apiVersion: v1 kind: Namespace metadata: name: longhorn-system --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: longhorn-psp spec: privileged: true allowPrivilegeEscalation: true requiredDropCapabilities: - NET_RAW allowedCapabilities: - SYS_ADMIN hostNetwork: false hostIPC: false hostPID: true runAsUser: rule: RunAsAny seLinux: rule: RunAsAny fsGroup: rule: RunAsAny supplementalGroups: rule: RunAsAny volumes: - configMap - downwardAPI - emptyDir - secret - projected - hostPath --- apiVersion: apps/v1 kind: DaemonSet metadata: labels: app: longhorn-manager name: longhorn-manager namespace: longhorn-system spec: selector: matchLabels: app: longhorn-manager template: metadata: labels: app: longhorn-manager spec: containers: - name: longhorn-manager image: longhornio/longhorn-manager:v1.2.4 imagePullPolicy: IfNotPresent securityContext: privileged: true command: - longhorn-manager - -d - daemon - --engine-image - longhornio/longhorn-engine:v1.2.4 - --instance-manager-image - longhornio/longhorn-instance-manager:v1_20220303 - --share-manager-image - longhornio/longhorn-share-manager:v1_20211020 - --backing-image-manager-image - longhornio/backing-image-manager:v2_20210820 - --manager-image - longhornio/longhorn-manager:v1.2.4 - --service-account - longhorn-service-account ports: - containerPort: 9500 name: manager readinessProbe: tcpSocket: port: 9500 volumeMounts: - name: dev mountPath: /host/dev/ - name: proc mountPath: /host/proc/ - name: longhorn mountPath: /var/lib/longhorn/ mountPropagation: Bidirectional - name: longhorn-default-setting mountPath: /var/lib/longhorn-setting/ env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName # Should be: mount path of the volume longhorn-default-setting + the key of the configmap data in 04-default-setting.yaml - name: DEFAULT_SETTING_PATH value: /var/lib/longhorn-setting/default-setting.yaml volumes: - name: dev hostPath: path: /dev/ - name: proc hostPath: path: /proc/ - name: longhorn hostPath: path: /var/lib/longhorn/ - name: longhorn-default-setting configMap: name: longhorn-default-setting # imagePullSecrets: # - name: "" # priorityClassName: # tolerations: # - key: "key" # operator: "Equal" # value: "value" # effect: "NoSchedule" # nodeSelector: # storage: "true" # label-key2: "label-value2" serviceAccountName: longhorn-service-account updateStrategy: rollingUpdate: maxUnavailable: "100%" --- apiVersion: v1 kind: Service metadata: labels: app: longhorn-manager name: longhorn-backend namespace: longhorn-system spec: type: ClusterIP sessionAffinity: ClientIP selector: app: longhorn-manager ports: - name: manager port: 9500 targetPort: manager --- apiVersion: v1 kind: Service metadata: name: longhorn-engine-manager namespace: longhorn-system spec: clusterIP: None selector: longhorn.io/component: instance-manager longhorn.io/instance-manager-type: engine --- apiVersion: v1 kind: Service metadata: name: longhorn-replica-manager namespace: longhorn-system spec: clusterIP: None selector: longhorn.io/component: instance-manager longhorn.io/instance-manager-type: replica --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: longhorn-ui name: longhorn-ui namespace: longhorn-system spec: replicas: 1 selector: matchLabels: app: longhorn-ui template: metadata: labels: app: longhorn-ui spec: containers: - name: longhorn-ui image: longhornio/longhorn-ui:v1.2.4 imagePullPolicy: IfNotPresent volumeMounts: - name : nginx-cache mountPath: /var/cache/nginx/ - name : nginx-config mountPath: /var/config/nginx/ - name: var-run mountPath: /var/run/ ports: - containerPort: 8000 name: http env: - name: LONGHORN_MANAGER_IP value: "http://longhorn-backend:9500" volumes: - emptyDir: {} name: nginx-cache - emptyDir: {} name: nginx-config - emptyDir: {} name: var-run # imagePullSecrets: # - name: "" # priorityClassName: # tolerations: # - key: "key" # operator: "Equal" # value: "value" # effect: "NoSchedule" # nodeSelector: # label-key1: "label-value1" # label-key2: "label-value2" --- kind: Service apiVersion: v1 metadata: labels: app: longhorn-ui name: longhorn-frontend namespace: longhorn-system spec: type: ClusterIP selector: app: longhorn-ui ports: - name: http port: 80 targetPort: http --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: longhorn namespace: longhorn-system annotations: cert-manager.io/cluster-issuer: "bhasherca-k3s-issuer" cert-manager.io/common-name: "longhorn.bhasher.com" # nginx.ingress.kubernetes.io/auth-signin: https://idp.bhasher.com # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; # nginx.ingress.kubernetes.io/auth-url: https://idp.bhasher.com/api/verify # nginx.ingress.kubernetes.io/configuration-snippet: proxy_set_header X-Forwarded-Method $request_method; spec: ingressClassName: nginx tls: - hosts: - longhorn.bhasher.com secretName: longhorn-tls rules: - host: longhorn.bhasher.com http: paths: - path: / pathType: Prefix backend: service: name: longhorn-frontend port: number: 80 --- apiVersion: apps/v1 kind: Deployment metadata: name: longhorn-driver-deployer namespace: longhorn-system spec: replicas: 1 selector: matchLabels: app: longhorn-driver-deployer template: metadata: labels: app: longhorn-driver-deployer spec: initContainers: - name: wait-longhorn-manager image: longhornio/longhorn-manager:v1.2.4 command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] containers: - name: longhorn-driver-deployer image: longhornio/longhorn-manager:v1.2.4 imagePullPolicy: IfNotPresent command: - longhorn-manager - -d - deploy-driver - --manager-image - longhornio/longhorn-manager:v1.2.4 - --manager-url - http://longhorn-backend:9500/v1 env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: SERVICE_ACCOUNT valueFrom: fieldRef: fieldPath: spec.serviceAccountName # Manually set root directory for csi #- name: KUBELET_ROOT_DIR # value: /var/lib/rancher/k3s/agent/kubelet # For AirGap Installation # Replace PREFIX with your private registry #- name: CSI_ATTACHER_IMAGE # value: PREFIX/csi-attacher:v3.2.1 #- name: CSI_PROVISIONER_IMAGE # value: PREFIX/csi-provisioner:v2.1.2 #- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE # value: PREFIX/csi-node-driver-registrar:v2.3.0 #- name: CSI_RESIZER_IMAGE # value: PREFIX/csi-resizer:v1.2.0 #- name: CSI_SNAPSHOTTER_IMAGE # value: PREFIX/csi-snapshotter:v3.0.3 # Manually specify number of CSI attacher replicas #- name: CSI_ATTACHER_REPLICA_COUNT # value: "3" # Manually specify number of CSI provisioner replicas #- name: CSI_PROVISIONER_REPLICA_COUNT # value: "3" #- name: CSI_RESIZER_REPLICA_COUNT # value: "3" #- name: CSI_SNAPSHOTTER_REPLICA_COUNT # value: "3" # imagePullSecrets: # - name: "" # priorityClassName: # tolerations: # - key: "key" # operator: "Equal" # value: "value" # effect: "NoSchedule" # nodeSelector: # label-key1: "label-value1" # label-key2: "label-value2" serviceAccountName: longhorn-service-account securityContext: runAsUser: 0 --- # apiVersion: monitoring.coreos.com/v1 # kind: ServiceMonitor # metadata: # name: longhorn-exporter # namespace: longhorn-system # labels: # name: longhorn-exporter # spec: # selector: # matchLabels: # app: longhorn-manager # jobLabel: app.kubernetes.io/name # endpoints: # - port: manager