Kubernetes 1.25 support

1. Set enablePSP to false by default
1. Bump K8s min version support and CSI sidecar versions
    * Min Kubernetes version from 1.18 to 1.21
    * longhornio/csi-resizer v1.2.0 -> v1.3.0
    * longhornio/csi-snapshotter: v3.0.3 -> v5.0.1
1. Update CSI snapshot examples from v1beta1 to v1
1. Updating images file
1. Gnerating new longhorn.yaml from the chart for kubectl

Longhorn-4003
Longhorn-4239

Signed-off-by: Phan Le <phan.le@suse.com>

chart/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 name: longhorn
 version: 1.4.0-dev
 appVersion: v1.4.0-dev
-kubeVersion: ">=1.18.0-0"
+kubeVersion: ">=1.21.0-0"
 description: Longhorn is a distributed block storage system for Kubernetes.
 keywords:
 - longhorn

chart/questions.yaml

@@ -125,7 +125,7 @@ questions:
     label: Longhorn CSI Driver Resizer Image Repository
     group: "Longhorn CSI Driver Images"
   - variable: image.csi.resizer.tag
-    default: v1.2.0
+    default: v1.3.0
     description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect."
     type: string
     label: Longhorn CSI Driver Resizer Image Tag
@@ -137,7 +137,7 @@ questions:
     label: Longhorn CSI Driver Snapshotter Image Repository
     group: "Longhorn CSI Driver Images"
   - variable: image.csi.snapshotter.tag
-    default: v3.0.3
+    default: v5.0.1
     description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect."
     type: string
     label: Longhorn CSI Driver Snapshotter Image Tag

chart/values.yaml

@@ -53,10 +53,10 @@ image:
       tag: v2.5.0
     resizer:
       repository: longhornio/csi-resizer
-      tag: v1.2.0
+      tag: v1.3.0
     snapshotter:
       repository: longhornio/csi-snapshotter
-      tag: v3.0.3
+      tag: v5.0.1
   pullPolicy: IfNotPresent
 
 service:
@@ -250,8 +250,9 @@ ingress:
   #   key:
   #   certificate:
 
-# Configure a pod security policy in the Longhorn namespace to allow privileged pods
+#  For Kubernetes < v1.25, if your cluster enables Pod Security Policy admission controller,
-enablePSP: true
+#  set this to `true` to ship longhorn-psp which allow privileged Longhorn pods to start
+enablePSP: false
 
 ## Specify override namespace, specifically this is useful for using longhorn as sub-chart
 ## and its release namespace is not the `longhorn-system`

deploy/longhorn-images.txt

@@ -1,7 +1,7 @@
 longhornio/csi-attacher:v3.4.0
 longhornio/csi-provisioner:v2.1.2
-longhornio/csi-resizer:v1.2.0
+longhornio/csi-resizer:v1.3.0
-longhornio/csi-snapshotter:v3.0.3
+longhornio/csi-snapshotter:v5.0.1
 longhornio/csi-node-driver-registrar:v2.5.0
 longhornio/backing-image-manager:v3_20220808
 longhornio/longhorn-engine:master-head

deploy/longhorn.yaml

@@ -5,41 +5,6 @@ kind: Namespace
 metadata:
   name: longhorn-system
 ---
-# Source: longhorn/templates/psp.yaml
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: longhorn-psp
-  labels:
-    app.kubernetes.io/name: longhorn
-    app.kubernetes.io/instance: longhorn
-    app.kubernetes.io/version: v1.4.0-dev
-spec:
-  privileged: true
-  allowPrivilegeEscalation: true
-  requiredDropCapabilities:
-  - NET_RAW
-  allowedCapabilities:
-  - SYS_ADMIN
-  hostNetwork: false
-  hostIPC: false
-  hostPID: true
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  fsGroup:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - configMap
-  - downwardAPI
-  - emptyDir
-  - secret
-  - projected
-  - hostPath
----
 # Source: longhorn/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
@@ -3275,48 +3240,6 @@ subjects:
   name: longhorn-service-account
   namespace: longhorn-system
 ---
-# Source: longhorn/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: longhorn-psp-role
-  labels:
-    app.kubernetes.io/name: longhorn
-    app.kubernetes.io/instance: longhorn
-    app.kubernetes.io/version: v1.4.0-dev
-  namespace: longhorn-system
-rules:
-- apiGroups:
-  - policy
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
-  resourceNames:
-  - longhorn-psp
----
-# Source: longhorn/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: longhorn-psp-binding
-  labels:
-    app.kubernetes.io/name: longhorn
-    app.kubernetes.io/instance: longhorn
-    app.kubernetes.io/version: v1.4.0-dev
-  namespace: longhorn-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: longhorn-psp-role
-subjects:
-- kind: ServiceAccount
-  name: longhorn-service-account
-  namespace: longhorn-system
-- kind: ServiceAccount
-  name: default
-  namespace: longhorn-system
----
 # Source: longhorn/templates/daemonset-sa.yaml
 apiVersion: v1
 kind: Service
@@ -3610,9 +3533,9 @@ spec:
           - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
             value: "longhornio/csi-node-driver-registrar:v2.5.0"
           - name: CSI_RESIZER_IMAGE
-            value: "longhornio/csi-resizer:v1.2.0"
+            value: "longhornio/csi-resizer:v1.3.0"
           - name: CSI_SNAPSHOTTER_IMAGE
-            value: "longhornio/csi-snapshotter:v3.0.3"
+            value: "longhornio/csi-snapshotter:v5.0.1"
       serviceAccountName: longhorn-service-account
       securityContext:
         runAsUser: 0

examples/snapshot/existing_backup.yaml

@@ -1,4 +1,4 @@
-apiVersion: snapshot.storage.k8s.io/v1beta1
+apiVersion: snapshot.storage.k8s.io/v1
 kind: VolumeSnapshotContent
 metadata:
   name: test-existing-backup

examples/snapshot/snapshot_existing.yaml

@@ -1,4 +1,4 @@
-apiVersion: snapshot.storage.k8s.io/v1beta1
+apiVersion: snapshot.storage.k8s.io/v1
 kind: VolumeSnapshot
 metadata:
   name: test-snapshot-existing-backup

examples/snapshot/snapshot_pvc.yaml

@@ -1,4 +1,4 @@
-apiVersion: snapshot.storage.k8s.io/v1beta1
+apiVersion: snapshot.storage.k8s.io/v1
 kind: VolumeSnapshot
 metadata:
   name: test-snapshot-pvc

examples/snapshot/snapshotclass.yaml

@@ -1,5 +1,5 @@
 kind: VolumeSnapshotClass
-apiVersion: snapshot.storage.k8s.io/v1beta1
+apiVersion: snapshot.storage.k8s.io/v1
 metadata:
   name: longhorn
 driver: driver.longhorn.io