory_mb    = 32000
+      min_cpu       = 8
+      min_memory_mb = 32000
     }
     placement {
       resource_pool = var.maas-worker-resource-pool

terraform/vmo-cluster/data.tf

@@ -29,7 +29,7 @@ data "spectrocloud_pack" "maas_ubuntu" {
 
 data "spectrocloud_pack" "maas_k8s" {
   name         = "kubernetes"
-  version      = "1.28.3"
+  version      = "1.30.6"
   registry_uid = data.spectrocloud_registry.public_registry.id
 }
 
@@ -51,3 +51,9 @@ data "spectrocloud_pack" "maas_vmo" {
   registry_uid = data.spectrocloud_registry.public_registry.id
 }
 
+data "spectrocloud_cluster" "maas_vmo_cluster" {
+  depends_on = [spectrocloud_cluster_maas.cluster]
+  name       = "vmo-cluster-maas"
+  context    = "project"
+}
+

terraform/vmo-cluster/inputs.tf

@@ -41,6 +41,11 @@ variable "deploy-maas" {
   description = "A flag for enabling a deployment on MaaS."
 }
 
+variable "deploy-maas-vm" {
+  type        = bool
+  description = "A flag for enabling a VM creation on the MaaS cluster."
+}
+
 variable "pcg-name" {
   type        = string
   description = "The name of the PCG that will be used to deploy the cluster."

terraform/vmo-cluster/manifests/k8s-values.yaml

@@ -1,5 +1,15 @@
 pack:
   k8sHardening: True
+  content:
+    images:
+      - image: registry.k8s.io/coredns/coredns:v1.11.3
+      - image: registry.k8s.io/etcd:3.5.15-0
+      - image: registry.k8s.io/kube-apiserver:v1.30.6
+      - image: registry.k8s.io/kube-controller-manager:v1.30.6
+      - image: registry.k8s.io/kube-proxy:v1.30.6
+      - image: registry.k8s.io/kube-scheduler:v1.30.6
+      - image: registry.k8s.io/pause:3.9
+      - image: registry.k8s.io/pause:3.8
   #CIDR Range for Pods in cluster
   # Note : This must not overlap with any of the host or service network
   podCIDR: "100.64.0.0/18"
@@ -10,9 +20,6 @@ pack:
     config:
       dashboard:
         identityProvider: palette
-  # serviceDomain: "cluster.local"
-
-  # KubeAdm customization for kubernetes hardening. Below config will be ignored if k8sHardening property above is disabled
 kubeadmconfig:
   apiServer:
     extraArgs:
@@ -31,6 +38,7 @@ kubeadmconfig:
       audit-log-maxbackup: "10"
       audit-log-maxsize: "100"
       authorization-mode: RBAC,Node
+      kubelet-certificate-authority: "/etc/kubernetes/pki/ca.crt"
       tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256"
     extraVolumes:
       - name: audit-log
@@ -85,31 +93,33 @@ kubeadmconfig:
             kind: PodSecurityConfiguration
             defaults:
               enforce: "baseline"
-              enforce-version: "v1.28"
+              enforce-version: "v1.30"
               audit: "baseline"
-              audit-version: "v1.28"
+              audit-version: "v1.30"
               warn: "restricted"
-              warn-version: "v1.28"
+              warn-version: "v1.30"
               audit: "restricted"
-              audit-version: "v1.28"
+              audit-version: "v1.30"
             exemptions:
               # Array of authenticated usernames to exempt.
               usernames: []
               # Array of runtime class names to exempt.
               runtimeClasses: []
               # Array of namespaces to exempt.
-              namespaces: [kube-system,monitoring,rook-ceph]
+              namespaces: [kube-system]
 
   preKubeadmCommands:
     # For enabling 'protect-kernel-defaults' flag to kubelet, kernel parameters changes are required
     - 'echo "====> Applying kernel parameters for Kubelet"'
     - 'sysctl -p /etc/sysctl.d/90-kubelet.conf'
-    #postKubeadmCommands:
-    #- 'echo "List of post kubeadm commands to be executed"'
+  
+  postKubeadmCommands:
+    - 'chmod 600 /var/lib/kubelet/config.yaml'
+    # - 'echo "List of post kubeadm commands to be executed"'
 
-    # Client configuration to add OIDC based authentication flags in kubeconfig
-    #clientConfig:
-    #oidc-issuer-url: "{{ .spectro.pack.kubernetes.kubeadmconfig.apiServer.extraArgs.oidc-issuer-url }}"
-    #oidc-client-id: "{{ .spectro.pack.kubernetes.kubeadmconfig.apiServer.extraArgs.oidc-client-id }}"
-    #oidc-client-secret: 1gsranjjmdgahm10j8r6m47ejokm9kafvcbhi3d48jlc3rfpprhv
-    #oidc-extra-scope: profile,email
+# Client configuration to add OIDC based authentication flags in kubeconfig
+#clientConfig:
+  #oidc-issuer-url: "{{ .spectro.pack.kubernetes.kubeadmconfig.apiServer.extraArgs.oidc-issuer-url }}"
+  #oidc-client-id: "{{ .spectro.pack.kubernetes.kubeadmconfig.apiServer.extraArgs.oidc-client-id }}"
+  #oidc-client-secret: 1gsranjjmdgahm10j8r6m47ejokm9kafvcbhi3d48jlc3rfpprhv
+  #oidc-extra-scope: profile,email

terraform/vmo-cluster/terraform.tfvars

@@ -9,17 +9,18 @@ palette-project = "Default" # The name of your project in Palette.
 ############################
 # MaaS Deployment Settings
 ############################
-deploy-maas               = true # Set to true to deploy to MaaS.
+deploy-maas    = false # Set to true to deploy to MaaS.
+deploy-maas-vm = false # Set to true to create a VM on MaaS cluster once deployed.
 
-pcg-name                  = "vmo-tutorial" # Provide the name of the PCG that will be used to deploy the Palette cluster.
-maas-domain               = "maas.sc" # Provide the MaaS domain that will be used to deploy the Palette cluster.
+pcg-name    = "REPLACE ME" # Provide the name of the PCG that will be used to deploy the Palette cluster.
+maas-domain = "REPLACE ME" # Provide the MaaS domain that will be used to deploy the Palette cluster.
 
-maas-worker-nodes         = 1 # Provide the number of worker nodes that will be used for Palette cluster.
-maas-worker-resource-pool = "vm-migration" # Provide a resource pool for the worker nodes.
-maas-worker-azs           = ["az3"] # Provide a set of availability zones for the worker nodes.
-maas-worker-node-tags     = ["docs"] # Provide a set of node tags for the worker nodes.
+maas-worker-nodes         = 1              # Provide the number of worker nodes that will be used for Palette cluster.
+maas-worker-resource-pool = "REPLACE ME"   # Provide a resource pool for the worker nodes.
+maas-worker-azs           = ["REPLACE ME"] # Provide a set of availability zones for the worker nodes.
+maas-worker-node-tags     = ["REPLACE ME"] # Provide a set of node tags for the worker nodes.
 
-maas-control-plane-nodes         = 1 # Provide the number of control plane nodes that will be used for Palette cluster.
-maas-control-plane-resource-pool = "picard-demo" # Provide a resource pool for the control plane nodes.
-maas-control-plane-azs           = ["az3"] # Provide a set of availability zones for the control plane nodes.
-maas-control-plane-node-tags     = ["docs-cp"] # Provide a set of node tags for the control plane nodes.
+maas-control-plane-nodes         = 1              # Provide the number of control plane nodes that will be used for Palette cluster.
+maas-control-plane-resource-pool = "REPLACE ME"   # Provide a resource pool for the control plane nodes.
+maas-control-plane-azs           = ["REPLACE ME"] # Provide a set of availability zones for the control plane nodes.
+maas-control-plane-node-tags     = ["REPLACE ME"] # Provide a set of node tags for the control plane nodes.

terraform/vmo-cluster/virtual-machines/cloud-init

@@ -0,0 +1,22 @@
+#cloud-config
+ssh_pwauth: True
+chpasswd: { expire: False }
+password: spectro
+disable_root: false
+runcmd:
+    - apt-get update
+    - apt-get install -y qemu-guest-agent
+    - systemctl start qemu-guest-agent
+    - | 
+    apt-get -y install ca-certificates curl
+    install -m 0755 -d /etc/apt/keyrings
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+    chmod a+r /etc/apt/keyrings/docker.asc
+    echo \
+        "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+        $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+        tee /etc/apt/sources.list.d/docker.list > /dev/null
+    apt-get update
+    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+    groupadd docker
+    gpasswd -a ubuntu docker

terraform/vmo-cluster/virtual_machines.tf

@@ -0,0 +1,106 @@
+
+##########################
+# MaaS Virtual Machine
+##########################
+resource "spectrocloud_virtual_machine" "virtual-machine" {
+  count      = var.deploy-maas-vm ? 1 : 0
+  depends_on = [spectrocloud_cluster_maas.cluster]
+
+  cluster_uid     = data.spectrocloud_cluster.maas_vmo_cluster.id
+  cluster_context = data.spectrocloud_cluster.maas_vmo_cluster.context
+
+  run_on_launch = true
+  namespace     = "default"
+  name          = "ubuntu-tutorial-vm"
+
+  timeouts {
+    create = "60m"
+  }
+
+  labels = {
+    "tf"             = "spectrocloud-tutorials"
+    "kubevirt.io/vm" = "ubuntu-tutorial-vm"
+  }
+
+  data_volume_templates {
+    metadata {
+      name = "ubuntu-tutorial-vm"
+    }
+    spec {
+      source {
+        pvc {
+          name      = "template-ubuntu-2204"
+          namespace = "vmo-golden-images"
+        }
+      }
+      pvc {
+        access_modes = ["ReadWriteMany"]
+        resources {
+          requests = {
+            storage = "50Gi"
+          }
+        }
+        storage_class_name = "ceph-block"
+        volume_mode        = "Block"
+      }
+    }
+  }
+
+  volume {
+    name = "ubuntu-tutorial-vm"
+    volume_source {
+      data_volume {
+        name = "ubuntu-tutorial-vm"
+      }
+    }
+  }
+
+  volume {
+    name = "cloudinitdisk"
+    volume_source {
+      cloud_init_no_cloud {
+        user_data = file("virtual-machines/cloud-init")
+      }
+    }
+  }
+
+  disk {
+    name = "ubuntu-tutorial-vm"
+    disk_device {
+      disk {
+        bus = "virtio"
+      }
+    }
+  }
+  disk {
+    name = "cloudinitdisk"
+    disk_device {
+      disk {
+        bus = "virtio"
+      }
+    }
+  }
+
+  cpu {
+    cores   = 2
+    sockets = 1
+    threads = 1
+  }
+  memory {
+    guest = "4Gi"
+  }
+
+  resources {}
+
+  interface {
+    name                     = "default"
+    interface_binding_method = "InterfaceMasquerade"
+  }
+
+  network {
+    name = "default"
+    network_source {
+      pod {}
+    }
+  }
+}