Created
September 18, 2025 19:43
-
-
Save dana-at-cp/c3fc1bdd6494b8bfdfcd55ac5fef51ca to your computer and use it in GitHub Desktop.
Deploy a Check Point CloudGuard Network security gateway in an OpenShift namespace with primary and secondary user defined networks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: k8s.cni.cncf.io/v1 | |
| kind: NetworkAttachmentDefinition | |
| metadata: | |
| name: br-ex-network | |
| namespace: djtlabz-alpha | |
| spec: | |
| config: '{ | |
| "name":"br-ex-network", | |
| "type":"ovn-k8s-cni-overlay", | |
| "cniVersion":"0.4.0", | |
| "topology":"localnet", | |
| "netAttachDefName":"djtlabz-alpha/br-ex-network" | |
| }' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: nmstate.io/v1 | |
| kind: NodeNetworkConfigurationPolicy | |
| metadata: | |
| name: br-ex-network | |
| spec: | |
| nodeSelector: | |
| node-role.kubernetes.io/worker: '' | |
| desiredState: | |
| ovn: | |
| bridge-mappings: | |
| - localnet: br-ex-network | |
| bridge: br-ex | |
| state: present |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: kubevirt.io/v1 | |
| kind: VirtualMachine | |
| metadata: | |
| name: chkp-gw-00 | |
| namespace: djtlabz-alpha | |
| spec: | |
| runStrategy: Always | |
| template: | |
| metadata: | |
| labels: | |
| kubevirt.io/vm: chkp-gw-00 | |
| spec: | |
| networks: | |
| - name: primary | |
| pod: {} | |
| - multus: | |
| networkName: web | |
| name: web | |
| - multus: | |
| networkName: db | |
| name: db | |
| - multus: | |
| networkName: djtlabz-alpha/br-ex-network | |
| name: br-ex-interface | |
| domain: | |
| cpu: | |
| cores: 4 | |
| memory: | |
| guest: 16Gi | |
| devices: | |
| interfaces: | |
| - binding: | |
| name: l2bridge | |
| name: primary | |
| - binding: | |
| name: l2bridge | |
| name: web | |
| - binding: | |
| name: l2bridge | |
| name: db | |
| - name: br-ex-interface | |
| bridge: {} | |
| disks: | |
| - name: rootdisk | |
| bootOrder: 1 | |
| disk: | |
| bus: virtio | |
| volumes: | |
| - name: rootdisk | |
| dataVolume: | |
| name: chkp-gw-00-volume | |
| # Optional: Add cloud-init or other configurations here | |
| # networks: | |
| # - name: default | |
| # pod: {} | |
| dataVolumeTemplates: | |
| - metadata: | |
| name: chkp-gw-00-volume | |
| spec: | |
| storage: | |
| resources: | |
| requests: | |
| storage: 128Gi # Size of the new PVC for the VM | |
| sourceRef: | |
| kind: DataSource | |
| name: chkp-r81dot20-gw-only # Name of your existing DataSource | |
| namespace: openshift-virtualization-os-images # Or the namespace where your DataSource resides |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: djtlabz-alpha | |
| labels: | |
| k8s.ovn.org/primary-user-defined-network: "" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: k8s.ovn.org/v1 | |
| kind: UserDefinedNetwork | |
| metadata: | |
| name: db | |
| namespace: djtlabz-alpha | |
| spec: | |
| layer2: | |
| ipam: | |
| mode: Disabled | |
| role: Secondary | |
| topology: Layer2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: k8s.ovn.org/v1 | |
| kind: UserDefinedNetwork | |
| metadata: | |
| name: web | |
| namespace: djtlabz-alpha | |
| spec: | |
| layer2: | |
| ipam: | |
| mode: Disabled | |
| role: Secondary | |
| topology: Layer2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: k8s.ovn.org/v1 | |
| kind: UserDefinedNetwork | |
| metadata: | |
| name: primary | |
| namespace: djtlabz-alpha | |
| spec: | |
| layer2: | |
| ipam: | |
| lifecycle: Persistent | |
| role: Primary | |
| subnets: | |
| - 10.0.0.0/16 | |
| topology: Layer2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment