Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rework VirtualMachine, introduce cloudinit and sshKeys configuration, fix externalPorts #303

Merged
merged 3 commits into from
Aug 30, 2024
Merged

Rework VirtualMachine, introduce cloudinit and sshKeys configuration, fix externalPorts #303

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
928fd82
Fix service.yaml template error: handle nil values for service.ports
artemrootman Aug 21, 2024
8fc92cb
Add user parameter and fix template rendering issues
artemrootman Aug 21, 2024
c47a6a2
Update Virtual Machine
kvaps Aug 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions packages/apps/virtual-machine/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ The virtual machine is managed and hosted through KubeVirt, allowing you to harn
| `resources.disk` | The size of the disk allocated for the virtual machine | `5Gi` |
| `sshPwauth` | Enable password authentication for SSH. If set to `true`, users can log in using a password | `true` |
| `disableRoot` | Disable root login via SSH. If set to `true`, root login will be disabled | `true` |
| `user` | The username to be used for the virtual machine. Default is `username` | `username` |
| `password` | The default password for the virtual machine | `hackme` |
| `chpasswdExpire` | Set whether the password should expire | `false` |
| `sshKeys` | List of SSH public keys for authentication. Can be a single key or a list of keys | `["ssh-rsa ...","ssh-ed25519 ..."]` |
Expand Down
2 changes: 1 addition & 1 deletion packages/apps/virtual-machine/templates/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ spec:
- name: ssh
port: 22
targetPort: 22
{{- if .Values.service.ports }}
{{- if (.Values.service).ports }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it really makes sense?

{{- range .Values.service.ports }}
- name: {{ .name }}
port: {{ .port }}
Expand Down
1 change: 1 addition & 0 deletions packages/apps/virtual-machine/templates/vm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ spec:
#cloud-config
ssh_pwauth: {{ if .Values.sshPwauth | default false }}True{{ else }}False{{ end }}
disable_root: {{ if .Values.disableRoot | default false }}True{{ else }}False{{ end }}
user: {{ .Values.user }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's make these parameterns optional:

Suggested change
user: {{ .Values.user }}
{{- with .Values.user }}
user: {{ . }}
{{- end }}

Or we can simple map cloud-config as parameter in values.yaml as is

password: {{ .Values.password }}
chpasswd: { expire: {{ if .Values.chpasswdExpire | default false }}True{{ else }}False{{ end }} }
ssh_authorized_keys:
Expand Down
5 changes: 5 additions & 0 deletions packages/apps/virtual-machine/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,11 @@
"description": "Disable root login via SSH. If set to `true`, root login will be disabled",
"default": true
},
"user": {
"type": "string",
"description": "The username to be used for the virtual machine. Default is `username`",
"default": "username"
},
"password": {
"type": "string",
"description": "The default password for the virtual machine",
Expand Down
2 changes: 2 additions & 0 deletions packages/apps/virtual-machine/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
## @param resources.disk The size of the disk allocated for the virtual machine
## @param sshPwauth Enable password authentication for SSH. If set to `true`, users can log in using a password
## @param disableRoot Disable root login via SSH. If set to `true`, root login will be disabled
## @param user The username to be used for the virtual machine. Default is `username`
## @param password The default password for the virtual machine
## @param chpasswdExpire Set whether the password should expire
## @param sshKeys List of SSH public keys for authentication. Can be a single key or a list of keys
Expand All @@ -23,6 +24,7 @@ resources:
disk: 5Gi
sshPwauth: true
disableRoot: true
user: username
password: hackme
chpasswdExpire: false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about using common cloudInit config parameter for this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that what you mean?

cloudInit:
  ssh_pwauth: true
  disable_root: true
  user: username
...

Copy link
Member

@kvaps kvaps Aug 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be better to pass all cloud-init configuration as a string:

cloudInitUserConfig: |
  #cloud-config
  ssh_pwauth: true
  disable_root: true
  user: username

due to fact user configuration have no formalized spec, it can include multiple header, scripts and even jinja2 templates
https://cloudinit.readthedocs.io/en/latest/explanation/instancedata.html#example-cloud-config-with-instance-data

variuos vendors can define their own format for this, eg. Talos Linux allows to write machine-config in user-data

This config should be saved into external secret and included with secretRef into KubeVirt VM:

    - name: cloudinitdisk
      cloudInitNoCloud:
        secretRef:
          name: my-vmi-secret

As about sshKeys, cloud-init defines formalized spec for this in meta-data:
https://cloudinit.readthedocs.io/en/latest/explanation/instancedata.html#v1-public-ssh-keys

KubeVirt allows to specify them as

      accessCredentials:
      - sshPublicKey:
          source:
            secret:
              secretName: my-pub-key
          propagationMethod:
            noCloud: {}

details:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What difference would it make? We'd have to create a secret anyway.

sshKeys:
Expand Down