Skip to content

Kubevirt on datacenter ‐ for users

Allan Roger Reid edited this page Aug 15, 2024 · 2 revisions

0.- Setup

Get cloud vm

wget https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img

./virtctl image-upload dv ubuntu-cloud-base-noble --namespace=vms --size=5Gi --image-path=/Users/allanreid/Downloads/kubevirt/noble-server-cloudimg-amd64.img  --uploadproxy-url=https://127.0.0.1:18443 --access-mode=ReadWriteOnce --volume-mode=filesystem --insecure --force-bind

https://hbayraktar.medium.com/how-to-create-a-user-in-a-kubernetes-cluster-and-grant-access-bfeed991a0ef

1.- Authentication

Generate a Key Pair and Certificate Signing Request (CSR)
openssl genrsa -out andrea-min-k1.key 2048
openssl req -new -key andrea-min-k1.key -out andrea-min-k1.csr -subj "/CN=andrea@min-k1"
Create CSR yaml
cat <<EOF > andrea-min-k1-csr-template.yaml
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: andrea-min-k1-csr
spec:
  request: <base64-encoded andrea-min-k1.csr>
  signerName: kubernetes.io/kube-apiserver-client
  usages:
  - client auth
EOF
Generate the CSR content in Base64 and create the YAML file
k delete csr andrea-min-k1-csr
CSR_CONTENT=$(cat andrea-min-k1.csr | base64 | tr -d '\n')
sed "s|<base64-encoded andrea-min-k1.csr>|$CSR_CONTENT|" andrea-min-k1-csr-template.yaml > andrea-min-k1-csr.yaml
kubectl create -f andrea-min-k1-csr.yaml
Approve the CSR. Get certificate
kubectl get csr
kubectl certificate approve andrea-min-k1-csr
kubectl get csr andrea-min-k1-csr -o jsonpath='{.status.certificate}' | base64 --decode > andrea-min-k1.crt
kubectl get csr
Set credentials for dev
kubectl config delete-cluster min-k1-andrea --kubeconfig=andrea.kubeconfig
kubectl config delete-context min-k1 --kubeconfig=andrea.kubeconfig   

kubectl config set-cluster min-k1 --server=https://api.k1.min.dev:6443 --certificate-authority=/Users/allanreid/Downloads/kubevirt/andrea/min-k1.crt --embed-certs=true --kubeconfig=andrea.kubeconfig

kubectl config set-credentials andrea --client-certificate=andrea-min-k1.crt --client-key=andrea-min-k1.key --embed-certs=true --kubeconfig=andrea.kubeconfig

kubectl config set-context min-k1 --cluster=min-k1 --namespace=default --user=andrea --namespace vms --kubeconfig=andrea.kubeconfig

kubectl config use-context min-k1 --kubeconfig=andrea.kubeconfig

kubectl config get-contexts --kubeconfig=andrea.kubeconfig
kubectl config get-clusters --kubeconfig=andrea.kubeconfig

k -n vms get pods --kubeconfig=andrea.kubeconfig

2.- Authorization

k -n vms delete rolebindings.rbac.authorization.k8s.io vm-edit
cat << EOF > vms-rb-andrea.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: vm-edit
  namespace: vms
subjects:
- kind: User
  name: andrea@min-k1
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: kubevirt.io:edit
  apiGroup: rbac.authorization.k8s.io
EOF
k apply -f vms-rb-andrea.yaml

3.- Kubevirt user-actionable steps

AUTHORIZED=~/.ssh/id_ecdsa.pub
cat << EOF > andrea-1.yaml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  labels:
    min.io/vm: andrea-1
  name: andrea-1
  namespace: vms
spec:
  running: false
  template:
    metadata:
      labels:
        min.io/vm: andrea-1
    spec:
      architecture: amd64
      domain:
        devices:
          disks:
          - disk:
              bus: virtio
            name: os
        resources:
          requests:
            cpu: 4
            memory: 16384M
      terminationGracePeriodSeconds: 0
      volumes:
      - dataVolume:
          name: ubuntu-cloud-base-disk-andrea-1
        name: os
      - cloudInitNoCloud:
          userData: |
            #cloud-config
            ssh_authorized_keys:
            - $(<"$AUTHORIZED")
            user: ubuntu
            password: ubuntu
            chpasswd: { expire: False }
            ssh_pwauth: False
        name: cloudinitdisk
  dataVolumeTemplates:
  - metadata:
      name: ubuntu-cloud-base-disk-andrea-1
    spec:
      pvc:
        storageClassName: directpv-min-io
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 64Gi
      source:
        pvc:
          name: ubuntu-cloud-base-noble
          namespace: vms
EOF
  kubectl -n vms delete vm andrea-1 --kubeconfig=andrea.kubeconfig
  kubectl create -f andrea-1.yaml --kubeconfig=andrea.kubeconfig

Needed: Install virtctl

# virtctl
# VERSION=$(kubectl get kubevirt.kubevirt.io/kubevirt -n vms -o=jsonpath="{.status.observedKubeVirtVersion}")
VERSION=v1.3.0
ARCH=$(uname -s | tr A-Z a-z)-$(uname -m | sed 's/x86_64/amd64/') || windows-amd64.exe
echo ${ARCH}
echo https://github.com/kubevirt/kubevirt/releases/download/$VERSION/virtctl-$VERSION-$ARCH
curl -L -o virtctl https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/virtctl-${VERSION}-${ARCH}
chmod +x virtctl

Start vmi; Wait for Running status

./virtctl -n vms start andrea-1 --kubeconfig=andrea.kubeconfig
kubectl -n vms get vm andrea-1 -w --kubeconfig=andrea.kubeconfig

Optionally, connect to vmi by console for debugging

./virtctl -n vms console andrea-1 --kubeconfig=andrea.kubeconfig

Optionally, connect to vmi using ssh. Use virtctl

./virtctl -n vms ssh -i ~/.ssh/id_ecdsa ubuntu@andrea-1 -p 22 --local-ssh-opts="-o StrictHostKeyChecking=off" --local-ssh=true
Clone this wiki locally