Revert "ci1: expose WinRM/RDP/SSH ports on masquerade interface for Phase 2 bootstrap"

The port additions caused the new VMI to stick at phase=Scheduled with reason=GuestNotRunning. The guest-console-log sidecar exited 1 and qemu never started. Reverting to the working 9-day-stable shape until the port-add path is verified in a non-production VM. Phase 2 (Windows runner install + registration) needs an operator- interactive virtctl-vnc session against the rebuilt VM, OR a separate investigation of why this port-add tipped over the VM. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 11:35:10 -05:00
parent 1c36fe3a0a
commit cbdefb2b23
1 changed files with 0 additions and 14 deletions
--- a/apps/kubevirt-vms/ci1.yaml
+++ b/apps/kubevirt-vms/ci1.yaml
@@ -77,23 +77,9 @@ spec:
          interfaces:
            # Pod-network fallback for CI runner outbound traffic. Switch to
            # prod-vlan57 once the bridge/NAD lane is ready for L2 access.
-            #
-            # Ports exposed for runner bootstrap (Phase 2 access): WinRM HTTP
-            # (5985) for PowerShell remoting from kubectl port-forward, RDP
-            # (3389) for full desktop via virtctl/Guacamole, SSH (22) for
-            # OpenSSH-Server-based future automation. Outbound CI runner
-            # traffic does not need any of these — they exist so the operator
-            # can install + register the GitHub Actions runner inside the VM.
            - name: default
              masquerade: {}
              model: virtio
-              ports:
-                - name: winrm-http
-                  port: 5985
-                - name: rdp
-                  port: 3389
-                - name: ssh
-                  port: 22
        machine:
          type: q35
      networks: