-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathonboardme-base.yaml
791 lines (776 loc) · 27.9 KB
/
onboardme-base.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
################################################################################
# \ \ / (_)_ __| |_ _ _ __ _| | | \/ | __ _ ___| |__ (_)_ __ ___
# \ \ / /| | '__| __| | | |/ _` | | | |\/| |/ _` |/ __| '_ \| | '_ \ / _ \
# \ V / | | | | |_| |_| | (_| | | | | | | (_| | (__| | | | | | | | __/
# \_/ |_|_| \__|\__,_|\__,_|_| |_| |_|\__,_|\___|_| |_|_|_| |_|\___|
###############################################################################
virtualMachine:
# -- name of the virtualMachine or virtualMachinePool object
name: test
# -- namespace to deploy to
namespace: kubevirt
# -- Create the VM as a KubevirtMachineTemplate for use with Cluster API
# Does not support VM Pools
capiMachineTemplate: false
# -- One of 'Always' `RerunOnFailure` `Manual` `Halted` `Once`
# See: https://kubevirt.io/user-guide/compute/run_strategies/#runstrategy
runStrategy: "Always"
features:
# -- Enable KVM acceleration.
# Setting the 'hidden' flag to `true` will obscure kvm from the host.
# Set `hidden` to `false` when using vGPU in Windows Guests.
kvm:
enabled: true
hidden: false
# -- Set default hyperv settings for windows guests
hyperv: false
# Enable ACPI platform event device
acpiEnabled: true
# -- Make pod network interface the default for the VM
autoattachPodInterface: true
# -- Attach a serial console device
autoattachSerialConsole: true
# -- Attach a basic graphics device for VNC access
autoattachGraphicsDevice: true
# -- Enhances network performance by allowing multiple TX and RX queues.
networkInterfaceMultiqueue: true
# -- Options for machine clock
clock:
enabled: true
# -- Set clock timezone eg: "Europe/Amsterdam" or "utc"
timezone: utc
# -- High Precision Event Timer
hpet:
enabled: true
present: false
# -- Programmable interval timer
pit:
enabled: true
tickPolicy: delay
# -- Real-Time Clock
rtc:
enabled: true
tickPolicy: catchup
# -- Paravirtualized clock that provides better accuracy and performance.
# Recommended clock source for KVM guest virtual machines.
kvm: true
# -- Hyper-V's reference time counter for use with Windows guests.
hyperv: false
firmware:
# Enable System Management Mode (required for secureboot)
smmEnabled: false
# -- Enable EFI bios and secureboot
efi:
enabled: true
secureBoot: false
uuid: 5d307ca9-b3ef-428c-8861-06e72d69f223
machine:
# -- If a Pod cannot be scheduled, lower priorityClass Pods will be evicted
priorityClassName: vm-standard
# -- Define CPU, RAM, GPU, HostDevice settings for VMs.
# Overrides: vCores, memory, gpus
instancetype:
enabled: false
name: standard-small
kind: virtualMachineClusterInstancetype
# -- System Arch. Supported options are amd64 and arm64
architecture: amd64
# -- QEMU virtual-machine type. Options are q35 and i440fx
machineType: q35
# -- Specify hots-passthrough or a named cpu model
# https://www.qemu.org/docs/master/system/qemu-cpu-models.html
cpuModel: host-passthrough
# -- Number of simulated CPU sockets.
# Note: Multiple cpu-bound microbenchmarks show a significant
# performance advantage when using sockets instead of cores
# Does not work with some cpuManagerPolicy options.
sockets: 1
# -- Number of Virtual cores to pass to the Guest
# ignored when instancetype is defined
vCores: 8
# -- Enable simulation of Hyperthre ading on Intel CPUs or SMT AMD CPUs.
threads: 1
# -- Pin QEMU process threads to specific physical cores
# Requires `--cpu-manager-policy` enabled in kubelet
pinCores: true
# -- In order to enhance the real-time support in KubeVirt and provide
# improved latency, KubeVirt will allocate an additional dedicated CPU,
# exclusively for the emulator thread, to which it will be pinned.
# Requires `dedicatedCpuPlacement` set to `true`
emulatorThread: false
# -- Amount of RAM to pass to the Guest. Ignored when instancetype is defined
memory:
base: 8Gi
overcommit:
# -- Enable memory overcommitment. Tells VM it has more RAM than requested.
# VMI becomes Burtable QOS class and may be preempted when node is under memory pressure.
# GPU passthrough and vGPU will not function with overcommit enabled.
enabled: false
limit: 8Gi
# -- Do not allocate hypervisor overhead memory to VM. Will work for as
# long as most of the VirtualMachineInstances do not request the full memory.
overhead: false
# -- GPUs to pass to guest, requires that the GPUs are pre-configured in the
# kubevirt custom resource. ignored when instancetype is defined.
# ramFB & display may only be enabled on 1 vGPU
gpus:
- name: gpu0
deviceName: nvidia.com/GRID_RTX6000-4Q
virtualGPUOptions:
display:
enabled: true
ramFB:
enabled: true
# -- virtual network interface config options.
# See: https://kubevirt.io/user-guide/network/interfaces_and_networks/#interfaces
interfaces:
# -- bridge mode, vms are connected to the network via a linux "bridge".
# Pod network IP is delegated to vm via DHCPv4. VM must use DHCP for an IP
- masquerade: {}
name: default
model: virtio
networks:
# Use the default pod network
- name: default
pod: {}
#########################
# Create a Virtual Machine Pool
# Vm pools should be used with ephemeral disks or containerdisks
# otherwise they would all fight over the same PVC.
virtualMachinePool:
enabled: false
# -- number of replicas to create. Ignored when hpa is set to 'true'
replicas: 2
hpa:
enabled: true
maxReplicas: 5
minReplicas: 1
###############################################################################
# ____ _ _
# | _ \(_)___| | _____
# | | | | / __| |/ / __|
# | |_| | \__ \ <\__ \
# |____/|_|___/_|\_\___/
###############################################################################
# -- controls hypervisor behavior when I/O errors occur on disk read or write.
# Possible values are: 'report', 'ignore', 'enospace'
diskErrorPolicy: "report"
# -- List of disks to create for the VM, Will be used to create Datavolumes or PVCs.
disks:
#################################################
# DataVolume disk with URL source example
#################################################
- name: onboardme-base
# -- Disk type: disk, cdrom, filesystem, or lun
type: disk
# -- Bus type: sata or virtio
bus: virtio
# -- Sets disk position in boot order, lower numbers are checked earlier
bootorder: 2
# -- Set disk to be Read-only
readonly: false
# -- Size of disk in GB
pvsize: 24Gi
# -- Storage class to use for the pvc
pvstorageClassName: local-path
# -- Access mode for the PVC
pvaccessMode: ReadWriteOnce
# -- source type of the disk image. One of `url`, `pvc`
source: url
# -- URL of cloud-image
url: "https://buildstars.online/debian-12-generic-amd64-daily.qcow2"
#########################################################
# Ephemeral disk example
# no persistance, these are deleted after the VM exits
# requires an existing PVC as a backing file.
# Performance degrades at liarge sizes (100G+)
#########################################################
# - name: harddrive
# type: disk
# bus: virtio
# bootorder: 2
# readonly: false
# pvc: debian12
# ephemeral: true
########################################################
# DataVolume disk with existing PVC source example
########################################################
# - name: harddrive
# type: disk
# bus: virtio
# bootorder: 2
# readonly: false
# pvsize: 64G
# pvstorageClassName: local-path
# nodePlacement: scremlin
# pvaccessMode: ReadWriteOnce
# source: pvc
# pvcnamespace: kubevirt
# pvcname: debian12
##########################################################
# ISO live-image example
##########################################################
# - name: iso
# type: cdrom
# bus: sata
# bootorder: 1
# readonly: true
# pvsize: 8G
# pvstorageClassName: local-path
# nodePlacement: node0
# pvaccessMode: ReadWriteOnce
# source: "https://www.itechtics.com/?dl_id=173"
##########################################################
# Empty PVC as disk example
##########################################################
# - name: data
# type: disk
# bus: virtio
# bootorder: 3
# readonly: false
# pvsize: 32G
# pvstorageClassName: local-path
# nodePlacement: gino
# pvaccessMode: ReadWriteOnce
##########################################################
# Container Disk Example
##########################################################
# - name: virtio-drivers
# type: cdrom
# bus: sata
# bootorder: 3
# readonly: true
# image: "quay.io/kubevirt/virtio-container-disk:v1.0.0-rc.1-amd64"
###########################################################
# Local Disk example
# Not working, will have to open a ticket
# disks need to be owned by 107:messagebus
# disks cannot be mounted, file systems unidentifiable
###########################################################
# - name: localfile
# type: hostDisk
# # -- Enter a capacity amount to create a new disk
# # otherwise expects an existing disk
# capacity: 500G
# path: /mnt/raid1/hdd2.img
###########################################################
# ConfigMap example
# Attach a configmap to VM as an ISO disk or FileSystem
# Must be mounted via cloud init
# see https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-disk and
# https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-filesystem
#
# Configmaps may also specify the volumeLable field which informs the guest OS
# of the disk name. Useful for windows vms.
###########################################################
# - name: my-configmap
# type: configmap
# volumeLabel: cfgdata
# method: disk
# bootorder: 3
# readonly: true
# configMap: my-configmap
# serialNumber: CVLY623300HK240D
###########################################################
# ConfigMap example
# Attach a configmap to VM as an ISO disk or FileSystem
# Must be mounted via cloud init
# see https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-disk and
# https://kubevirt.io/user-guide/storage/disks_and_volumes/#as-a-filesystem
###########################################################
# - name: my-secret
# type: secret
# method: disk
# bootorder: 3
# readonly: true
# secretName: test
# serialNumber: CVLY623300HK240D
# -- Use an existing cloud-init userdata secret
# ignored if cloudinit subchart is enabled.
userDataSecret:
enabled: false
name: ""
################################################################################
# ____ _ _ ___ _ _
# / ___| | ___ _ _ __| |_ _|_ __ (_) |_
# | | | |/ _ \| | | |/ _` || || '_ \| | __|
# | |___| | (_) | |_| | (_| || || | | | | |_
# \____|_|\___/ \__,_|\__,_|___|_| |_|_|\__|
################################################################################
# -- Enable or disable usage of cloud-init sub-chart
cloudinit:
enabled: true
# Not all cloud-init modules are currently supported
# https://cloudinit.readthedocs.io/en/latest/reference/modules.html
# -- name of secret in which to save the user-data file
secret_name: test-scrapmetal-user-data
# -- image version
image: deserializeme/kv-cloud-init:v0.0.1
# -- Choose weather to create a service-account or not. Once a SA has been created
# you should set this to false on subsequent runs.
serviceAccount:
create: true
name: cloud-init-sa
# Ignored is `create` set to true
existingServiceAccountName: "cloud-init-sa"
# -- Set up mount points. mounts contains a list of lists.
# The inner list contains entries for an /etc/fstab line
mounts: []
# - [ /dev/vdb, /media, "ext4", "defaults,nofail,discard", "0", "0" ]
# -- creates a swap file using human-readable values.
swap:
enabled: true
filename: /swapfile
size: 1G
maxsize: 1G
disk_setup: []
# # -- The name of the device.
# - name: /dev/vdb
# # -- This is a list of values, with the percentage of disk that
# # the partition will take. When layout is “true”, it instructs cloud-init
# # to single-partition the entire device. When layout is “false” it means
# # “don’t partition” or “ignore existing partitioning”.
# layout: true
# # -- “false” is the default which means that the device will be checked for
# # a partition table and/or filesystem. “true” is cowboy mode, no checks.
# overwrite: false
# # -- Supported options ate `gpt` and `mbr`
# table_type: 'gpt'
fs_setup: []
# # -- The device name.
# - device: /dev/vdb
# # -- The filesystem type. Supports ext{2,3,4} and vfat
# filesystem: ext4
# # -- The filesystem label to be used. If set to “None”, no label is used.
# label: None
# # -- Options are `auto` or `any`
# partition: 'auto'
# -- Dont recreate script configmap. Set to true when keeping multiple
# cloud-init secrets in the same namespace
existingConfigMap: false
# -- Run envsubst against bootcmd and runcmd fields at the beginning of templating
# Not an official part of cloid-init
envsubst: true
extraEnvVars:
- name: USERNAME
value: friend
- name: NOVNC_VERSION
value: 1.4.0
# -- virtual-machine hostname
hostname: onboardme
# -- namespace in which to create resources
namespace: kubevirt
# -- Disable root login over ssh
disable_root: false
# -- when enabled job sleeps to allow user to exec into the container
debug: false
# -- salt used for password generation
salt: "saltsaltlettuce"
# -- networking options
network:
# -- disable cloud-init’s network configuration capability and rely on
# other methods such as embedded configuration or other customisations.
config: disabled
# -- add wireguard configuration from existing secret or as plain-text
# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#wireguard
wireguard: []
# interfaces:
# - name: wg0
# config_path: /etc/wireguard/wg0.conf
# existingSecret:
# name: wg0-credentials
# key: wg0.conf
# -- user configuration options
# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#users-and-groups
# do NOT use 'admin' as username - it conflicts with multiele cloud-images
users:
- name: friend
groups: users, admin, docker, sudo, kvm
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
lock_passwd: false
# -- set user password from existing secret or generate random
password:
random: true
# random: false
# existingSecret:
# name: admin-password
# key: password
# -- import user ssh public keys from github, gitlab, or launchpad
# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ssh
ssh_import_id: []
# -- provider user ssh pub key as plaintext
ssh_authorized_keys: []
# -- Add CA certificates
# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ca-certificates
ca_certs: []
# remove_defaults: true
# trusted:
# - certificate
# -- Run arbitrary commands early in the boot process
# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#bootcmd
boot_cmd:
- mkdir -p /home/${USERNAME}/.config/systemd/user
# -- Write arbitrary files to disk.
# Files my be provided as plain-text or downloaded from a url
# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#write-files
write_files:
- path: /etc/apt/sources.list
url: https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/etc-apt-sources.list
permissions: '0644'
- path: /etc/modprobe.d/nouveau.conf
content: |-
blacklist nouveau
permissions: '0644'
- path: /etc/default.locale
url: https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/etc-default-locale
permissions: '0644'
- path: /etc/default/keyboard
url: https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/etc-default-keyboard
permissions: '0644'
- path: /home/${USERNAME}/runner.sh
url: https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/gha-runner.sh
permissions: '0644'
- path: /etc/netplan/99-config.yaml
permissions: '0600'
content: |-
---
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: true
mtu: 1500
- path: /etc/nvidia/gridd.conf
permissions: '0644'
content: |-
ServerAddress="vgpu.buildstars.online"
ServerPort=443
FeatureType=0
- path: /etc/X11/Xwrapper.config
permissions: '0644'
content: |-
allowed_users=anybody\nneeds_root_rights=yes
- path: /etc/udev/rules.d/60-sunshine.rules
permissions: '0644'
content: |-
KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"
- path: /etc/environment
permissions: '0644'
url: https://raw.githubusercontent.com/small-hack/smol-metal/refs/heads/main/environmment.txt
# -- Update, upgrade, and install packages
# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#package-update-upgrade-install
package_reboot_if_required: true
package_update: true
package_upgrade: true
packages:
- wireguard
- ssh-import-id
- sudo
- curl
- tmux
- netplan.io
- apt-transport-https
- ca-certificates
- software-properties-common
- htop
- git-extras
- rsyslog
- vim
- gpg
- open-iscsi
- nfs-common
- ncdu
- bc
- zip
- unzip
- pkg-config
- iotop
- cron
- pipx
- qemu-guest-agent
- xinit
- xorg
- firefox-esr
- xfce4-goodies
- x11-utils
- x11vnc
- xvfb
- dbus-x11
- accountsservice
- xfce4
- nvtop
- build-essential
- dkms
- mdevctl
- firmware-misc-nonfree
- linux-headers-amd64
- gcc
- make
- libvulkan1
- libglvnd-dev
- uuid-runtime
- pciutils
## Novnc
- autoconf
- automake
- autotools-dev
- chrpath
- debhelper
- git
- jq
- python3-numpy
- libc6-dev
- libcairo2-dev
- libjpeg-turbo-progs
- libjpeg-dev
- libssl-dev
- libv4l-dev
- libvncserver-dev
- libtool-bin
- libxdamage-dev
- libxinerama-dev
- libxrandr-dev
- libxss-dev
- libxtst-dev
- libavahi-client-dev
# -- Run arbitrary commands
# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#runcmd
runcmd:
#####################
# NoVNC
- rm -rf /var/lib/apt/lists/*
- git clone "https://github.com/LibVNC/x11vnc.git" /tmp/x11vnc
- cd /tmp/x11vnc && autoreconf -fi && ./configure && make install && cd / && rm -rf /tmp/*
- curl -fsSL "https://github.com/novnc/noVNC/archive/v${NOVNC_VERSION}.tar.gz" | tar -xzf - -C /opt
- mv -f "/opt/noVNC-${NOVNC_VERSION}" /opt/noVNC
- ln -snf /opt/noVNC/vnc.html /opt/noVNC/index.html
- git clone "https://github.com/novnc/websockify.git" /opt/noVNC/utils/websockify
- sudo chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}
#####################
# Apply netplan config
- /usr/sbin/netplan --debug generate
- /usr/sbin/netplan --debug apply
- sleep 5
- rm /etc/netplan/50*
######################
# Install YQ
- wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq
- chmod +x /usr/bin/yq
######################
# install kdiskmark
- wget https://github.com/JonMagon/KDiskMark/releases/download/3.1.4/kdiskmark_3.1.4-debian_amd64.deb
- sudo apt-get install -y -f ./kdiskmark_3.1.4-debian_amd64.deb
######################
# Install Docker
- curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
- echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
- sudo apt-get update
- sudo apt-get install -y docker-ce
########################
# Brew and Python3
- wget https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh
- chmod +x /install.sh
- chmod 777 /install.sh
- sudo chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}
- su - ${USERNAME} -c "NONINTERACTIVE=1 /bin/bash /install.sh"
- su - ${USERNAME} -c "/home/linuxbrew/.linuxbrew/bin/brew shellenv >> /home/${USERNAME}/.profile"
- su - ${USERNAME} -c "/home/linuxbrew/.linuxbrew/bin/brew install [email protected]"
- su - ${USERNAME} -c "/home/linuxbrew/.linuxbrew/opt/[email protected]/libexec/bin >> /home/${USERNAME}/.profile"
- sudo chown -R ${USERNAME}:${USERNAME} /home/linuxbrew
- sudo add-apt-repository -y ppa:deadsnakes/ppa
- sudo apt install -y python3.12
- curl -sS https://bootstrap.pypa.io/get-pip.py | python3.12
- sudo -u ${USERNAME} echo 'export PATH="$PATH:$HOME/.local/bin/"' >> /home/${USERNAME}/.profile
#######################
# Steam
- sudo dpkg --add-architecture i386
- sudo apt-get update
#- apt-get install -y steam-installer
######################
# Nvidia Driver
- sudo systemctl stop lightdm
- sudo systemctl disable lightdm
- wget https://buildstars.online/guest/NVIDIA-Linux-x86_64-550.90.07-grid.run
- sudo bash NVIDIA-Linux-x86_64-550.90.07-grid.run --compat32-prefix=/usr --compat32-libdir=lib32 --dkms --silent --install-compat32-libs --no-check-for-alternate-installs --no-backup
- wget --no-check-certificate -O /etc/nvidia/ClientConfigToken/client_configuration_token_$(date '+%d-%m-%Y-%H-%M-%S').tok https://vgpu.buildstars.online/-/client-token
- sudo systemctl restart lightdm
######################
# Nvidia Container Runtime
- curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg && curl -s -L https://nvidia.github.io/libnvidia-container/debian11/libnvidia-container.list | sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
- sudo apt-get update
- sudo apt-get install -y nvidia-container-toolkit
- sudo nvidia-ctk runtime configure --runtime=docker
- sudo systemctl restart docker
######################
# Sunshine
- wget https://github.com/LizardByte/Sunshine//releases/download/v0.23.1/sunshine-debian-bookworm-amd64.deb
- apt-get install -y -f ./sunshine-debian-bookworm-amd64.deb
- sudo udevadm control --reload-rules
- sudo udevadm trigger
- sudo modprobe uinput
- sudo setcap -r $(readlink -f $(which sunshine))
#####################
# Onboardme
- sudo rm /usr/lib/python3.*/EXTERNALLY-MANAGED
- su - ${USERNAME} -c "pipx install onboardme"
- su - ${USERNAME} -c "/home/${USERNAME}/.local/bin/onboardme -O -s dot_files"
- su - ${USERNAME} -c "source /etc/environment && /home/${USERNAME}/.local/bin/onboardme -O"
#####################
# Cleanup
- sudo nvidia-xconfig
- sudo cloud-init clean --logs
################################################################################
# ____ _ ___ ___
#/ ___| ___ _ ____ _(_) ___ ___ ( _ ) |_ _|_ __ __ _ _ __ ___ ___ ___
#\___ \ / _ \ '__\ \ / / |/ __/ _ \ / _ \/\ | || '_ \ / _` | '__/ _ \/ __/ __|
# ___) | __/ | \ V /| | (_| __/ | (_> < | || | | | (_| | | | __/\__ \__ \
#|____/ \___|_| \_/ |_|\___\___| \___/\/ |___|_| |_|\__, |_| \___||___/___/
# |___/
################################################################################
# -- Service cinfiguration. Used to expose VM to the outside world.
# Accepts a list of ports to open.
service:
- name: test-service
type: LoadBalancer
externalTrafficPolicy: null
ports:
- name: ssh
port: 22
targetPort: 22
protocol: TCP
- name: vnc
port: 5900
targetPort: 5900
protocol: TCP
- name: rdp
nodePort: 31597
port: 3389
protocol: TCP
targetPort: 3389
- name: sunshine0
port: 47984
protocol: TCP
targetPort: 47984
- name: sunshine1
port: 47985
protocol: TCP
targetPort: 47985
- name: sunshine2
port: 47986
protocol: TCP
targetPort: 47986
- name: sunshine3
port: 47987
protocol: TCP
targetPort: 47987
- name: sunshine4
port: 47988
protocol: TCP
targetPort: 47988
- name: sunshine5
port: 47989
protocol: TCP
targetPort: 47989
- name: sunshine6
port: 47990
protocol: TCP
targetPort: 47990
- name: sunshine7
port: 47998
protocol: UDP
targetPort: 47998
- name: sunshine8
port: 47999
protocol: UDP
targetPort: 47999
- name: sunshine9
port: 48000
protocol: UDP
targetPort: 48000
- name: sunshine10
port: 48010
protocol: TCP
targetPort: 48010
# -- Ingress configuration
ingress:
enabled: false
className: "nginx"
hostname: "novnc.buildstar.online"
annotations: {}
# cert-manager.io/cluster-issuer: "letsencrypt-staging"
tls: []
# enabled: true
# secretName: "tls-kubevirt-manager"
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: test-service
# port:
# number: 8080
################################################################################
# _ _ _ _ ____ _ _ _
# | \ | | ___| |___ _____ _ __| | __ | _ \ ___ | (_) ___(_) ___ ___
# | \| |/ _ \ __\ \ /\ / / _ \| '__| |/ / | |_) / _ \| | |/ __| |/ _ \/ __|
# | |\ | __/ |_ \ V V / (_) | | | < | __/ (_) | | | (__| | __/\__ \
# |_| \_|\___|\__| \_/\_/ \___/|_| |_|\_\ |_| \___/|_|_|\___|_|\___||___/
################################################################################
networkPolicy:
# -- Enable the creation of network policies
enabled: false
egress:
# Allow communication to Kubernetes DNS service
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
- podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- protocol: UDP
port: 53
# Allow internet access
- to:
- ipBlock:
cidr: 0.0.0.0/0
# Exclude traffic to Kubernetes service IPs and pods
except:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
ingress:
# Allow internet access from the ingress controller
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: "ingress-nginx"
- podSelector:
matchLabels:
app.kubernetes.io/name: "ingress-nginx"
################################################################################
# ____ _
# | _ \ _ __ ___ | |__ ___ ___
# | |_) | '__/ _ \| '_ \ / _ \/ __|
# | __/| | | (_) | |_) | __/\__ \
# |_| |_| \___/|_.__/ \___||___/
################################################################################
# -- set tieming and port number for liveness probe
# livenessProbe:
# initialDelaySeconds: 60
# periodSeconds: 10
# tcpSocket:
# port: 8080
# timeoutSeconds: 10
# -- set tieming and port number for readiness probe
# readinessProbe:
# initialDelaySeconds: 60
# periodSeconds: 10
# timeoutSeconds: 10
# failureThreshold: 6
# successThreshold: 1
# httpGet:
# port: 8080