feat(infra): add Multus CNI + CDI + PROD VLAN 57 NAD as GitOps prereqs for ci1

Adds three new bluejay-infra apps that auto-pickup via ApplicationSet (apps/* directory generator on main): * apps/multus/multus.yaml — Multus CNI v4.2.2 thick-plugin daemonset (verbatim upstream, project-annotated). Enables KubeVirt VMs to attach additional network interfaces. Required by ci1 to bridge onto PROD VLAN 57. * apps/cdi/{cdi-operator.yaml,cdi-cr.yaml,README.md} — Containerized Data Importer v1.65.0 (verbatim upstream). Operator + CR pattern. Enables populating PVCs from HTTP/registry/upload sources, used to load the Windows Server 2025 ISO into the windows-server-2025-iso PVC. * apps/kubevirt-vms/prod-vlan57-nad.yaml — NetworkAttachmentDefinition for PROD VLAN 57 bridge. **Deploy gated on Phase 1.5 host work**: requires br-prod bridge enslaving enp86s0.57 on each RKE2 node (Puppet config-as-code). ci1.yaml continues to use pod-network masquerade until that lands; switching to multus.networkName: kubevirt-vms/prod-vlan57 is a one-line YAML edit followed by a GitOps push. Cluster verification (2026-05-08): - KubeVirt LIVE (3 nodes, virt-api/controller/handler/operator all Running) - Calico CNI on /etc/cni/net.d + /opt/cni/bin (Multus default paths) - ApplicationSet `bluejay-infra` already watches `apps/*` on main Reproducibility: upstream YAMLs vendored verbatim with project header diffs only. Bumping versions = re-curl + git push. No deploy-time internet fetch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 13:05:58 -05:00
parent 00c11b4eaa
commit b3529f8e96
5 changed files with 6239 additions and 0 deletions
--- a/apps/cdi/README.md
+++ b/apps/cdi/README.md
@@ -0,0 +1,69 @@
+# CDI — Containerized Data Importer
+
+KubeVirt's `containerized-data-importer` for populating PVCs from external
+sources (HTTP, HTTPS, container registry, S3, virtctl upload). Required to
+import the Windows Server 2025 ISO into the `windows-server-2025-iso` PVC
+that `apps/kubevirt-vms/ci1.yaml` mounts as a CDROM.
+
+## Files
+
+| File              | Source                                                                                                            | Purpose                                            |
+| ----------------- | ----------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
+| `cdi-operator.yaml` | [`v1.65.0`](https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.65.0) — verbatim copy        | Installs operator + CRDs (5779 lines, large)       |
+| `cdi-cr.yaml`     | [`v1.65.0`](https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.65.0) — annotated + commented | Tells operator to deploy CDI components          |
+
+`cdi-operator.yaml` is **vendored verbatim** from the upstream release for
+air-gap reproducibility (no internet fetch at deploy time, ArgoCD prune
+contracts hold). To bump versions:
+
+```bash
+CDI_VER=v1.66.0  # for example
+curl -sL "https://github.com/kubevirt/containerized-data-importer/releases/download/${CDI_VER}/cdi-operator.yaml" \
+  -o apps/cdi/cdi-operator.yaml
+curl -sL "https://github.com/kubevirt/containerized-data-importer/releases/download/${CDI_VER}/cdi-cr.yaml" \
+  -o /tmp/cdi-cr-new.yaml  # then re-apply project header diff
+git diff apps/cdi/  # review
+git commit + push
+```
+
+## Verify after deploy
+
+```bash
+kubectl -n cdi get pods               # operator + apiserver + deployment + uploadproxy
+kubectl get cdis cdi -o jsonpath='{.status.phase}'  # "Deployed"
+kubectl get crd | grep cdi.kubevirt.io
+# Expected CRDs: datavolumes.cdi.kubevirt.io, cdiconfigs.cdi.kubevirt.io,
+# storageprofiles.cdi.kubevirt.io, dataimportcrons.cdi.kubevirt.io,
+# datasources.cdi.kubevirt.io, objecttransfers.cdi.kubevirt.io
+```
+
+## Use after install
+
+```yaml
+# Example DataVolume that imports from HTTP
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: DataVolume
+metadata:
+  name: my-iso
+spec:
+  source:
+    http:
+      url: "https://server/path/to.iso"
+  pvc:
+    accessModes: [ReadWriteOnce]
+    resources:
+      requests:
+        storage: 10Gi
+    storageClassName: longhorn
+```
+
+```bash
+# Or upload from local disk via virtctl
+virtctl image-upload pvc my-iso \
+  --image-path ./my.iso \
+  --size 10Gi \
+  --storage-class longhorn \
+  --access-mode ReadWriteOnce \
+  --uploadproxy-url https://cdi-uploadproxy.cdi.svc:443 \
+  --insecure
+```