Configuration Guide¶

This guide covers advanced configuration options for KubeVirtBMC.

Table of Contents¶

Helm Chart Configuration
Image Configuration
Exposing Redfish Externally
Secret Management

Helm Chart Configuration¶

For the complete Helm chart values reference, see the values.yaml file.

Image Configuration¶

If you want to use your own manager image, modify the image configuration:

# Image configuration
image:
  repository: starbops/virtbmc-controller # Change to your own registry
  pullPolicy: IfNotPresent
  tag: "v0.7.0"

If you want to use your own virtbmc image, pass the image via controller flags:

manager:
  args:
    - --agent-image-name=starbops/virtbmc
    - --agent-image-tag=v0.7.0

Exposing Redfish Externally¶

Redfish can be exposed externally using Ingress, enabling access from outside the cluster.

Note: The ingress-nginx controller is retiring. Consider using alternative ingress controllers such as Traefik or F5, or use the Gateway API instead.

Prerequisites¶

Ingress controller installed
cert-manager for TLS certificates

Using Ingress¶

Step 1: Create ClusterIssuer (for TLS)¶

Create a ClusterIssuer using Let's Encrypt for production use:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # Replace this email address with your own.
    email: [email protected]
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: prod-letsencrypt-account-key
    solvers:
    - http01:
        ingress:
          ingressClassName: <ingressClassName>

Step 2: Create Ingress for Each Virtual BMC¶

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-vm-virtbmc
  namespace: default
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: traefik  # Should match the ingressClassName in ClusterIssuer
  tls:
  - hosts:
    - my-vm-bmc.example.com
    secretName: my-vm-virtbmc-tls
  rules:
  - host: my-vm-bmc.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-vm-virtbmc
            port:
              number: 80

Step 3: Access Redfish Externally¶

# Access via HTTPS
curl https://my-vm-bmc.example.com/redfish/v1

# Create session
curl -k -i -X POST \
    -H "Content-Type: application/json" \
    https://my-vm-bmc.example.com/redfish/v1/SessionService/Sessions \
    -d '{"UserName":"admin","Password":"password"}'

Secret Management¶

Using External Secrets Operator¶

You can use the External Secrets Operator to manage secrets from external secret management systems:

Next Steps¶

Read Getting Started Guide for installation instructions