homelab/archive/2022.07.bxl-k3s-pi/utils/longhorn/app.yaml

372 lines
9.4 KiB
YAML
Raw Normal View History

2023-04-16 15:04:06 +02:00
apiVersion: v1
kind: Namespace
metadata:
name: longhorn-system
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: longhorn-psp
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities:
- NET_RAW
allowedCapabilities:
- SYS_ADMIN
hostNetwork: false
hostIPC: false
hostPID: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
- hostPath
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: longhorn-manager
name: longhorn-manager
namespace: longhorn-system
spec:
selector:
matchLabels:
app: longhorn-manager
template:
metadata:
labels:
app: longhorn-manager
spec:
containers:
- name: longhorn-manager
image: longhornio/longhorn-manager:v1.2.4
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
command:
- longhorn-manager
- -d
- daemon
- --engine-image
- longhornio/longhorn-engine:v1.2.4
- --instance-manager-image
- longhornio/longhorn-instance-manager:v1_20220303
- --share-manager-image
- longhornio/longhorn-share-manager:v1_20211020
- --backing-image-manager-image
- longhornio/backing-image-manager:v2_20210820
- --manager-image
- longhornio/longhorn-manager:v1.2.4
- --service-account
- longhorn-service-account
ports:
- containerPort: 9500
name: manager
readinessProbe:
tcpSocket:
port: 9500
volumeMounts:
- name: dev
mountPath: /host/dev/
- name: proc
mountPath: /host/proc/
- name: longhorn
mountPath: /var/lib/longhorn/
mountPropagation: Bidirectional
- name: longhorn-default-setting
mountPath: /var/lib/longhorn-setting/
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Should be: mount path of the volume longhorn-default-setting + the key of the configmap data in 04-default-setting.yaml
- name: DEFAULT_SETTING_PATH
value: /var/lib/longhorn-setting/default-setting.yaml
volumes:
- name: dev
hostPath:
path: /dev/
- name: proc
hostPath:
path: /proc/
- name: longhorn
hostPath:
path: /var/lib/longhorn/
- name: longhorn-default-setting
configMap:
name: longhorn-default-setting
# imagePullSecrets:
# - name: ""
# priorityClassName:
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
# nodeSelector:
# storage: "true"
# label-key2: "label-value2"
serviceAccountName: longhorn-service-account
updateStrategy:
rollingUpdate:
maxUnavailable: "100%"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: longhorn-manager
name: longhorn-backend
namespace: longhorn-system
spec:
type: ClusterIP
sessionAffinity: ClientIP
selector:
app: longhorn-manager
ports:
- name: manager
port: 9500
targetPort: manager
---
apiVersion: v1
kind: Service
metadata:
name: longhorn-engine-manager
namespace: longhorn-system
spec:
clusterIP: None
selector:
longhorn.io/component: instance-manager
longhorn.io/instance-manager-type: engine
---
apiVersion: v1
kind: Service
metadata:
name: longhorn-replica-manager
namespace: longhorn-system
spec:
clusterIP: None
selector:
longhorn.io/component: instance-manager
longhorn.io/instance-manager-type: replica
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: longhorn-ui
name: longhorn-ui
namespace: longhorn-system
spec:
replicas: 1
selector:
matchLabels:
app: longhorn-ui
template:
metadata:
labels:
app: longhorn-ui
spec:
containers:
- name: longhorn-ui
image: longhornio/longhorn-ui:v1.2.4
imagePullPolicy: IfNotPresent
volumeMounts:
- name : nginx-cache
mountPath: /var/cache/nginx/
- name : nginx-config
mountPath: /var/config/nginx/
- name: var-run
mountPath: /var/run/
ports:
- containerPort: 8000
name: http
env:
- name: LONGHORN_MANAGER_IP
value: "http://longhorn-backend:9500"
volumes:
- emptyDir: {}
name: nginx-cache
- emptyDir: {}
name: nginx-config
- emptyDir: {}
name: var-run
# imagePullSecrets:
# - name: ""
# priorityClassName:
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
# nodeSelector:
# label-key1: "label-value1"
# label-key2: "label-value2"
---
kind: Service
apiVersion: v1
metadata:
labels:
app: longhorn-ui
name: longhorn-frontend
namespace: longhorn-system
spec:
type: ClusterIP
selector:
app: longhorn-ui
ports:
- name: http
port: 80
targetPort: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: longhorn
namespace: longhorn-system
annotations:
cert-manager.io/cluster-issuer: "bhasherca-k3s-issuer"
cert-manager.io/common-name: "longhorn.bhasher.com"
# nginx.ingress.kubernetes.io/auth-signin: https://idp.bhasher.com
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
# nginx.ingress.kubernetes.io/auth-url: https://idp.bhasher.com/api/verify
# nginx.ingress.kubernetes.io/configuration-snippet: proxy_set_header X-Forwarded-Method $request_method;
spec:
ingressClassName: nginx
tls:
- hosts:
- longhorn.bhasher.com
secretName: longhorn-tls
rules:
- host: longhorn.bhasher.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: longhorn-frontend
port:
number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: longhorn-driver-deployer
namespace: longhorn-system
spec:
replicas: 1
selector:
matchLabels:
app: longhorn-driver-deployer
template:
metadata:
labels:
app: longhorn-driver-deployer
spec:
initContainers:
- name: wait-longhorn-manager
image: longhornio/longhorn-manager:v1.2.4
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
containers:
- name: longhorn-driver-deployer
image: longhornio/longhorn-manager:v1.2.4
imagePullPolicy: IfNotPresent
command:
- longhorn-manager
- -d
- deploy-driver
- --manager-image
- longhornio/longhorn-manager:v1.2.4
- --manager-url
- http://longhorn-backend:9500/v1
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
# Manually set root directory for csi
#- name: KUBELET_ROOT_DIR
# value: /var/lib/rancher/k3s/agent/kubelet
# For AirGap Installation
# Replace PREFIX with your private registry
#- name: CSI_ATTACHER_IMAGE
# value: PREFIX/csi-attacher:v3.2.1
#- name: CSI_PROVISIONER_IMAGE
# value: PREFIX/csi-provisioner:v2.1.2
#- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
# value: PREFIX/csi-node-driver-registrar:v2.3.0
#- name: CSI_RESIZER_IMAGE
# value: PREFIX/csi-resizer:v1.2.0
#- name: CSI_SNAPSHOTTER_IMAGE
# value: PREFIX/csi-snapshotter:v3.0.3
# Manually specify number of CSI attacher replicas
#- name: CSI_ATTACHER_REPLICA_COUNT
# value: "3"
# Manually specify number of CSI provisioner replicas
#- name: CSI_PROVISIONER_REPLICA_COUNT
# value: "3"
#- name: CSI_RESIZER_REPLICA_COUNT
# value: "3"
#- name: CSI_SNAPSHOTTER_REPLICA_COUNT
# value: "3"
# imagePullSecrets:
# - name: ""
# priorityClassName:
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
# nodeSelector:
# label-key1: "label-value1"
# label-key2: "label-value2"
serviceAccountName: longhorn-service-account
securityContext:
runAsUser: 0
---
# apiVersion: monitoring.coreos.com/v1
# kind: ServiceMonitor
# metadata:
# name: longhorn-exporter
# namespace: longhorn-system
# labels:
# name: longhorn-exporter
# spec:
# selector:
# matchLabels:
# app: longhorn-manager
# jobLabel: app.kubernetes.io/name
# endpoints:
# - port: manager