ivampiresp/longhorn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1690 from longhorn/v1.0.2

Browse Source 
Longhorn v1.0.2
This commit is contained in:
Sheng Yang 2020-08-14 14:49:02 -07:00 committed by GitHub
commit 83f35e04ed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 265 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -25,7 +25,7 @@ You can read more technical details of Longhorn [here](https://longhorn.io/).
## Current status
The latest release of Longhorn is **v1.0.1**.
The latest release of Longhorn is **v1.0.2**.
## Source code
Longhorn is 100% open source software. Project source code is spread across a number of repos:

4
chart/Chart.yaml
View File

@ -1,7 +1,7 @@
apiVersion: v1
name: longhorn
version: 1.0.1
appVersion: v1.0.1
version: 1.0.2
appVersion: v1.0.2
kubeVersion: ">=v1.14.0-r0"
description: Longhorn is a distributed block storage system for Kubernetes.
keywords:

44
chart/questions.yml
View File

@ -17,7 +17,7 @@ questions:
label: Longhorn Manager Image Name
group: "Longhorn Images Settings"
- variable: image.longhorn.managerTag
default: v1.0.1
default: v1.0.2
description: "Specify Longhorn Manager Image Tag"
type: string
label: Longhorn Manager Image Tag
@ -29,7 +29,7 @@ questions:
label: Longhorn Engine Image Name
group: "Longhorn Images Settings"
- variable: image.longhorn.engineTag
default: v1.0.1
default: v1.0.2
description: "Specify Longhorn Engine Image Tag"
type: string
label: Longhorn Engine Image Tag
@ -41,7 +41,7 @@ questions:
label: Longhorn UI Image Name
group: "Longhorn Images Settings"
- variable: image.longhorn.uiTag
default: v1.0.1
default: v1.0.2
description: "Specify Longhorn UI Image Tag"
type: string
label: Longhorn UI Image Tag
@ -59,29 +59,53 @@ questions:
label: Longhorn Instance Manager Image Tag
group: "Longhorn Images Settings"
- variable: csi.attacherImage
default:
default: longhornio/csi-attacher
description: "Specify CSI attacher image. Leave blank to autodetect."
type: string
label: Longhorn CSI Attacher Image
group: "Longhorn CSI Driver Images"
- variable: csi.attacherImageTag
default: v2.0.0
description: "Specify CSI attacher image tag. Leave blank to autodetect."
type: string
label: Longhorn CSI Attacher Image Tag
group: "Longhorn CSI Driver Images"
- variable: csi.provisionerImage
default:
default: longhornio/csi-provisioner
description: "Specify CSI provisioner image. Leave blank to autodetect."
type: string
label: Longhorn CSI Provisioner Image
group: "Longhorn CSI Driver Images"
- variable: csi.provisionerImageTag
default: v1.4.0
description: "Specify CSI provisioner image tag. Leave blank to autodetect."
type: string
label: Longhorn CSI Provisioner Image Tag
group: "Longhorn CSI Driver Images"
- variable: csi.nodeDriverRegistrarImage
default:
default: longhornio/csi-node-driver-registrar
description: "Specify CSI Node Driver Registrar image. Leave blank to autodetect."
type: string
label: Longhorn CSI Node Driver Registrar Image
group: "Longhorn CSI Driver Images"
- variable: csi.nodeDriverRegistrarImageTag
default: v1.2.0
description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect."
type: string
label: Longhorn CSI Node Driver Registrar Image Tag
group: "Longhorn CSI Driver Images"
- variable: csi.resizerImage
default:
default: longhornio/csi-resizer
description: "Specify CSI Driver Resizer image. Leave blank to autodetect."
type: string
label: Longhorn CSI Driver Resizer Image
group: "Longhorn CSI Driver Images"
- variable: csi.resizerImageTag
default: v0.3.0
description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect."
type: string
label: Longhorn CSI Driver Resizer Image Tag
group: "Longhorn CSI Driver Images"
- variable: privateRegistry.registryUrl
label: Private registry URL
description: "URL of private registry"
@ -314,3 +338,9 @@ WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES.'
max: 32767
show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer"
label: UI Service NodePort number
- variable: enablePSP
default: "true"
description: "Setup a pod security policy for Longhorn workloads."
label: Pod Security Policy
type: boolean
group: "Other Settings"

17
chart/templates/daemonset-sa.yaml
View File

@ -16,7 +16,11 @@ spec:
spec:
containers:
- name: longhorn-manager
{{- if .Values.privateRegistry.registryUrl }}
image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- else }}
image: "{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- end }}
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
@ -25,11 +29,23 @@ spec:
- -d
- daemon
- --engine-image
{{- if .Values.privateRegistry.registryUrl }}
- "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.engine }}:{{ .Values.image.longhorn.engineTag }}"
{{- else }}
- "{{ .Values.image.longhorn.engine }}:{{ .Values.image.longhorn.engineTag }}"
{{- end }}
- --instance-manager-image
{{- if .Values.privateRegistry.registryUrl }}
- "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.instanceManager }}:{{ .Values.image.longhorn.instanceManagerTag }}"
{{- else }}
- "{{ .Values.image.longhorn.instanceManager }}:{{ .Values.image.longhorn.instanceManagerTag }}"
{{- end }}
- --manager-image
{{- if .Values.privateRegistry.registryUrl }}
- "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- else }}
- "{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- end }}
- --service-account
- longhorn-service-account
ports:
@ -45,6 +61,7 @@ spec:
mountPath: /host/proc/
- name: varrun
mountPath: /var/run/
mountPropagation: Bidirectional
- name: longhorn
mountPath: /var/lib/longhorn/
mountPropagation: Bidirectional

47
chart/templates/deployment-driver.yaml
View File

@ -16,18 +16,30 @@ spec:
spec:
initContainers:
- name: wait-longhorn-manager
{{- if .Values.privateRegistry.registryUrl }}
image: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- end }}
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
containers:
- name: longhorn-driver-deployer
{{- if .Values.privateRegistry.registryUrl }}
image: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- end }}
imagePullPolicy: IfNotPresent
command:
- longhorn-manager
- -d
- deploy-driver
- --manager-image
{{- if .Values.privateRegistry.registryUrl }}
- {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- else }}
- {{ printf "%s:%s" .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- end }}
- --manager-url
- http://longhorn-backend:9500/v1
env:
@ -47,22 +59,41 @@ spec:
- name: KUBELET_ROOT_DIR
value: {{ .Values.csi.kubeletRootDir }}
{{- end }}
{{- if .Values.csi.attacherImage }}
{{- if .Values.privateRegistry.registryUrl }}
{{- if and .Values.csi.attacherImage .Values.csi.attacherImageTag }}
- name: CSI_ATTACHER_IMAGE
value: {{ .Values.csi.attacherImage }}
value: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.csi.attacherImage .Values.csi.attacherImageTag | quote }}
{{- end }}
{{- if .Values.csi.provisionerImage }}
{{- if and .Values.csi.provisionerImage .Values.csi.provisionerImageTag }}
- name: CSI_PROVISIONER_IMAGE
value: {{ .Values.csi.provisionerImage }}
value: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.csi.provisionerImage .Values.csi.provisionerImageTag | quote }}
{{- end }}
{{- if .Values.csi.nodeDriverRegistrarImage }}
{{- if and .Values.csi.nodeDriverRegistrarImage .Values.csi.nodeDriverRegistrarImageTag }}
- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
value: {{ .Values.csi.nodeDriverRegistrarImage }}
value: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.csi.nodeDriverRegistrarImage .Values.csi.nodeDriverRegistrarImageTag | quote }}
{{- end }}
{{- if .Values.csi.resizerImage }}
{{- if and .Values.csi.resizerImage .Values.csi.resizerImageTag }}
- name: CSI_RESIZER_IMAGE
value: {{ .Values.csi.resizerImage }}
value: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.csi.resizerImage .Values.csi.resizerImageTag | quote }}
{{- end }}
{{- else }}
{{- if and .Values.csi.attacherImage .Values.csi.attacherImageTag }}
- name: CSI_ATTACHER_IMAGE
value: {{ printf "%s:%s" .Values.csi.attacherImage .Values.csi.attacherImageTag | quote }}
{{- end }}
{{- if and .Values.csi.provisionerImage .Values.csi.provisionerImageTag }}
- name: CSI_PROVISIONER_IMAGE
value: {{ printf "%s:%s" .Values.csi.provisionerImage .Values.csi.provisionerImageTag | quote }}
{{- end }}
{{- if and .Values.csi.nodeDriverRegistrarImage .Values.csi.nodeDriverRegistrarImageTag }}
- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
value: {{ printf "%s:%s" .Values.csi.nodeDriverRegistrarImage .Values.csi.nodeDriverRegistrarImageTag | quote }}
{{- end }}
{{- if and .Values.csi.resizerImage .Values.csi.resizerImageTag }}
- name: CSI_RESIZER_IMAGE
value: {{ printf "%s:%s" .Values.csi.resizerImage .Values.csi.resizerImageTag | quote }}
{{- end }}
{{- end }}
{{- if .Values.csi.attacherReplicaCount }}
- name: CSI_ATTACHER_REPLICA_COUNT
value: {{ .Values.csi.attacherReplicaCount | quote }}

4
chart/templates/deployment-ui.yaml
View File

@ -17,7 +17,11 @@ spec:
spec:
containers:
- name: longhorn-ui
{{- if .Values.privateRegistry.registryUrl }}
image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.ui }}:{{ .Values.image.longhorn.uiTag }}"
{{- else }}
image: "{{ .Values.image.longhorn.ui }}:{{ .Values.image.longhorn.uiTag }}"
{{- end }}
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 0

4
chart/templates/postupgrade-job.yaml
View File

@ -17,7 +17,11 @@ spec:
spec:
containers:
- name: longhorn-post-upgrade
{{- if .Values.privateRegistry.registryUrl }}
image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- else }}
image: "{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- end }}
imagePullPolicy: Always
command:
- longhorn-manager

66
chart/templates/psp.yaml Normal file
View File

@ -0,0 +1,66 @@
{{- if .Values.enablePSP }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: longhorn-psp
labels: {{- include "longhorn.labels" . | nindent 4 }}
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities:
- NET_RAW
allowedCapabilities:
- SYS_ADMIN
hostNetwork: false
hostIPC: false
hostPID: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
- hostPath
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: longhorn-psp-role
labels: {{- include "longhorn.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- longhorn-psp
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: longhorn-psp-binding
labels: {{- include "longhorn.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: longhorn-psp-role
subjects:
- kind: ServiceAccount
name: longhorn-service-account
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: default
namespace: {{ .Release.Namespace }}
{{- end }}

4
chart/templates/uninstall-job.yaml
View File

@ -17,7 +17,11 @@ spec:
spec:
containers:
- name: longhorn-uninstall
{{- if .Values.privateRegistry.registryUrl }}
image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- else }}
image: "{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- end }}
imagePullPolicy: Always
command:
- longhorn-manager

21
chart/values.yaml
View File

@ -4,11 +4,11 @@
image:
longhorn:
engine: longhornio/longhorn-engine
engineTag: v1.0.1
engineTag: v1.0.2
manager: longhornio/longhorn-manager
managerTag: v1.0.1
managerTag: v1.0.2
ui: longhornio/longhorn-ui
uiTag: v1.0.1
uiTag: v1.0.2
instanceManager: longhornio/longhorn-instance-manager
instanceManagerTag: v1_20200514
pullPolicy: IfNotPresent
@ -26,10 +26,14 @@ persistence:
defaultClassReplicaCount: 3
csi:
attacherImage: ~
provisionerImage: ~
nodeDriverRegistrarImage: ~
resizerImage: ~
attacherImage: longhornio/csi-attacher
attacherImageTag: v2.0.0
provisionerImage: longhornio/csi-provisioner
provisionerImageTag: v1.4.0
nodeDriverRegistrarImage: longhornio/csi-node-driver-registrar
nodeDriverRegistrarImageTag: v1.2.0
resizerImage: longhornio/csi-resizer
resizerImageTag: v0.3.0
kubeletRootDir: ~
attacherReplicaCount: ~
provisionerReplicaCount: ~
@ -114,3 +118,6 @@ ingress:
# - name: longhorn.local-tls
# key:
# certificate:
# Configure a pod security policy in the Longhorn namespace to allow privileged pods
enablePSP: true

6
deploy/longhorn-images.txt
View File

@ -1,7 +1,7 @@
longhornio/longhorn-engine:v1.0.1
longhornio/longhorn-engine:v1.0.2
longhornio/longhorn-instance-manager:v1_20200514
longhornio/longhorn-manager:v1.0.1
longhornio/longhorn-ui:v1.0.1
longhornio/longhorn-manager:v1.0.2
longhornio/longhorn-ui:v1.0.2
longhornio/csi-attacher:v2.0.0
longhornio/csi-node-driver-registrar:v1.2.0
longhornio/csi-provisioner:v1.4.0

77
deploy/longhorn.yaml
View File

@ -228,6 +228,68 @@ data:
volume-attachment-recovery-policy:
mkfs-ext4-parameters:
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: longhorn-psp
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities:
- NET_RAW
allowedCapabilities:
- SYS_ADMIN
hostNetwork: false
hostIPC: false
hostPID: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
- hostPath
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: longhorn-psp-role
namespace: longhorn-system
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- longhorn-psp
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: longhorn-psp-binding
namespace: longhorn-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: longhorn-psp-role
subjects:
- kind: ServiceAccount
name: longhorn-service-account
namespace: longhorn-system
- kind: ServiceAccount
name: default
namespace: longhorn-system
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
@ -246,7 +308,7 @@ spec:
spec:
containers:
- name: longhorn-manager
image: longhornio/longhorn-manager:v1.0.1
image: longhornio/longhorn-manager:v1.0.2
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
@ -255,11 +317,11 @@ spec:
- -d
- daemon
- --engine-image
- longhornio/longhorn-engine:v1.0.1
- longhornio/longhorn-engine:v1.0.2
- --instance-manager-image
- longhornio/longhorn-instance-manager:v1_20200514
- --manager-image
- longhornio/longhorn-manager:v1.0.1
- longhornio/longhorn-manager:v1.0.2
- --service-account
- longhorn-service-account
ports:
@ -275,6 +337,7 @@ spec:
mountPath: /host/proc/
- name: varrun
mountPath: /var/run/
mountPropagation: Bidirectional
- name: longhorn
mountPath: /var/lib/longhorn/
mountPropagation: Bidirectional
@ -355,7 +418,7 @@ spec:
spec:
containers:
- name: longhorn-ui
image: longhornio/longhorn-ui:v1.0.1
image: longhornio/longhorn-ui:v1.0.2
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 0
@ -402,18 +465,18 @@ spec:
spec:
initContainers:
- name: wait-longhorn-manager
image: longhornio/longhorn-manager:v1.0.1
image: longhornio/longhorn-manager:v1.0.2
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
containers:
- name: longhorn-driver-deployer
image: longhornio/longhorn-manager:v1.0.1
image: longhornio/longhorn-manager:v1.0.2
imagePullPolicy: IfNotPresent
command:
- longhorn-manager
- -d
- deploy-driver
- --manager-image
- longhornio/longhorn-manager:v1.0.1
- longhornio/longhorn-manager:v1.0.2
- --manager-url
- http://longhorn-backend:9500/v1
env:

6
deploy/release-images.txt
View File

@ -1,7 +1,7 @@
longhornio/longhorn-engine:v1.0.1
longhornio/longhorn-engine:v1.0.2
longhornio/longhorn-instance-manager:v1_20200514
longhornio/longhorn-manager:v1.0.1
longhornio/longhorn-ui:v1.0.1
longhornio/longhorn-manager:v1.0.2
longhornio/longhorn-ui:v1.0.2
quay.io/k8scsi/csi-attacher:v2.0.0
quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
quay.io/k8scsi/csi-provisioner:v1.4.0

2
uninstall/uninstall.yaml
View File

@ -61,7 +61,7 @@ spec:
spec:
containers:
- name: longhorn-uninstall
image: longhornio/longhorn-manager:v1.0.1
image: longhornio/longhorn-manager:v1.0.2
imagePullPolicy: Always
command:
- longhorn-manager