Kubernetes : 仮想マシン作成2025/11/07

KubeVirt で仮想マシンを作成します。

当例では以下のように 4 台のノードを使用して Kubernetes クラスターを構成しています。

+----------------------+   +----------------------+
|  [ ctrl.srv.world ]  |   |   [ dlp.srv.world ]  |
|     Manager Node     |   |     Control Plane    |
+-----------+----------+   +-----------+----------+
        eth0|10.0.0.25             eth0|10.0.0.30
            |                          |
------------+--------------------------+-----------
            |                          |
        eth0|10.0.0.51             eth0|10.0.0.52
+-----------+----------+   +-----------+----------+
| [ node01.srv.world ] |   | [ node02.srv.world ] |
|     Worker Node#1    |   |     Worker Node#2    |
+----------------------+   +----------------------+

[1]

OS イメージを保管するための外部ストレージが必要となります。
当例では、こちらの [1], [2], [3] の通り、ローカルネットワーク内に NFS サーバーを用意し、[/home/nfsshare] ディレクトリを共有ディレクトリとして設定して、動的プロビジョニングできるよう NFS subdir external provisioner を設定して進めます。

[2]

OS イメージを保管するために Containerized Data Importer をインストールします。

suse@ctrl:~>

export TAG=$(curl -s -w %{redirect_url} https://github.com/kubevirt/containerized-data-importer/releases/latest)

suse@ctrl:~>

export VERSION=$(echo ${TAG##*/})

suse@ctrl:~>

wget https://github.com/kubevirt/containerized-data-importer/releases/download/${VERSION}/cdi-operator.yaml

suse@ctrl:~>

wget https://github.com/kubevirt/containerized-data-importer/releases/download/${VERSION}/cdi-cr.yaml

suse@ctrl:~>

vi cdi-cr.yaml

apiVersion: cdi.kubevirt.io/v1beta1
kind: CDI
metadata:
  name: cdi
spec:
  config:
    # 下行を追記してメモリーリミットを適当に増やす
    podResourceRequirements:
      limits:
        cpu: '1'
        memory: 4Gi
    featureGates:
    - HonorWaitForFirstConsumer
  imagePullPolicy: IfNotPresent
  infra:
    nodeSelector:
      kubernetes.io/os: linux
    tolerations:
    - key: CriticalAddonsOnly
      operator: Exists
  workload:
    nodeSelector:
      kubernetes.io/os: linux

suse@ctrl:~>

kubectl apply -f cdi-operator.yaml

namespace/cdi created
customresourcedefinition.apiextensions.k8s.io/cdis.cdi.kubevirt.io created
clusterrole.rbac.authorization.k8s.io/cdi-operator-cluster created
clusterrolebinding.rbac.authorization.k8s.io/cdi-operator created
serviceaccount/cdi-operator created
role.rbac.authorization.k8s.io/cdi-operator created
rolebinding.rbac.authorization.k8s.io/cdi-operator created
deployment.apps/cdi-operator created

suse@ctrl:~>

kubectl apply -f cdi-cr.yaml

cdi.cdi.kubevirt.io/cdi created

# 一定時間経過すると関連 pod が起動

suse@ctrl:~>

kubectl get pods -n cdi

NAME                               READY   STATUS    RESTARTS      AGE
cdi-apiserver-6d6fd6cb84-xx5x9     1/1     Running   1 (40s ago)   58s
cdi-deployment-58548f6d58-fsfzl    1/1     Running   0             58s
cdi-operator-5659646c9-xw5wz       1/1     Running   0             67s
cdi-uploadproxy-6f47fb85b9-j4sdq   1/1     Running   0             58s

[3]	仮想マシンを作成します。当例では Debian で作成します。

suse@ctrl:~>

kubectl get sc

NAME         PROVISIONER                                                RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
nfs-client   cluster.local/nfs-client-nfs-subdir-external-provisioner   Delete          Immediate           true                   99m

# PVC 作成

suse@ctrl:~>

vi debian-pvc.yml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: "debian-pvc"
  labels:
    app: containerized-data-importer
  annotations:
    cdi.kubevirt.io/storage.import.endpoint: "https://cdimage.debian.org/images/cloud/trixie/latest/debian-13-generic-amd64.raw"
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: nfs-client

suse@ctrl:~>

kubectl apply -f debian-pvc.yml

persistentvolumeclaim/debian-pvc created

suse@ctrl:~>

kubectl get pvc

NAME         STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
debian-pvc   Bound    pvc-ed63ba3a-7ccb-4490-a3a0-96f3c3ba609e   10Gi       RWO            nfs-client     <unset>                 32s

suse@ctrl:~>

kubectl get pods

NAME                  READY   STATUS    RESTARTS   AGE
importer-debian-pvc   1/1     Running   0          21s

# possible to see importing logs

suse@ctrl:~>

kubectl logs -f importer-debian-pvc

.....
.....
I1107 04:29:32.650934       1 data-processor.go:354] Expanding image size to: 10129244160
E1107 04:29:32.659790       1 prlimit.go:156] failed to kill the process; os: process already finished
I1107 04:29:32.659819       1 data-processor.go:266] Validating image
E1107 04:29:32.668756       1 prlimit.go:156] failed to kill the process; os: process already finished
I1107 04:29:32.675645       1 data-processor.go:260] New phase: Complete
I1107 04:29:32.676018       1 importer.go:231] {"scratchSpaceRequired":false,"preallocationApplied":false,"message":"Import Complete"}

# データのインポートが終了するとimporter pod も終了

suse@ctrl:~>

kubectl get pods

No resources found in default namespace.

# 仮想マシン作成

suse@ctrl:~>

vi debian-vm.yml

apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: debian13
  labels:
    kubevirt.io/os: linux
spec:
  runStrategy: Halted
  template:
    spec:
      domain:
        cpu:
          cores: 2
        devices:
          disks:
          - disk:
              bus: virtio
            name: disk0
          - cdrom:
              bus: sata
              readonly: true
            name: cloudinitdisk
          interfaces:
          - name: default
            masquerade: {}
        machine:
          type: q35
        resources:
          requests:
            memory: 4096M
      networks:
      - name: default
        pod: {}
      volumes:
      - name: disk0
        persistentVolumeClaim:
          claimName: debian-pvc
      - cloudInitNoCloud:
          userData: |
            #cloud-config
            hostname: debian13
            ssh_pwauth: true
            disable_root: false
            chpasswd:
              list: |
                root:myrootpassword
                debian:userpassword
              expire: False
        name: cloudinitdisk

suse@ctrl:~>

kubectl apply -f debian-vm.yml

virtualmachine.kubevirt.io/debian13 created

suse@ctrl:~>

kubectl get vms

NAME       AGE   STATUS    READY
debian13   17s   Stopped   False

suse@ctrl:~> virtctl start debian13 
VM debian13 was scheduled to start

suse@ctrl:~>

kubectl get vmi

NAME       AGE   PHASE     IP               NODENAME           READY
debian13   18s   Running   192.168.40.219   node01.srv.world   True

suse@ctrl:~> virtctl console debian13 
Successfully connected to debian13 console. Press Ctrl+] or Ctrl+5 to exit console.

debian13 login: root
Password:
Linux debian13 6.12.48+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.48-1 (2025-09-20) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@debian13:~#
# ホストのコンソールに戻るには Ctrl + ] キー
# * virsh コマンドと同じ操作


# ssh で接続
suse@ctrl:~> kubectl get pods 
NAME                           READY   STATUS    RESTARTS   AGE
virt-launcher-debian13-t7rtw   2/2     Running   0          21s

suse@ctrl:~> kubectl port-forward pod/virt-launcher-debian13-t7rtw 2221:22 & 

suse@ctrl:~> ssh debian@127.0.0.1 -p 2221 
Handling connection for 2221
The authenticity of host '[127.0.0.1]:2221 ([127.0.0.1]:2221)' can't be established.
ED25519 key fingerprint is SHA256:bc9jh0VgOxVNFIgmSVol7UKendQSROJDCl0n0UWSd5A.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[127.0.0.1]:2221' (ED25519) to the list of known hosts.
debian@127.0.0.1's password:
Linux debian13 6.12.41+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.41-1 (2025-08-12) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
debian@debian13:~$