diff --git a/deploy/longhorn.yaml b/deploy/longhorn.yaml index 3f505a1..458ceaa 100644 --- a/deploy/longhorn.yaml +++ b/deploy/longhorn.yaml @@ -32,6 +32,9 @@ rules: - apiGroups: ["batch"] resources: ["jobs", "cronjobs"] verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] verbs: ["*"] @@ -217,6 +220,7 @@ data: default-longhorn-static-storage-class: backupstore-poll-interval: taint-toleration: + priority-class: registry-secret: auto-salvage: disable-scheduling-on-cordoned-node: @@ -242,8 +246,8 @@ spec: spec: containers: - name: longhorn-manager - image: longhornio/longhorn-manager:v1.0.0 - imagePullPolicy: Always + image: longhornio/longhorn-manager:master + imagePullPolicy: IfNotPresent securityContext: privileged: true command: @@ -251,11 +255,11 @@ spec: - -d - daemon - --engine-image - - longhornio/longhorn-engine:v1.0.0 + - longhornio/longhorn-engine:master - --instance-manager-image - longhornio/longhorn-instance-manager:v1_20200514 - --manager-image - - longhornio/longhorn-manager:v1.0.0 + - longhornio/longhorn-manager:master - --service-account - longhorn-service-account ports: @@ -351,8 +355,8 @@ spec: spec: containers: - name: longhorn-ui - image: longhornio/longhorn-ui:v1.0.0 - imagePullPolicy: Always + image: longhornio/longhorn-ui:master + imagePullPolicy: IfNotPresent securityContext: runAsUser: 0 ports: @@ -398,18 +402,18 @@ spec: spec: initContainers: - name: wait-longhorn-manager - image: longhornio/longhorn-manager:v1.0.0 + image: longhornio/longhorn-manager:master command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] containers: - name: longhorn-driver-deployer - image: longhornio/longhorn-manager:v1.0.0 - imagePullPolicy: Always + image: longhornio/longhorn-manager:master + imagePullPolicy: IfNotPresent command: - longhorn-manager - -d - deploy-driver - --manager-image - - longhornio/longhorn-manager:v1.0.0 + - longhornio/longhorn-manager:master - --manager-url - http://longhorn-backend:9500/v1 env: diff --git a/examples/rwx/01-security.yaml b/examples/rwx/01-security.yaml deleted file mode 100644 index be930ef..0000000 --- a/examples/rwx/01-security.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: longhorn-nfs-provisioner -spec: - fsGroup: - rule: RunAsAny - allowedCapabilities: - - DAC_READ_SEARCH - - SYS_RESOURCE - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - downwardAPI - - emptyDir - - persistentVolumeClaim - - secret - - hostPath ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: longhorn-nfs-provisioner -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch"] - - apiGroups: [""] - resources: ["services", "endpoints"] - verbs: ["get"] - - apiGroups: ["extensions"] - resources: ["podsecuritypolicies"] - resourceNames: ["nfs-provisioner"] - verbs: ["use"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: longhorn-nfs-provisioner -subjects: - - kind: ServiceAccount - name: longhorn-nfs-provisioner - namespace: longhorn-system -roleRef: - kind: ClusterRole - name: longhorn-nfs-provisioner - apiGroup: rbac.authorization.k8s.io ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: leader-locking-longhorn-nfs-provisioner - namespace: longhorn-system -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: leader-locking-longhorn-nfs-provisioner - namespace: longhorn-system -subjects: - - kind: ServiceAccount - name: longhorn-nfs-provisioner - namespace: longhorn-system -roleRef: - kind: Role - name: leader-locking-longhorn-nfs-provisioner - apiGroup: rbac.authorization.k8s.io diff --git a/examples/rwx/02-longhorn-nfs-provisioner.yaml b/examples/rwx/02-longhorn-nfs-provisioner.yaml deleted file mode 100644 index 3a8016a..0000000 --- a/examples/rwx/02-longhorn-nfs-provisioner.yaml +++ /dev/null @@ -1,178 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: longhorn-nfs-provisioner - namespace: longhorn-system ---- -kind: Service -apiVersion: v1 -metadata: - name: longhorn-nfs-provisioner - namespace: longhorn-system - labels: - app: longhorn-nfs-provisioner -spec: - # hardcode a cluster ip for the service - # so that on delete & recreate of the service the previous pv's still point - # to this nfs-provisioner, pick a new ip for each new nfs provisioner - clusterIP: 10.43.111.111 - ports: - - name: nfs - port: 2049 - - name: nfs-udp - port: 2049 - protocol: UDP - - name: nlockmgr - port: 32803 - - name: nlockmgr-udp - port: 32803 - protocol: UDP - - name: mountd - port: 20048 - - name: mountd-udp - port: 20048 - protocol: UDP - - name: rquotad - port: 875 - - name: rquotad-udp - port: 875 - protocol: UDP - - name: rpcbind - port: 111 - - name: rpcbind-udp - port: 111 - protocol: UDP - - name: statd - port: 662 - - name: statd-udp - port: 662 - protocol: UDP - selector: - app: longhorn-nfs-provisioner ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: longhorn-nfs-provisioner - namespace: longhorn-system -spec: - selector: - matchLabels: - app: longhorn-nfs-provisioner - replicas: 1 - strategy: - type: Recreate - template: - metadata: - labels: - app: longhorn-nfs-provisioner - spec: - serviceAccount: longhorn-nfs-provisioner - containers: - - name: longhorn-nfs-provisioner - image: quay.io/kubernetes_incubator/nfs-provisioner:latest - ports: - - name: nfs - containerPort: 2049 - - name: nfs-udp - containerPort: 2049 - protocol: UDP - - name: nlockmgr - containerPort: 32803 - - name: nlockmgr-udp - containerPort: 32803 - protocol: UDP - - name: mountd - containerPort: 20048 - - name: mountd-udp - containerPort: 20048 - protocol: UDP - - name: rquotad - containerPort: 875 - - name: rquotad-udp - containerPort: 875 - protocol: UDP - - name: rpcbind - containerPort: 111 - - name: rpcbind-udp - containerPort: 111 - protocol: UDP - - name: statd - containerPort: 662 - - name: statd-udp - containerPort: 662 - protocol: UDP - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - SYS_RESOURCE - args: - - "-provisioner=nfs.longhorn.io" - - "-device-based-fsids=false" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_NAME - value: longhorn-nfs-provisioner - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - imagePullPolicy: "IfNotPresent" - readinessProbe: - exec: - command: - - ls - - /export - initialDelaySeconds: 5 - periodSeconds: 5 - livenessProbe: - exec: - command: - - ls - - /export - initialDelaySeconds: 5 - periodSeconds: 5 - volumeMounts: - - name: export-volume - mountPath: /export - volumes: - - name: export-volume - persistentVolumeClaim: - claimName: longhorn-nfs-provisioner - # we want really quick failover - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 60 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 60 ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: longhorn-nfs-provisioner # longhorn backing pvc - namespace: longhorn-system -spec: - storageClassName: longhorn - accessModes: - - ReadWriteOnce - resources: - requests: - storage: "20G" # make this 10% bigger then the workload pvc ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: longhorn-nfs # workload storage class -provisioner: nfs.longhorn.io -mountOptions: - - "vers=4.1" - - "noresvport" diff --git a/examples/rwx/03-rwx-test.yaml b/examples/rwx/03-rwx-test.yaml deleted file mode 100644 index 7403403..0000000 --- a/examples/rwx/03-rwx-test.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-test -spec: - accessModes: - - ReadWriteMany - storageClassName: longhorn-nfs - resources: - requests: - storage: 1Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nfs-test - labels: - app: nfs-test -spec: - replicas: 4 - selector: - matchLabels: - app: nfs-test - strategy: - type: Recreate - template: - metadata: - labels: - app: nfs-test - spec: - containers: - - image: ubuntu:xenial - imagePullPolicy: Always - command: ["/bin/sh", "-c"] - args: - - sleep 30; touch /mnt/nfs-test/test.log; while true; do date >> /mnt/nfs-test/test.log; sleep 1; done; - name: nfs-test - stdin: true - tty: true - livenessProbe: - exec: - command: - - timeout - - "10" - - ls - - /mnt/nfs-test - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 10 - volumeMounts: - - mountPath: /mnt/nfs-test - name: nfs-test - restartPolicy: Always - volumes: - - name: nfs-test - persistentVolumeClaim: - claimName: nfs-test diff --git a/uninstall/uninstall.yaml b/uninstall/uninstall.yaml index 75898fd..4d20bae 100644 --- a/uninstall/uninstall.yaml +++ b/uninstall/uninstall.yaml @@ -24,6 +24,9 @@ rules: - apiGroups: ["batch"] resources: ["jobs", "cronjobs"] verbs: ["*"] + - apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] - apiGroups: ["storage.k8s.io"] resources: ["csidrivers"] verbs: ["*"] @@ -58,7 +61,7 @@ spec: spec: containers: - name: longhorn-uninstall - image: longhornio/longhorn-manager:v1.0.0 + image: longhornio/longhorn-manager:master imagePullPolicy: Always command: - longhorn-manager