From f96995618d14e5e33a7f1fd0ce16183cb13c42d4 Mon Sep 17 00:00:00 2001 From: Michael Thomson Date: Wed, 22 Nov 2023 15:15:53 -0500 Subject: [PATCH] longhorn --- .../helmrepository-longhorn.yaml | 8 + .../kustomization-longhorn.yaml | 18 + bootstrap/namespaces/namespace-longhorn.yaml | 4 + longhorn/helmrelease-longhorn.yaml | 314 ++++++++++++++++++ 4 files changed, 344 insertions(+) create mode 100644 bootstrap/helmrepositories/helmrepository-longhorn.yaml create mode 100644 bootstrap/kustomizations/kustomization-longhorn.yaml create mode 100644 bootstrap/namespaces/namespace-longhorn.yaml create mode 100644 longhorn/helmrelease-longhorn.yaml diff --git a/bootstrap/helmrepositories/helmrepository-longhorn.yaml b/bootstrap/helmrepositories/helmrepository-longhorn.yaml new file mode 100644 index 0000000..840c26f --- /dev/null +++ b/bootstrap/helmrepositories/helmrepository-longhorn.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: longhorn + namespace: flux-system +spec: + interval: 15m + url: https://charts.longhorn.io diff --git a/bootstrap/kustomizations/kustomization-longhorn.yaml b/bootstrap/kustomizations/kustomization-longhorn.yaml new file mode 100644 index 0000000..82b8de2 --- /dev/null +++ b/bootstrap/kustomizations/kustomization-longhorn.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: longhorn + namespace: flux-system +spec: + interval: 15m + path: ./longhorn + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: longhorn + namespace: longhorn diff --git a/bootstrap/namespaces/namespace-longhorn.yaml b/bootstrap/namespaces/namespace-longhorn.yaml new file mode 100644 index 0000000..9ac9395 --- /dev/null +++ b/bootstrap/namespaces/namespace-longhorn.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: longhorn-system diff --git a/longhorn/helmrelease-longhorn.yaml b/longhorn/helmrelease-longhorn.yaml new file mode 100644 index 0000000..52dc278 --- /dev/null +++ b/longhorn/helmrelease-longhorn.yaml @@ -0,0 +1,314 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: longhorn + namespace: longhorn-system +spec: + chart: + spec: + chart: longhorn + version: 1.5.x + sourceRef: + kind: HelmRepository + name: longhorn + namespace: flux-system + interval: 15m + timeout: 5m + releaseName: longhorn + values: + # Default values for longhorn. + # This is a YAML-formatted file. + # Declare variables to be passed into your templates. + global: + cattle: + systemDefaultRegistry: "" + windowsCluster: + # Enable this to allow Longhorn to run on the Rancher deployed Windows cluster + enabled: false + # Tolerate Linux node taint + tolerations: + - key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + # Select Linux nodes + nodeSelector: + kubernetes.io/os: "linux" + # Recognize toleration and node selector for Longhorn run-time created components + defaultSetting: + taintToleration: cattle.io/os=linux:NoSchedule + systemManagedComponentsNodeSelector: kubernetes.io/os:linux + + networkPolicies: + enabled: false + # Available types: k3s, rke2, rke1 + type: "k3s" + + image: + longhorn: + engine: + repository: longhornio/longhorn-engine + tag: v1.5.3 + manager: + repository: longhornio/longhorn-manager + tag: v1.5.3 + ui: + repository: longhornio/longhorn-ui + tag: v1.5.3 + instanceManager: + repository: longhornio/longhorn-instance-manager + tag: v1.5.3 + shareManager: + repository: longhornio/longhorn-share-manager + tag: v1.5.3 + backingImageManager: + repository: longhornio/backing-image-manager + tag: v1.5.3 + supportBundleKit: + repository: longhornio/support-bundle-kit + tag: v0.0.27 + csi: + attacher: + repository: longhornio/csi-attacher + tag: v4.2.0 + provisioner: + repository: longhornio/csi-provisioner + tag: v3.4.1 + nodeDriverRegistrar: + repository: longhornio/csi-node-driver-registrar + tag: v2.7.0 + resizer: + repository: longhornio/csi-resizer + tag: v1.7.0 + snapshotter: + repository: longhornio/csi-snapshotter + tag: v6.2.1 + livenessProbe: + repository: longhornio/livenessprobe + tag: v2.9.0 + pullPolicy: IfNotPresent + + service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + loadBalancerIP: "" + loadBalancerSourceRanges: "" + + persistence: + defaultClass: true + defaultFsType: ext4 + defaultMkfsParams: "" + defaultClassReplicaCount: 3 + defaultDataLocality: disabled # best-effort otherwise + reclaimPolicy: Delete + migratable: false + recurringJobSelector: + enable: false + jobList: [] + backingImage: + enable: false + name: ~ + dataSourceType: ~ + dataSourceParameters: ~ + expectedChecksum: ~ + defaultNodeSelector: + enable: false # disable by default + selector: "" + removeSnapshotsDuringFilesystemTrim: ignored # "enabled" or "disabled" otherwise + + helmPreUpgradeCheckerJob: + enabled: true + + csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + snapshotterReplicaCount: ~ + + defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + allowRecurringJobWhileVolumeDetached: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + defaultDataLocality: ~ + replicaSoftAntiAffinity: ~ + replicaAutoBalance: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + storageReservedPercentageForDefaultDisk: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + failedBackupTTL: ~ + restoreVolumeRecurringJobs: ~ + recurringSuccessfulJobsHistoryLimit: ~ + recurringFailedJobsHistoryLimit: ~ + supportBundleFailedHistoryLimit: ~ + taintToleration: ~ + systemManagedComponentsNodeSelector: ~ + priorityClass: ~ + autoSalvage: ~ + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + nodeDownPodDeletionPolicy: ~ + nodeDrainPolicy: ~ + replicaReplenishmentWaitInterval: ~ + concurrentReplicaRebuildPerNodeLimit: ~ + concurrentVolumeBackupRestorePerNodeLimit: ~ + disableRevisionCounter: ~ + systemManagedPodsImagePullPolicy: ~ + allowVolumeCreationWithDegradedAvailability: ~ + autoCleanupSystemGeneratedSnapshot: ~ + concurrentAutomaticEngineUpgradePerNodeLimit: ~ + backingImageCleanupWaitInterval: ~ + backingImageRecoveryWaitInterval: ~ + guaranteedInstanceManagerCPU: ~ + kubernetesClusterAutoscalerEnabled: ~ + orphanAutoDeletion: ~ + storageNetwork: ~ + deletingConfirmationFlag: ~ + engineReplicaTimeout: ~ + snapshotDataIntegrity: ~ + snapshotDataIntegrityImmediateCheckAfterSnapshotCreation: ~ + snapshotDataIntegrityCronjob: ~ + removeSnapshotsDuringFilesystemTrim: ~ + fastReplicaRebuildEnabled: ~ + replicaFileSyncHttpClientTimeout: ~ + logLevel: ~ + backupCompressionMethod: ~ + backupConcurrentLimit: ~ + restoreConcurrentLimit: ~ + v2DataEngine: ~ + offlineReplicaRebuilding: ~ + privateRegistry: + createSecret: ~ + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + registrySecret: ~ + + longhornManager: + log: + ## Allowed values are `plain` or `json`. + format: plain + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + serviceAnnotations: {} + ## If you want to set annotations for the Longhorn Manager service, delete the `{}` in the line above + ## and uncomment this example block + # annotation-key1: "annotation-value1" + # annotation-key2: "annotation-value2" + + longhornDriver: + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + + longhornUI: + replicas: 2 + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + + ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## Add ingressClassName to the Ingress + ## Can replace the kubernetes.io/ingress.class annotation on v1.18+ + ingressClassName: ~ + + host: sslip.io + + ## Set this to true in order to enable TLS on the ingress record + tls: false + + ## Enable this in order to enable that the backend service will be connected at port 443 + secureBackends: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## If ingress is enabled you can set the default ingress path + ## then you can access the UI by using the following full path {{host}}+{{path}} + path: / + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + + # For Kubernetes < v1.25, if your cluster enables Pod Security Policy admission controller, + # set this to `true` to ship longhorn-psp which allow privileged Longhorn pods to start + enablePSP: false + + ## Specify override namespace, specifically this is useful for using longhorn as sub-chart + ## and its release namespace is not the `longhorn-system` + namespaceOverride: "" + + # Annotations to add to the Longhorn Manager DaemonSet Pods. Optional. + annotations: {} + + serviceAccount: + # Annotations to add to the service account + annotations: {}