KubeVirt
Definition
KubeVirt is an extension of Kubernetes that allows users to run virtual machines (VMs) alongside containerized applications in a Kubernetes cluster. It leverages Kubernetes’ orchestration capabilities to manage VMs, providing a unified platform for both containerized and traditional VM workloads. This integration facilitates the migration of legacy applications to cloud-native environments without the need for complete re-architecture.
Secure Settings Example
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: secure-vm
spec:
running: true
template:
spec:
domain:
devices:
disks:
- name: containerdisk
disk:
bus: virtio
interfaces:
- name: default
masquerade: {}
resources:
requests:
memory: 512Mi
networks:
- name: default
pod: {}
terminationGracePeriodSeconds: 30
securityContext:
runAsNonRoot: true
capabilities:
drop:
- ALL
Insecure Settings Example
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: insecure-vm
spec:
running: true
template:
spec:
domain:
devices:
disks:
- name: containerdisk
disk:
bus: virtio
interfaces:
- name: default
bridge: {}
resources:
requests:
memory: 512Mi
networks:
- name: default
pod: {}
terminationGracePeriodSeconds: 0
securityContext:
runAsNonRoot: false
capabilities:
add:
- NET_ADMIN