ivampiresp/longhorn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge v1.2.0

Browse Source 
Signed-off-by: David Ko <dko@suse.com>
This commit is contained in:
David Ko 2021-09-01 01:32:34 +08:00
commit 55bdd81358
17 changed files with 850 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
chart/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v1 apiVersion: v1
name: longhorn name: longhorn
version: 1.1.2 version: 1.2.0
appVersion: v1.1.2 appVersion: v1.2.0
kubeVersion: ">=v1.16.0-r0" kubeVersion: ">=v1.18.0"
description: Longhorn is a distributed block storage system for Kubernetes. description: Longhorn is a distributed block storage system for Kubernetes.
keywords: keywords:
- longhorn - longhorn

2
chart/README.md
View File

@ -18,7 +18,7 @@ Longhorn is 100% open source software. Project source code is spread across a nu
## Prerequisites ## Prerequisites
1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.) 1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.)
2. Kubernetes v1.16+ 2. Kubernetes v1.18+
3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. 3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster.
4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. 4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already.

115
chart/questions.yml
View File

@ -17,7 +17,7 @@ questions:
label: Longhorn Manager Image Repository label: Longhorn Manager Image Repository
group: "Longhorn Images Settings" group: "Longhorn Images Settings"
- variable: image.longhorn.manager.tag - variable: image.longhorn.manager.tag
default: v1.1.2 default: v1.2.0
description: "Specify Longhorn Manager Image Tag" description: "Specify Longhorn Manager Image Tag"
type: string type: string
label: Longhorn Manager Image Tag label: Longhorn Manager Image Tag
@ -29,7 +29,7 @@ questions:
label: Longhorn Engine Image Repository label: Longhorn Engine Image Repository
group: "Longhorn Images Settings" group: "Longhorn Images Settings"
- variable: image.longhorn.engine.tag - variable: image.longhorn.engine.tag
default: v1.1.2 default: v1.2.0
description: "Specify Longhorn Engine Image Tag" description: "Specify Longhorn Engine Image Tag"
type: string type: string
label: Longhorn Engine Image Tag label: Longhorn Engine Image Tag
@ -41,7 +41,7 @@ questions:
label: Longhorn UI Image Repository label: Longhorn UI Image Repository
group: "Longhorn Images Settings" group: "Longhorn Images Settings"
- variable: image.longhorn.ui.tag - variable: image.longhorn.ui.tag
default: v1.1.2 default: v1.2.0
description: "Specify Longhorn UI Image Tag" description: "Specify Longhorn UI Image Tag"
type: string type: string
label: Longhorn UI Image Tag label: Longhorn UI Image Tag
@ -53,7 +53,7 @@ questions:
label: Longhorn Instance Manager Image Repository label: Longhorn Instance Manager Image Repository
group: "Longhorn Images Settings" group: "Longhorn Images Settings"
- variable: image.longhorn.instanceManager.tag - variable: image.longhorn.instanceManager.tag
default: v1_20210621 default: v1_20210731
description: "Specify Longhorn Instance Manager Image Tag" description: "Specify Longhorn Instance Manager Image Tag"
type: string type: string
label: Longhorn Instance Manager Image Tag label: Longhorn Instance Manager Image Tag
@ -65,7 +65,7 @@ questions:
label: Longhorn Share Manager Image Repository label: Longhorn Share Manager Image Repository
group: "Longhorn Images Settings" group: "Longhorn Images Settings"
- variable: image.longhorn.shareManager.tag - variable: image.longhorn.shareManager.tag
default: v1_20210416 default: v1_20210820
description: "Specify Longhorn Share Manager Image Tag" description: "Specify Longhorn Share Manager Image Tag"
type: string type: string
label: Longhorn Share Manager Image Tag label: Longhorn Share Manager Image Tag
@ -77,67 +77,67 @@ questions:
label: Longhorn Backing Image Manager Image Repository label: Longhorn Backing Image Manager Image Repository
group: "Longhorn Images Settings" group: "Longhorn Images Settings"
- variable: image.longhorn.backingImageManager.tag - variable: image.longhorn.backingImageManager.tag
default: v1_20210422 default: v2_20210820
description: "Specify Longhorn Backing Image Manager Image Tag" description: "Specify Longhorn Backing Image Manager Image Tag"
type: string type: string
label: Longhorn Backing Image Manager Image Tag label: Longhorn Backing Image Manager Image Tag
group: "Longhorn Images Settings" group: "Longhorn Images Settings"
- variable: image.csi.attacher.repository - variable: image.csi.attacher.repository
default: longhornio/csi-attacher default: k8s.gcr.io/sig-storage/csi-attacher
description: "Specify CSI attacher image repository. Leave blank to autodetect." description: "Specify CSI attacher image repository. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Attacher Image Repository label: Longhorn CSI Attacher Image Repository
group: "Longhorn CSI Driver Images" group: "Longhorn CSI Driver Images"
- variable: image.csi.attacher.tag - variable: image.csi.attacher.tag
default: v2.2.1-lh2 default: v3.2.1
description: "Specify CSI attacher image tag. Leave blank to autodetect." description: "Specify CSI attacher image tag. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Attacher Image Tag label: Longhorn CSI Attacher Image Tag
group: "Longhorn CSI Driver Images" group: "Longhorn CSI Driver Images"
- variable: image.csi.provisioner.repository - variable: image.csi.provisioner.repository
default: longhornio/csi-provisioner default: k8s.gcr.io/sig-storage/csi-provisioner
description: "Specify CSI provisioner image repository. Leave blank to autodetect." description: "Specify CSI provisioner image repository. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Provisioner Image Repository label: Longhorn CSI Provisioner Image Repository
group: "Longhorn CSI Driver Images" group: "Longhorn CSI Driver Images"
- variable: image.csi.provisioner.tag - variable: image.csi.provisioner.tag
default: v1.6.0-lh2 default: v2.1.2
description: "Specify CSI provisioner image tag. Leave blank to autodetect." description: "Specify CSI provisioner image tag. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Provisioner Image Tag label: Longhorn CSI Provisioner Image Tag
group: "Longhorn CSI Driver Images" group: "Longhorn CSI Driver Images"
- variable: image.csi.nodeDriverRegistrar.repository - variable: image.csi.nodeDriverRegistrar.repository
default: longhornio/csi-node-driver-registrar default: k8s.gcr.io/sig-storage/csi-node-driver-registrar
description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Node Driver Registrar Image Repository label: Longhorn CSI Node Driver Registrar Image Repository
group: "Longhorn CSI Driver Images" group: "Longhorn CSI Driver Images"
- variable: image.csi.nodeDriverRegistrar.tag - variable: image.csi.nodeDriverRegistrar.tag
default: v1.2.0-lh1 default: v2.3.0
description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Node Driver Registrar Image Tag label: Longhorn CSI Node Driver Registrar Image Tag
group: "Longhorn CSI Driver Images" group: "Longhorn CSI Driver Images"
- variable: image.csi.resizer.repository - variable: image.csi.resizer.repository
default: longhornio/csi-resizer default: k8s.gcr.io/sig-storage/csi-resizer
description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Driver Resizer Image Repository label: Longhorn CSI Driver Resizer Image Repository
group: "Longhorn CSI Driver Images" group: "Longhorn CSI Driver Images"
- variable: image.csi.resizer.tag - variable: image.csi.resizer.tag
default: v0.5.1-lh2 default: v1.2.0
description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Driver Resizer Image Tag label: Longhorn CSI Driver Resizer Image Tag
group: "Longhorn CSI Driver Images" group: "Longhorn CSI Driver Images"
- variable: image.csi.snapshotter.repository - variable: image.csi.snapshotter.repository
default: longhornio/csi-snapshotter default: k8s.gcr.io/sig-storage/csi-snapshotter
description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect." description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Driver Snapshotter Image Repository label: Longhorn CSI Driver Snapshotter Image Repository
group: "Longhorn CSI Driver Images" group: "Longhorn CSI Driver Images"
- variable: image.csi.snapshotter.tag - variable: image.csi.snapshotter.tag
default: v2.1.1-lh2 default: v3.0.3
description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect." description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect."
type: string type: string
label: Longhorn CSI Driver Snapshotter Image Tag label: Longhorn CSI Driver Snapshotter Image Tag
@ -262,6 +262,26 @@ The available modes are:
group: "Longhorn Default Settings" group: "Longhorn Default Settings"
type: boolean type: boolean
default: "false" default: "false"
- variable: defaultSettings.replicaAutoBalance
label: Replica Auto Balance
description: 'Enable this setting automatically rebalances replicas when discovered an available node.
The available global options are:
- **disabled**. This is the default option. No replica auto-balance will be done.
- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy.
- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy.
Longhorn also support individual volume setting. The setting can be specified in volume.spec.replicaAutoBalance, this overrules the global setting.
The available volume spec options are:
- **ignored**. This is the default option that instructs Longhorn to inherit from the global setting.
- **disabled**. This option instructs Longhorn no replica auto-balance should be done.
- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy.
- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy.'
group: "Longhorn Default Settings"
type: enum
options:
- "disabled"
- "least-effort"
- "best-effort"
default: "disabled"
- variable: defaultSettings.storageOverProvisioningPercentage - variable: defaultSettings.storageOverProvisioningPercentage
label: Storage Over Provisioning Percentage label: Storage Over Provisioning Percentage
description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200."
@ -326,7 +346,7 @@ If disabled, Longhorn will not delete the workload pod that is managed by a cont
default: "true" default: "true"
- variable: defaultSettings.replicaZoneSoftAntiAffinity - variable: defaultSettings.replicaZoneSoftAntiAffinity
label: Replica Zone Level Soft Anti-Affinity label: Replica Zone Level Soft Anti-Affinity
description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. Notice that Longhorn relies on label `topology.kubernetes.io/zone=<Zone name of the node>` in the Kubernetes node object to identify the zone. By default true."
group: "Longhorn Default Settings" group: "Longhorn Default Settings"
type: boolean type: boolean
default: "true" default: "true"
@ -474,17 +494,66 @@ Warning: This option works only when there is a failed replica in the volume. An
min: 1 min: 1
max: 10 max: 10
default: 3 default: 3
- variable: persistence.recurringJobs.enable - variable: persistence.recurringJobSelector.enable
description: "Enable recurring job for Longhorn StorageClass" description: "Enable recurring job selector for Longhorn StorageClass"
group: "Longhorn Storage Class Settings" group: "Longhorn Storage Class Settings"
label: Enable Storage Class Recurring Job label: Enable Storage Class Recurring Job Selector
type: boolean type: boolean
default: false default: false
show_subquestion_if: true show_subquestion_if: true
subquestions: subquestions:
- variable: persistence.recurringJobs.jobList - variable: persistence.recurringJobSelector.jobList
description: 'Recurring job list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1,"labels": {"interval":"2m"}}]' description: 'Recurring job selector list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "isGroup":true}]'
label: Storage Class Recurring Job List label: Storage Class Recurring Job Selector List
group: "Longhorn Storage Class Settings"
type: string
default:
- variable: persistence.backingImage.enable
description: "Set backing image for Longhorn StorageClass"
group: "Longhorn Storage Class Settings"
label: Default Storage Class Backing Image
type: boolean
default: false
show_subquestion_if: true
subquestions:
- variable: persistence.backingImage.name
description: 'Specify a backing image that will be used by Longhorn volumes in Longhorn StorageClass. If not exists, the backing image data source type and backing image data source parameters should be specified so that Longhorn will create the backing image before using it.'
label: Storage Class Backing Image Name
group: "Longhorn Storage Class Settings"
type: string
default:
- variable: persistence.backingImage.expectedChecksum
description: 'Specify the expected SHA512 checksum of the selected backing image in Longhorn StorageClass.
WARNING:
- If the backing image name is not specified, setting this field is meaningless.
- It is not recommended to set this field if the data source type is \"export-from-volume\".'
label: Storage Class Backing Image Expected SHA512 Checksum
group: "Longhorn Storage Class Settings"
type: string
default:
- variable: persistence.backingImage.dataSourceType
description: 'Specify the data source type for the backing image used in Longhorn StorageClass.
If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image.
WARNING:
- If the backing image name is not specified, setting this field is meaningless.
- As for backing image creation with data source type \"upload\", it is recommended to do it via UI rather than StorageClass here. Uploading requires file data sending to the Longhorn backend after the object creation, which is complicated if you want to handle it manually.'
label: Storage Class Backing Image Data Source Type
group: "Longhorn Storage Class Settings"
type: enum
options:
- ""
- "download"
- "upload"
- "export-from-volume"
default: ""
- variable: persistence.backingImage.dataSourceParameters
description: "Specify the data source parameters for the backing image used in Longhorn StorageClass.
If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image.
This option accepts a json string of a map. e.g., '{\"url\":\"https://backing-image-example.s3-region.amazonaws.com/test-backing-image\"}'.
WARNING:
- If the backing image name is not specified, setting this field is meaningless.
- Be careful of the quotes here."
label: Storage Class Backing Image Data Source Parameters
group: "Longhorn Storage Class Settings" group: "Longhorn Storage Class Settings"
type: string type: string
default: default:

7
chart/templates/clusterrole.yaml
View File

@ -29,7 +29,7 @@ rules:
resources: ["priorityclasses"] resources: ["priorityclasses"]
verbs: ["watch", "list"] verbs: ["watch", "list"]
- apiGroups: ["storage.k8s.io"] - apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"]
verbs: ["*"] verbs: ["*"]
- apiGroups: ["snapshot.storage.k8s.io"] - apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"]
@ -37,7 +37,10 @@ rules:
- apiGroups: ["longhorn.io"] - apiGroups: ["longhorn.io"]
resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
"engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
"sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"] "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status",
"backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status",
"backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status",
"recurringjobs", "recurringjobs/status"]
verbs: ["*"] verbs: ["*"]
- apiGroups: ["coordination.k8s.io"] - apiGroups: ["coordination.k8s.io"]
resources: ["leases"] resources: ["leases"]

284
chart/templates/crds.yaml
View File

@ -472,3 +472,287 @@ spec:
- name: Age - name: Age
type: date type: date
jsonPath: .metadata.creationTimestamp jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels: {{- include "longhorn.labels" . | nindent 4 }}
longhorn-manager: BackingImageDataSource
name: backingimagedatasources.longhorn.io
spec:
group: longhorn.io
names:
kind: BackingImageDataSource
listKind: BackingImageDataSourceList
plural: backingimagedatasources
shortNames:
- lhbids
singular: backingimagedatasource
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: The current state of the pod used to provisione the backing image file from source
jsonPath: .status.currentState
- name: SourceType
type: string
description: The data source type
jsonPath: .spec.sourceType
- name: Node
type: string
description: The node the backing image file will be prepared on
jsonPath: .spec.nodeID
- name: DiskUUID
type: string
description: The disk the backing image file will be prepared on
jsonPath: .spec.diskUUID
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels: {{- include "longhorn.labels" . | nindent 4 }}
longhorn-manager: BackupTarget
name: backuptargets.longhorn.io
spec:
group: longhorn.io
names:
kind: BackupTarget
listKind: BackupTargetList
plural: backuptargets
shortNames:
- lhbt
singular: backuptarget
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: URL
type: string
description: The backup target URL
jsonPath: .spec.backupTargetURL
- name: Credential
type: string
description: The backup target credential secret
jsonPath: .spec.credentialSecret
- name: Interval
type: string
description: The backup target poll interval
jsonPath: .spec.pollInterval
- name: Available
type: boolean
description: Indicate whether the backup target is available or not
jsonPath: .status.available
- name: LastSyncedAt
type: string
description: The backup target last synced time
jsonPath: .status.lastSyncedAt
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels: {{- include "longhorn.labels" . | nindent 4 }}
longhorn-manager: BackupVolume
name: backupvolumes.longhorn.io
spec:
group: longhorn.io
names:
kind: BackupVolume
listKind: BackupVolumeList
plural: backupvolumes
shortNames:
- lhbv
singular: backupvolume
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: CreatedAt
type: string
description: The backup volume creation time
jsonPath: .status.createdAt
- name: LastBackupName
type: string
description: The backup volume last backup name
jsonPath: .status.lastBackupName
- name: LastBackupAt
type: string
description: The backup volume last backup time
jsonPath: .status.lastBackupAt
- name: LastSyncedAt
type: string
description: The backup volume last synced time
jsonPath: .status.lastSyncedAt
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels: {{- include "longhorn.labels" . | nindent 4 }}
longhorn-manager: Backup
name: backups.longhorn.io
spec:
group: longhorn.io
names:
kind: Backup
listKind: BackupList
plural: backups
shortNames:
- lhb
singular: backup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: SnapshotName
type: string
description: The snapshot name
jsonPath: .status.snapshotName
- name: SnapshotSize
type: string
description: The snapshot size
jsonPath: .status.size
- name: SnapshotCreatedAt
type: string
description: The snapshot creation time
jsonPath: .status.snapshotCreatedAt
- name: State
type: string
description: The backup state
jsonPath: .status.state
- name: LastSyncedAt
type: string
description: The backup last synced time
jsonPath: .status.lastSyncedAt
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels: {{- include "longhorn.labels" . | nindent 4 }}
longhorn-manager: RecurringJob
name: recurringjobs.longhorn.io
spec:
group: longhorn.io
names:
kind: RecurringJob
listKind: RecurringJobList
plural: recurringjobs
shortNames:
- lhrj
singular: recurringjob
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
metadata:
type: object
properties:
name:
type: string
spec:
type: object
properties:
groups:
type: array
items:
type: string
task:
type: string
pattern: "^snapshot|backup$"
cron:
type: string
retain:
type: integer
concurrency:
type: integer
labels:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: Groups
type: string
description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume.
jsonPath: .spec.groups
- name: Task
type: string
description: Should be one of "backup" or "snapshot".
jsonPath: .spec.task
- name: Cron
type: string
description: The cron expression represents recurring job scheduling.
jsonPath: .spec.cron
- name: Retain
type: integer
description: The number of snapshots/backups to keep for the volume.
jsonPath: .spec.retain
- name: Concurrency
type: integer
description: The concurrent job to run by each cron job.
jsonPath: .spec.concurrency
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
- name: Labels
type: string
description: Specify the labels
jsonPath: .spec.labels
---

2
chart/templates/daemonset-sa.yaml
View File

@ -91,7 +91,6 @@ spec:
{{- if .Values.longhornManager.priorityClass }} {{- if .Values.longhornManager.priorityClass }}
priorityClassName: {{ .Values.longhornManager.priorityClass | quote}} priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
{{- end }} {{- end }}
serviceAccountName: longhorn-service-account
{{- if .Values.longhornManager.tolerations }} {{- if .Values.longhornManager.tolerations }}
tolerations: tolerations:
{{ toYaml .Values.longhornManager.tolerations | indent 6 }} {{ toYaml .Values.longhornManager.tolerations | indent 6 }}
@ -100,6 +99,7 @@ spec:
nodeSelector: nodeSelector:
{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} {{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
{{- end }} {{- end }}
serviceAccountName: longhorn-service-account
updateStrategy: updateStrategy:
rollingUpdate: rollingUpdate:
maxUnavailable: "100%" maxUnavailable: "100%"

1
chart/templates/default-setting.yaml
View File

@ -12,6 +12,7 @@ data:
create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }}
default-data-path: {{ .Values.defaultSettings.defaultDataPath }} default-data-path: {{ .Values.defaultSettings.defaultDataPath }}
replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }}
replica-auto-balance: {{ .Values.defaultSettings.replicaAutoBalance }}
storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }}
storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }}
upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }}

11
chart/templates/storageclass.yaml
View File

@ -20,7 +20,12 @@ data:
numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}"
staleReplicaTimeout: "30" staleReplicaTimeout: "30"
fromBackup: "" fromBackup: ""
baseImage: "" {{- if .Values.persistence.backingImage.enable }}
{{- if .Values.persistence.recurringJobs.enable }} backingImage: {{ .Values.persistence.backingImage.name }}
recurringJobs: '{{ .Values.persistence.recurringJobs.jobList }}' backingImageDataSourceType: {{ .Values.persistence.backingImage.dataSourceType }}
backingImageDataSourceParameters: {{ .Values.persistence.backingImage.dataSourceParameters }}
backingImageChecksum: {{ .Values.persistence.backingImage.expectedChecksum }}
{{- end }}
{{- if .Values.persistence.recurringJobSelector.enable }}
recurringJobSelector: '{{ .Values.persistence.recurringJobSelector.jobList }}'
{{- end }} {{- end }}

41
chart/values.yaml
View File

@ -9,38 +9,38 @@ image:
longhorn: longhorn:
engine: engine:
repository: longhornio/longhorn-engine repository: longhornio/longhorn-engine
tag: v1.1.2 tag: v1.2.0
manager: manager:
repository: longhornio/longhorn-manager repository: longhornio/longhorn-manager
tag: v1.1.2 tag: v1.2.0
ui: ui:
repository: longhornio/longhorn-ui repository: longhornio/longhorn-ui
tag: v1.1.2 tag: v1.2.0
instanceManager: instanceManager:
repository: longhornio/longhorn-instance-manager repository: longhornio/longhorn-instance-manager
tag: v1_20210621 tag: v1_20210731
shareManager: shareManager:
repository: longhornio/longhorn-share-manager repository: longhornio/longhorn-share-manager
tag: v1_20210416 tag: v1_20210820
backingImageManager: backingImageManager:
repository: longhornio/backing-image-manager repository: longhornio/backing-image-manager
tag: v1_20210422 tag: v2_20210820
csi: csi:
attacher: attacher:
repository: longhornio/csi-attacher repository: k8s.gcr.io/sig-storage/csi-attacher
tag: v2.2.1-lh2 tag: v3.2.1
provisioner: provisioner:
repository: longhornio/csi-provisioner repository: k8s.gcr.io/sig-storage/csi-provisioner
tag: v1.6.0-lh2 tag: v2.1.2
nodeDriverRegistrar: nodeDriverRegistrar:
repository: longhornio/csi-node-driver-registrar repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
tag: v1.2.0-lh1 tag: v2.3.0
resizer: resizer:
repository: longhornio/csi-resizer repository: k8s.gcr.io/sig-storage/csi-resizer
tag: v0.5.1-lh2 tag: v1.2.0
snapshotter: snapshotter:
repository: longhornio/csi-snapshotter repository: k8s.gcr.io/sig-storage/csi-snapshotter
tag: v2.1.1-lh2 tag: v3.0.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
service: service:
@ -55,9 +55,15 @@ persistence:
defaultClass: true defaultClass: true
defaultClassReplicaCount: 3 defaultClassReplicaCount: 3
reclaimPolicy: Delete reclaimPolicy: Delete
recurringJobs: recurringJobSelector:
enable: false enable: false
jobList: [] jobList: []
backingImage:
enable: false
name: ~
dataSourceType: ~
dataSourceParameters: ~
expectedChecksum: ~
csi: csi:
kubeletRootDir: ~ kubeletRootDir: ~
@ -74,6 +80,7 @@ defaultSettings:
defaultDataPath: ~ defaultDataPath: ~
defaultDataLocality: ~ defaultDataLocality: ~
replicaSoftAntiAffinity: ~ replicaSoftAntiAffinity: ~
replicaAutoBalance: ~
storageOverProvisioningPercentage: ~ storageOverProvisioningPercentage: ~
storageMinimalAvailablePercentage: ~ storageMinimalAvailablePercentage: ~
upgradeChecker: ~ upgradeChecker: ~

22
deploy/longhorn-images.txt
View File

@ -1,11 +1,11 @@
longhornio/csi-attacher:v2.2.1-lh2 k8s.gcr.io/sig-storage/csi-attacher:v3.2.1
longhornio/csi-node-driver-registrar:v1.2.0-lh1 k8s.gcr.io/sig-storage/csi-provisioner:v2.1.2
longhornio/csi-provisioner:v1.6.0-lh2 k8s.gcr.io/sig-storage/csi-resizer:v1.2.0
longhornio/csi-resizer:v0.5.1-lh2 k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.3
longhornio/csi-snapshotter:v2.1.1-lh2 k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0
longhornio/backing-image-manager:v1_20210422 longhornio/backing-image-manager:v2_20210820
longhornio/longhorn-engine:v1.1.2 longhornio/longhorn-engine:v1.2.0
longhornio/longhorn-instance-manager:v1_20210621 longhornio/longhorn-instance-manager:v1_20210731
longhornio/longhorn-manager:v1.1.2 longhornio/longhorn-manager:v1.2.0
longhornio/longhorn-share-manager:v1_20210416 longhornio/longhorn-share-manager:v1_20210820
longhornio/longhorn-ui:v1.1.2 longhornio/longhorn-ui:v1.2.0

333
deploy/longhorn.yaml
View File

@ -39,7 +39,7 @@ rules:
resources: ["priorityclasses"] resources: ["priorityclasses"]
verbs: ["watch", "list"] verbs: ["watch", "list"]
- apiGroups: ["storage.k8s.io"] - apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"]
verbs: ["*"] verbs: ["*"]
- apiGroups: ["snapshot.storage.k8s.io"] - apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"]
@ -48,7 +48,9 @@ rules:
resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
"engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
"sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status",
"backingimagemanagers", "backingimagemanagers/status"] "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status",
"backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status",
"recurringjobs", "recurringjobs/status"]
verbs: ["*"] verbs: ["*"]
- apiGroups: ["coordination.k8s.io"] - apiGroups: ["coordination.k8s.io"]
resources: ["leases"] resources: ["leases"]
@ -545,6 +547,290 @@ spec:
type: date type: date
jsonPath: .metadata.creationTimestamp jsonPath: .metadata.creationTimestamp
--- ---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: BackingImageDataSource
name: backingimagedatasources.longhorn.io
spec:
group: longhorn.io
names:
kind: BackingImageDataSource
listKind: BackingImageDataSourceList
plural: backingimagedatasources
shortNames:
- lhbids
singular: backingimagedatasource
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: The current state of the pod used to provisione the backing image file from source
jsonPath: .status.currentState
- name: SourceType
type: string
description: The data source type
jsonPath: .spec.sourceType
- name: Node
type: string
description: The node the backing image file will be prepared on
jsonPath: .spec.nodeID
- name: DiskUUID
type: string
description: The disk the backing image file will be prepared on
jsonPath: .spec.diskUUID
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: BackupTarget
name: backuptargets.longhorn.io
spec:
group: longhorn.io
names:
kind: BackupTarget
listKind: BackupTargetList
plural: backuptargets
shortNames:
- lhbt
singular: backuptarget
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: URL
type: string
description: The backup target URL
jsonPath: .spec.backupTargetURL
- name: Credential
type: string
description: The backup target credential secret
jsonPath: .spec.credentialSecret
- name: Interval
type: string
description: The backup target poll interval
jsonPath: .spec.pollInterval
- name: Available
type: boolean
description: Indicate whether the backup target is available or not
jsonPath: .status.available
- name: LastSyncedAt
type: string
description: The backup target last synced time
jsonPath: .status.lastSyncedAt
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: BackupVolume
name: backupvolumes.longhorn.io
spec:
group: longhorn.io
names:
kind: BackupVolume
listKind: BackupVolumeList
plural: backupvolumes
shortNames:
- lhbv
singular: backupvolume
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: CreatedAt
type: string
description: The backup volume creation time
jsonPath: .status.createdAt
- name: LastBackupName
type: string
description: The backup volume last backup name
jsonPath: .status.lastBackupName
- name: LastBackupAt
type: string
description: The backup volume last backup time
jsonPath: .status.lastBackupAt
- name: LastSyncedAt
type: string
description: The backup volume last synced time
jsonPath: .status.lastSyncedAt
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: Backup
name: backups.longhorn.io
spec:
group: longhorn.io
names:
kind: Backup
listKind: BackupList
plural: backups
shortNames:
- lhb
singular: backup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: SnapshotName
type: string
description: The snapshot name
jsonPath: .status.snapshotName
- name: SnapshotSize
type: string
description: The snapshot size
jsonPath: .status.size
- name: SnapshotCreatedAt
type: string
description: The snapshot creation time
jsonPath: .status.snapshotCreatedAt
- name: State
type: string
description: The backup state
jsonPath: .status.state
- name: LastSyncedAt
type: string
description: The backup last synced time
jsonPath: .status.lastSyncedAt
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: RecurringJob
name: recurringjobs.longhorn.io
spec:
group: longhorn.io
names:
kind: RecurringJob
listKind: RecurringJobList
plural: recurringjobs
shortNames:
- lhrj
singular: recurringjob
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
metadata:
type: object
properties:
name:
type: string
spec:
type: object
properties:
groups:
type: array
items:
type: string
task:
type: string
pattern: "^snapshot|backup$"
cron:
type: string
retain:
type: integer
concurrency:
type: integer
labels:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: Groups
type: string
description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume.
jsonPath: .spec.groups
- name: Task
type: string
description: Should be one of "backup" or "snapshot".
jsonPath: .spec.task
- name: Cron
type: string
description: The cron expression represents recurring job scheduling.
jsonPath: .spec.cron
- name: Retain
type: integer
description: The number of snapshots/backups to keep for the volume.
jsonPath: .spec.retain
- name: Concurrency
type: integer
description: The concurrent job to run by each cron job.
jsonPath: .spec.concurrency
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
- name: Labels
type: string
description: Specify the labels
jsonPath: .spec.labels
---
---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
@ -558,12 +844,12 @@ data:
create-default-disk-labeled-nodes: create-default-disk-labeled-nodes:
default-data-path: default-data-path:
replica-soft-anti-affinity: replica-soft-anti-affinity:
replica-auto-balance:
storage-over-provisioning-percentage: storage-over-provisioning-percentage:
storage-minimal-available-percentage: storage-minimal-available-percentage:
upgrade-checker: upgrade-checker:
default-replica-count: default-replica-count:
default-data-locality: default-data-locality:
guaranteed-engine-cpu:
default-longhorn-static-storage-class: default-longhorn-static-storage-class:
backupstore-poll-interval: backupstore-poll-interval:
taint-toleration: taint-toleration:
@ -573,7 +859,6 @@ data:
auto-delete-pod-when-volume-detached-unexpectedly: auto-delete-pod-when-volume-detached-unexpectedly:
disable-scheduling-on-cordoned-node: disable-scheduling-on-cordoned-node:
replica-zone-soft-anti-affinity: replica-zone-soft-anti-affinity:
volume-attachment-recovery-policy:
node-down-pod-deletion-policy: node-down-pod-deletion-policy:
allow-node-drain-with-last-healthy-replica: allow-node-drain-with-last-healthy-replica:
mkfs-ext4-parameters: mkfs-ext4-parameters:
@ -587,7 +872,6 @@ data:
backing-image-cleanup-wait-interval: backing-image-cleanup-wait-interval:
guaranteed-engine-manager-cpu: guaranteed-engine-manager-cpu:
guaranteed-replica-manager-cpu: guaranteed-replica-manager-cpu:
--- ---
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
@ -671,12 +955,13 @@ data:
staleReplicaTimeout: "2880" staleReplicaTimeout: "2880"
fromBackup: "" fromBackup: ""
# backingImage: "bi-test" # backingImage: "bi-test"
# backingImageURL: "https://backing-image-example.s3-region.amazonaws.com/test-backing-image" # backingImageDataSourceType: "download"
# backingImageDataSourceParameters: '{"url": "https://backing-image-example.s3-region.amazonaws.com/test-backing-image"}'
# backingImageChecksum: "SHA512 checksum of the backing image"
# diskSelector: "ssd,fast" # diskSelector: "ssd,fast"
# nodeSelector: "storage,fast" # nodeSelector: "storage,fast"
# recurringJobs: '[{"name":"snap", "task":"snapshot", "cron":"*/1 * * * *", "retain":1}, # recurringJobSelector: '[{"name":"snap-group", "isGroup":true},
# {"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1, # {"name":"backup", "isGroup":false}]'
# "labels": {"interval":"2m"}}]'
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
@ -696,7 +981,7 @@ spec:
spec: spec:
containers: containers:
- name: longhorn-manager - name: longhorn-manager
image: longhornio/longhorn-manager:v1.1.2 image: longhornio/longhorn-manager:v1.2.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
privileged: true privileged: true
@ -705,15 +990,15 @@ spec:
- -d - -d
- daemon - daemon
- --engine-image - --engine-image
- longhornio/longhorn-engine:v1.1.2 - longhornio/longhorn-engine:v1.2.0
- --instance-manager-image - --instance-manager-image
- longhornio/longhorn-instance-manager:v1_20210621 - longhornio/longhorn-instance-manager:v1_20210731
- --share-manager-image - --share-manager-image
- longhornio/longhorn-share-manager:v1_20210416 - longhornio/longhorn-share-manager:v1_20210820
- --backing-image-manager-image - --backing-image-manager-image
- longhornio/backing-image-manager:v1_20210422 - longhornio/backing-image-manager:v2_20210820
- --manager-image - --manager-image
- longhornio/longhorn-manager:v1.1.2 - longhornio/longhorn-manager:v1.2.0
- --service-account - --service-account
- longhorn-service-account - longhorn-service-account
ports: ports:
@ -813,7 +1098,7 @@ spec:
spec: spec:
containers: containers:
- name: longhorn-ui - name: longhorn-ui
image: longhornio/longhorn-ui:v1.1.2 image: longhornio/longhorn-ui:v1.2.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
@ -869,18 +1154,18 @@ spec:
spec: spec:
initContainers: initContainers:
- name: wait-longhorn-manager - name: wait-longhorn-manager
image: longhornio/longhorn-manager:v1.1.2 image: longhornio/longhorn-manager:v1.2.0
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
containers: containers:
- name: longhorn-driver-deployer - name: longhorn-driver-deployer
image: longhornio/longhorn-manager:v1.1.2 image: longhornio/longhorn-manager:v1.2.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- longhorn-manager - longhorn-manager
- -d - -d
- deploy-driver - deploy-driver
- --manager-image - --manager-image
- longhornio/longhorn-manager:v1.1.2 - longhornio/longhorn-manager:v1.2.0
- --manager-url - --manager-url
- http://longhorn-backend:9500/v1 - http://longhorn-backend:9500/v1
env: env:
@ -902,15 +1187,15 @@ spec:
# For AirGap Installation # For AirGap Installation
# Replace PREFIX with your private registry # Replace PREFIX with your private registry
#- name: CSI_ATTACHER_IMAGE #- name: CSI_ATTACHER_IMAGE
# value: PREFIX/csi-attacher:v2.2.1-lh2 # value: PREFIX/csi-attacher:v3.2.1
#- name: CSI_PROVISIONER_IMAGE #- name: CSI_PROVISIONER_IMAGE
# value: PREFIX/csi-provisioner:v1.6.0-lh2 # value: PREFIX/csi-provisioner:v2.1.2
#- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE #- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
# value: PREFIX/csi-node-driver-registrar:v1.2.0-lh1 # value: PREFIX/csi-node-driver-registrar:v2.3.0
#- name: CSI_RESIZER_IMAGE #- name: CSI_RESIZER_IMAGE
# value: PREFIX/csi-resizer:v0.5.1-lh2 # value: PREFIX/csi-resizer:v1.2.0
#- name: CSI_SNAPSHOTTER_IMAGE #- name: CSI_SNAPSHOTTER_IMAGE
# value: PREFIX/csi-snapshotter:v2.1.1-lh2 # value: PREFIX/csi-snapshotter:v3.0.3
# Manually specify number of CSI attacher replicas # Manually specify number of CSI attacher replicas
#- name: CSI_ATTACHER_REPLICA_COUNT #- name: CSI_ATTACHER_REPLICA_COUNT
# value: "3" # value: "3"

9
examples/crypto/secret-crypto-global.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: v1
kind: Secret
metadata:
name: longhorn-crypto
namespace: longhorn-system
stringData:
CRYPTO_KEY_VALUE: "Simple passphrase"
CRYPTO_KEY_PROVIDER: "secret" # this is optional we currently only support direct keys via secrets

26
examples/crypto/storageclass-crypto-global.yaml Normal file
View File

@ -0,0 +1,26 @@
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: longhorn-crypto-global
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "3"
staleReplicaTimeout: "2880" # 48 hours in minutes
fromBackup: ""
encrypted: "true"
# we currently don't need secrets for volume creation
# but it allows for failing the CreateVolume call early
# if the required secret has not been setup yet.
csi.storage.k8s.io/provisioner-secret-name: "longhorn-crypto"
csi.storage.k8s.io/provisioner-secret-namespace: "longhorn-system"
csi.storage.k8s.io/node-publish-secret-name: "longhorn-crypto"
csi.storage.k8s.io/node-publish-secret-namespace: "longhorn-system"
csi.storage.k8s.io/node-stage-secret-name: "longhorn-crypto"
csi.storage.k8s.io/node-stage-secret-namespace: "longhorn-system"
# we only need crypto keys for node operations, I left these as examples
# in case we implement external key vaults in the future
# csi.storage.k8s.io/controller-publish-secret-name: "longhorn-crypto"
# csi.storage.k8s.io/controller-publish-secret-namespace: "longhorn-system"
# csi.storage.k8s.io/controller-expand-secret-name: "longhorn-crypto"
# csi.storage.k8s.io/controller-expand-secret-namespace: "longhorn-system"

26
examples/crypto/storageclass-crypto-per-volume-dedicated-namespace.yaml Normal file
View File

@ -0,0 +1,26 @@
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: longhorn-secure-per-volume-ns-longhorn-system
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "3"
staleReplicaTimeout: "2880" # 48 hours in minutes
fromBackup: ""
encrypted: "true"
# we currently don't need secrets for volume creation
# but it allows for failing the CreateVolume call early
# if the required secret has not been setup yet.
csi.storage.k8s.io/provisioner-secret-name: ${pvc.name}
csi.storage.k8s.io/provisioner-secret-namespace: "longhorn-system"
csi.storage.k8s.io/node-publish-secret-name: ${pvc.name}
csi.storage.k8s.io/node-publish-secret-namespace: "longhorn-system"
csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}
csi.storage.k8s.io/node-stage-secret-namespace: "longhorn-system"
# we only need crypto keys for node operations, I left these as examples
# in case we implement external key vaults in the future
# csi.storage.k8s.io/controller-publish-secret-name: ${pvc.name}
# csi.storage.k8s.io/controller-publish-secret-namespace: "longhorn-system"
# csi.storage.k8s.io/controller-expand-secret-name: ${pvc.name}
# csi.storage.k8s.io/controller-expand-secret-namespace: "longhorn-system"

26
examples/crypto/storageclass-crypto-per-volume.yaml Normal file
View File

@ -0,0 +1,26 @@
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: longhorn-crypto-per-volume
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "3"
staleReplicaTimeout: "2880" # 48 hours in minutes
fromBackup: ""
encrypted: "true"
# we currently don't need secrets for volume creation
# but it allows for failing the CreateVolume call early
# if the required secret has not been setup yet.
csi.storage.k8s.io/provisioner-secret-name: ${pvc.name}
csi.storage.k8s.io/provisioner-secret-namespace: ${pvc.namespace}
csi.storage.k8s.io/node-publish-secret-name: ${pvc.name}
csi.storage.k8s.io/node-publish-secret-namespace: ${pvc.namespace}
csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}
csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace}
# we only need crypto keys for node operations, I left these as examples
# in case we implement external key vaults in the future
# csi.storage.k8s.io/controller-publish-secret-name: ${pvc.name}
# csi.storage.k8s.io/controller-publish-secret-namespace: ${pvc.namespace}
# csi.storage.k8s.io/controller-expand-secret-name: ${pvc.name}
# csi.storage.k8s.io/controller-expand-secret-namespace: ${pvc.namespace}

18
examples/storageclass.yaml
View File

@ -1,14 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: longhorn-storageclass
namespace: longhorn-system
data:
storageclass.yaml: |
kind: StorageClass kind: StorageClass
apiVersion: storage.k8s.io/v1 apiVersion: storage.k8s.io/v1
metadata: metadata:
name: longhorn name: longhorn-test
provisioner: driver.longhorn.io provisioner: driver.longhorn.io
allowVolumeExpansion: true allowVolumeExpansion: true
reclaimPolicy: Delete reclaimPolicy: Delete
@ -18,9 +11,10 @@ data:
staleReplicaTimeout: "2880" staleReplicaTimeout: "2880"
fromBackup: "" fromBackup: ""
# backingImage: "bi-test" # backingImage: "bi-test"
# backingImageURL: "https://backing-image-example.s3-region.amazonaws.com/test-backing-image" # backingImageDataSourceType: "download"
# backingImageDataSourceParameters: '{"url": "https://backing-image-example.s3-region.amazonaws.com/test-backing-image"}'
# backingImageChecksum: "SHA512 checksum of the backing image"
# diskSelector: "ssd,fast" # diskSelector: "ssd,fast"
# nodeSelector: "storage,fast" # nodeSelector: "storage,fast"
# recurringJobs: '[{"name":"snap", "task":"snapshot", "cron":"*/1 * * * *", "retain":1}, # recurringJobSelector: '[{"name":"snap-group", "isGroup":true},
# {"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1, # {"name":"backup", "isGroup":false}]'
# "labels": {"interval":"2m"}}]'

4
uninstall/uninstall.yaml
View File

@ -64,7 +64,7 @@ rules:
resources: ["csidrivers", "storageclasses"] resources: ["csidrivers", "storageclasses"]
verbs: ["*"] verbs: ["*"]
- apiGroups: ["longhorn.io"] - apiGroups: ["longhorn.io"]
resources: ["volumes", "engines", "replicas", "settings", "engineimages", "nodes", "instancemanagers", "sharemanagers", "backingimages", "backingimagemanagers"] resources: ["volumes", "engines", "replicas", "settings", "engineimages", "nodes", "instancemanagers", "sharemanagers", "backingimages", "backingimagemanagers", "backingimagedatasources", "backuptargets", "backupvolumes", "backups", "recurringjobs"]
verbs: ["*"] verbs: ["*"]
- apiGroups: ["coordination.k8s.io"] - apiGroups: ["coordination.k8s.io"]
resources: ["leases"] resources: ["leases"]
@ -101,7 +101,7 @@ spec:
spec: spec:
containers: containers:
- name: longhorn-uninstall - name: longhorn-uninstall
image: longhornio/longhorn-manager:v1.1.2 image: longhornio/longhorn-manager:v1.2.0
imagePullPolicy: Always imagePullPolicy: Always
securityContext: securityContext:
privileged: true privileged: true