Virtualization setup

After configuring the storage, you need to enable the virtualization module. Enabling and configuring the module is done using the ModuleConfig resource.

In the spec parameters, you need to set:

  • enabled: true — flag to enable the module;
  • settings.virtualMachineCIDRs — subnets, IP addresses from which virtual machines will be assigned IPs;
  • settings.dvcr.storage.persistentVolumeClaim.size — size of the disk space for storing virtual machine images.

Example of virtualization module configuration:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: virtualization
spec:
  enabled: true
  version: 1
  settings:
    dvcr:
      storage:
        persistentVolumeClaim:
          size: 50G
          storageClassName: sds-replicated-thin-r1
        type: PersistentVolumeClaim
    virtualMachineCIDRs:
      - 10.66.10.0/24

Wait until all the pods of the module are in the Running status:

sudo -i d8 k get po -n d8-virtualization

Example output:

NAME                                         READY   STATUS    RESTARTS      AGE
cdi-apiserver-858786896d-rsfjw               3/3     Running   0             10m
cdi-deployment-6d9b646b5b-8dgmj              3/3     Running   0             10m
cdi-operator-5fdc989d9f-zmk55                3/3     Running   0             10m
dvcr-74dc9c94b-pczhx                         2/2     Running   0             10m
virt-api-78d49dcbbf-qwggw                    3/3     Running   0             10m
virt-controller-6f8fff445f-w866w             3/3     Running   0             10m
virt-handler-g6l9h                           4/4     Running   0             10m
virt-handler-t5fgb                           4/4     Running   0             10m
virt-handler-ztj77                           4/4     Running   0             10m
virt-operator-58dc5459d5-hpps8               3/3     Running   0             10m
virtualization-api-5d69f55947-k6h9n          1/1     Running   0             10m
virtualization-controller-69647d98c6-9rkht   3/3     Running   0             10m
vm-route-forge-288z7                         1/1     Running   0             10m
vm-route-forge-829wm                         1/1     Running   0             10m
vm-route-forge-nq9xr                         1/1     Running   0             10m

Parameter description

The following are descriptions of the virtualization module parameters.

Parameters for enabling/disabling the module

The module state is controlled through the .spec.enabled field. Specify:

  • true: To enable the module.
  • false: To disable the module.

Configuration version

The .spec.version parameter defines the version of the configuration schema. The parameter structure may change between versions. The current values are given in the settings section.

Deckhouse Virtualization Container Registry (DVCR)

The .spec.settings.dvcr.storage block configures a persistent volume for storing images:

  • .spec.settings.dvcr.storage.persistentVolumeClaim.size: Volume size (for example, 50G). To expand the storage, increase the value of the parameter.
  • .spec.settings.dvcr.storage.persistentVolumeClaim.storageClassName: StorageClass name (for example, sds-replicated-thin-r1).

Network settings

The .spec.settings.virtualMachineCIDRs block specifies subnets in CIDR format (for example, 10.66.10.0/24). IP addresses for virtual machines are allocated from these ranges automatically or on request.

Example:

spec:
  settings:
    virtualMachineCIDRs:
      - 10.66.10.0/24
      - 10.66.20.0/24
      - 10.77.20.0/16

The first and the last subnet address are reserved and not available for use.

The subnets in the .spec.settings.virtualMachineCIDRs block must not overlap with cluster node subnets, services subnet, or pods subnet (podCIDR).

It is forbidden to delete subnets if addresses from them have already been issued to virtual machines.

Storage class settings for images

The storage class settings for images are defined in the .spec.settings.virtualImages parameter of the module settings.

Example:

spec:
  ...
  settings:
    virtualImages:
      allowedStorageClassNames:
      - sc-1
      - sc-2
      defaultStorageClassName: sc-1

Where:

  • allowedStorageClassNames (optional): A list of the allowed StorageClasses for creating a VirtualImage that can be explicitly specified in the resource specification.
  • defaultStorageClassName (optional): The StorageClass used by default when creating a VirtualImage if the .spec.persistentVolumeClaim.storageClassName parameter is not set.

Storage class settings for disks

The storage class settings for disks are defined in the .spec.settings.virtualDisks parameter of the module settings.

Example:

spec:
  ...
  settings:
    virtualDisks:
      allowedStorageClassNames:
      - sc-1
      - sc-2
      defaultStorageClassName: sc-1

Where:

  • allowedStorageClassNames (optional): A list of the allowed StorageClass for creating a VirtualDisk that can be explicitly specified in the resource specification.
  • defaultStorageClassName (optional): The StorageClass used by default when creating a VirtualDisk if the .spec.persistentVolumeClaim.storageClassName parameter is not specified.
Security event audit configuration

Not available in Community Edition.

To set up auditing, the following modules must be enabled:

  • log-shipper
  • runtime-audit-engine

To enable security event auditing, set the module’s .spec.settings.audit.enabled parameter to true:

spec:
  enabled: true
  settings:
    audit:
      enabled: true