diff --git a/chart/templates/crds.yaml b/chart/templates/crds.yaml index ea77d0b..d953f8b 100644 --- a/chart/templates/crds.yaml +++ b/chart/templates/crds.yaml @@ -364,7 +364,7 @@ spec: name: longhorn-conversion-webhook namespace: {{ include "release_namespace" . }} path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 @@ -727,7 +727,7 @@ spec: name: longhorn-conversion-webhook namespace: {{ include "release_namespace" . }} path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 @@ -1067,7 +1067,7 @@ spec: name: longhorn-conversion-webhook namespace: {{ include "release_namespace" . }} path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 @@ -1766,7 +1766,7 @@ spec: name: longhorn-conversion-webhook namespace: {{ include "release_namespace" . }} path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 @@ -3136,7 +3136,7 @@ spec: name: longhorn-conversion-webhook namespace: {{ include "release_namespace" . }} path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 diff --git a/chart/templates/daemonset-sa.yaml b/chart/templates/daemonset-sa.yaml index c8798ef..57e9b06 100644 --- a/chart/templates/daemonset-sa.yaml +++ b/chart/templates/daemonset-sa.yaml @@ -18,10 +18,6 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: - initContainers: - - name: wait-longhorn-admission-webhook - image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} - command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-admission-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] containers: - name: longhorn-manager image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} @@ -52,9 +48,17 @@ spec: ports: - containerPort: 9500 name: manager + - containerPort: 9501 + name: conversion-wh + - containerPort: 9502 + name: admission-wh + - containerPort: 9503 + name: recov-backend readinessProbe: - tcpSocket: - port: 9500 + httpGet: + path: /v1/healthz + port: 9501 + scheme: HTTPS volumeMounts: - name: dev mountPath: /host/dev/ diff --git a/chart/templates/deployment-recovery-backend.yaml b/chart/templates/deployment-recovery-backend.yaml deleted file mode 100644 index 81c8aba..0000000 --- a/chart/templates/deployment-recovery-backend.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: {{- include "longhorn.labels" . | nindent 4 }} - app: longhorn-recovery-backend - name: longhorn-recovery-backend - namespace: {{ include "release_namespace" . }} -spec: - replicas: {{ .Values.longhornRecoveryBackend.replicas }} - selector: - matchLabels: - app: longhorn-recovery-backend - template: - metadata: - labels: {{- include "longhorn.labels" . | nindent 8 }} - app: longhorn-recovery-backend - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - longhorn-recovery-backend - topologyKey: kubernetes.io/hostname - containers: - - name: longhorn-recovery-backend - image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - runAsUser: 2000 - command: - - longhorn-manager - - recovery-backend - - --service-account - - longhorn-service-account - ports: - - containerPort: 9600 - name: recov-backend - readinessProbe: - tcpSocket: - port: 9600 - initialDelaySeconds: 3 - periodSeconds: 5 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.privateRegistry.registrySecret }} - imagePullSecrets: - - name: {{ .Values.privateRegistry.registrySecret }} - {{- end }} - {{- if .Values.longhornRecoveryBackend.priorityClass }} - priorityClassName: {{ .Values.longhornRecoveryBackend.priorityClass | quote }} - {{- end }} - {{- if or .Values.longhornRecoveryBackend.tolerations .Values.global.cattle.windowsCluster.enabled }} - tolerations: - {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} -{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} - {{- end }} - {{- if .Values.longhornRecoveryBackend.tolerations }} -{{ toYaml .Values.longhornRecoveryBackend.tolerations | indent 6 }} - {{- end }} - {{- end }} - {{- if or .Values.longhornRecoveryBackend.nodeSelector .Values.global.cattle.windowsCluster.enabled }} - nodeSelector: - {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} -{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.longhornRecoveryBackend.nodeSelector }} -{{ toYaml .Values.longhornRecoveryBackend.nodeSelector | indent 8 }} - {{- end }} - {{- end }} - serviceAccountName: longhorn-service-account diff --git a/chart/templates/deployment-webhook.yaml b/chart/templates/deployment-webhook.yaml deleted file mode 100644 index c4d353a..0000000 --- a/chart/templates/deployment-webhook.yaml +++ /dev/null @@ -1,166 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: {{- include "longhorn.labels" . | nindent 4 }} - app: longhorn-conversion-webhook - name: longhorn-conversion-webhook - namespace: {{ include "release_namespace" . }} -spec: - replicas: {{ .Values.longhornConversionWebhook.replicas }} - selector: - matchLabels: - app: longhorn-conversion-webhook - template: - metadata: - labels: {{- include "longhorn.labels" . | nindent 8 }} - app: longhorn-conversion-webhook - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - longhorn-conversion-webhook - topologyKey: kubernetes.io/hostname - containers: - - name: longhorn-conversion-webhook - image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - runAsUser: 2000 - command: - - longhorn-manager - - conversion-webhook - - --service-account - - longhorn-service-account - ports: - - containerPort: 9443 - name: conversion-wh - readinessProbe: - tcpSocket: - port: 9443 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.privateRegistry.registrySecret }} - imagePullSecrets: - - name: {{ .Values.privateRegistry.registrySecret }} - {{- end }} - {{- if .Values.longhornConversionWebhook.priorityClass }} - priorityClassName: {{ .Values.longhornConversionWebhook.priorityClass | quote }} - {{- end }} - {{- if or .Values.longhornConversionWebhook.tolerations .Values.global.cattle.windowsCluster.enabled }} - tolerations: - {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} -{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} - {{- end }} - {{- if .Values.longhornConversionWebhook.tolerations }} -{{ toYaml .Values.longhornConversionWebhook.tolerations | indent 6 }} - {{- end }} - {{- end }} - {{- if or .Values.longhornConversionWebhook.nodeSelector .Values.global.cattle.windowsCluster.enabled }} - nodeSelector: - {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} -{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.longhornConversionWebhook.nodeSelector }} -{{ toYaml .Values.longhornConversionWebhook.nodeSelector | indent 8 }} - {{- end }} - {{- end }} - serviceAccountName: longhorn-service-account ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: {{- include "longhorn.labels" . | nindent 4 }} - app: longhorn-admission-webhook - name: longhorn-admission-webhook - namespace: {{ include "release_namespace" . }} -spec: - replicas: {{ .Values.longhornAdmissionWebhook.replicas }} - selector: - matchLabels: - app: longhorn-admission-webhook - template: - metadata: - labels: {{- include "longhorn.labels" . | nindent 8 }} - app: longhorn-admission-webhook - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - longhorn-admission-webhook - topologyKey: kubernetes.io/hostname - initContainers: - - name: wait-longhorn-conversion-webhook - image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} - command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-conversion-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - runAsUser: 2000 - containers: - - name: longhorn-admission-webhook - image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - runAsUser: 2000 - command: - - longhorn-manager - - admission-webhook - - --service-account - - longhorn-service-account - ports: - - containerPort: 9443 - name: admission-wh - readinessProbe: - tcpSocket: - port: 9443 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.privateRegistry.registrySecret }} - imagePullSecrets: - - name: {{ .Values.privateRegistry.registrySecret }} - {{- end }} - {{- if .Values.longhornAdmissionWebhook.priorityClass }} - priorityClassName: {{ .Values.longhornAdmissionWebhook.priorityClass | quote }} - {{- end }} - {{- if or .Values.longhornAdmissionWebhook.tolerations .Values.global.cattle.windowsCluster.enabled }} - tolerations: - {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} -{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} - {{- end }} - {{- if .Values.longhornAdmissionWebhook.tolerations }} -{{ toYaml .Values.longhornAdmissionWebhook.tolerations | indent 6 }} - {{- end }} - {{- end }} - {{- if or .Values.longhornAdmissionWebhook.nodeSelector .Values.global.cattle.windowsCluster.enabled }} - nodeSelector: - {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} -{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.longhornAdmissionWebhook.nodeSelector }} -{{ toYaml .Values.longhornAdmissionWebhook.nodeSelector | indent 8 }} - {{- end }} - {{- end }} - serviceAccountName: longhorn-service-account diff --git a/chart/templates/services.yaml b/chart/templates/services.yaml index cd008db..7da9d18 100644 --- a/chart/templates/services.yaml +++ b/chart/templates/services.yaml @@ -9,10 +9,10 @@ spec: type: ClusterIP sessionAffinity: ClientIP selector: - app: longhorn-conversion-webhook + app: longhorn-manager ports: - name: conversion-webhook - port: 9443 + port: 9501 targetPort: conversion-wh --- apiVersion: v1 @@ -26,10 +26,10 @@ spec: type: ClusterIP sessionAffinity: ClientIP selector: - app: longhorn-admission-webhook + app: longhorn-manager ports: - name: admission-webhook - port: 9443 + port: 9502 targetPort: admission-wh --- apiVersion: v1 @@ -43,10 +43,10 @@ spec: type: ClusterIP sessionAffinity: ClientIP selector: - app: longhorn-recovery-backend + app: longhorn-manager ports: - name: recovery-backend - port: 9600 + port: 9503 targetPort: recov-backend --- apiVersion: v1 diff --git a/deploy/longhorn.yaml b/deploy/longhorn.yaml index f8afbf0..8a2f804 100644 --- a/deploy/longhorn.yaml +++ b/deploy/longhorn.yaml @@ -447,7 +447,7 @@ spec: name: longhorn-conversion-webhook namespace: longhorn-system path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 @@ -818,7 +818,7 @@ spec: name: longhorn-conversion-webhook namespace: longhorn-system path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 @@ -1166,7 +1166,7 @@ spec: name: longhorn-conversion-webhook namespace: longhorn-system path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 @@ -1877,7 +1877,7 @@ spec: name: longhorn-conversion-webhook namespace: longhorn-system path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 @@ -3284,7 +3284,7 @@ spec: name: longhorn-conversion-webhook namespace: longhorn-system path: /v1/webhook/conversion - port: 9443 + port: 9501 conversionReviewVersions: - v1beta2 - v1beta1 @@ -3783,10 +3783,10 @@ spec: type: ClusterIP sessionAffinity: ClientIP selector: - app: longhorn-conversion-webhook + app: longhorn-manager ports: - name: conversion-webhook - port: 9443 + port: 9501 targetPort: conversion-wh --- # Source: longhorn/templates/services.yaml @@ -3804,10 +3804,10 @@ spec: type: ClusterIP sessionAffinity: ClientIP selector: - app: longhorn-admission-webhook + app: longhorn-manager ports: - name: admission-webhook - port: 9443 + port: 9502 targetPort: admission-wh --- # Source: longhorn/templates/services.yaml @@ -3825,10 +3825,10 @@ spec: type: ClusterIP sessionAffinity: ClientIP selector: - app: longhorn-recovery-backend + app: longhorn-manager ports: - name: recovery-backend - port: 9600 + port: 9503 targetPort: recov-backend --- # Source: longhorn/templates/services.yaml @@ -3886,10 +3886,6 @@ spec: app.kubernetes.io/version: v1.4.0-dev app: longhorn-manager spec: - initContainers: - - name: wait-longhorn-admission-webhook - image: longhornio/longhorn-manager:master-head - command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-admission-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] containers: - name: longhorn-manager image: longhornio/longhorn-manager:master-head @@ -3917,9 +3913,17 @@ spec: ports: - containerPort: 9500 name: manager + - containerPort: 9501 + name: conversion-wh + - containerPort: 9502 + name: admission-wh + - containerPort: 9503 + name: recov-backend readinessProbe: - tcpSocket: - port: 9500 + httpGet: + path: /v1/healthz + port: 9501 + scheme: HTTPS volumeMounts: - name: dev mountPath: /host/dev/ @@ -4030,72 +4034,6 @@ spec: securityContext: runAsUser: 0 --- -# Source: longhorn/templates/deployment-recovery-backend.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0-dev - app: longhorn-recovery-backend - name: longhorn-recovery-backend - namespace: longhorn-system -spec: - replicas: 2 - selector: - matchLabels: - app: longhorn-recovery-backend - template: - metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0-dev - app: longhorn-recovery-backend - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - longhorn-recovery-backend - topologyKey: kubernetes.io/hostname - containers: - - name: longhorn-recovery-backend - image: longhornio/longhorn-manager:master-head - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 2000 - command: - - longhorn-manager - - recovery-backend - - --service-account - - longhorn-service-account - ports: - - containerPort: 9600 - name: recov-backend - readinessProbe: - tcpSocket: - port: 9600 - initialDelaySeconds: 3 - periodSeconds: 5 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - serviceAccountName: longhorn-service-account ---- # Source: longhorn/templates/deployment-ui.yaml apiVersion: apps/v1 kind: Deployment @@ -4159,136 +4097,5 @@ spec: - emptyDir: {} name: var-run --- -# Source: longhorn/templates/deployment-webhook.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0-dev - app: longhorn-conversion-webhook - name: longhorn-conversion-webhook - namespace: longhorn-system -spec: - replicas: 2 - selector: - matchLabels: - app: longhorn-conversion-webhook - template: - metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0-dev - app: longhorn-conversion-webhook - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - longhorn-conversion-webhook - topologyKey: kubernetes.io/hostname - containers: - - name: longhorn-conversion-webhook - image: longhornio/longhorn-manager:master-head - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 2000 - command: - - longhorn-manager - - conversion-webhook - - --service-account - - longhorn-service-account - ports: - - containerPort: 9443 - name: conversion-wh - readinessProbe: - tcpSocket: - port: 9443 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - serviceAccountName: longhorn-service-account ---- -# Source: longhorn/templates/deployment-webhook.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0-dev - app: longhorn-admission-webhook - name: longhorn-admission-webhook - namespace: longhorn-system -spec: - replicas: 2 - selector: - matchLabels: - app: longhorn-admission-webhook - template: - metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0-dev - app: longhorn-admission-webhook - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - longhorn-admission-webhook - topologyKey: kubernetes.io/hostname - initContainers: - - name: wait-longhorn-conversion-webhook - image: longhornio/longhorn-manager:master-head - command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-conversion-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 2000 - containers: - - name: longhorn-admission-webhook - image: longhornio/longhorn-manager:master-head - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 2000 - command: - - longhorn-manager - - admission-webhook - - --service-account - - longhorn-service-account - ports: - - containerPort: 9443 - name: admission-wh - readinessProbe: - tcpSocket: - port: 9443 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - serviceAccountName: longhorn-service-account ---- # Source: longhorn/templates/validate-psp-install.yaml # diff --git a/examples/network-policy/recovery-backend-network-policy.yaml b/examples/network-policy/recovery-backend-network-policy.yaml index 0acfe39..767a61d 100644 --- a/examples/network-policy/recovery-backend-network-policy.yaml +++ b/examples/network-policy/recovery-backend-network-policy.yaml @@ -6,11 +6,11 @@ metadata: spec: podSelector: matchLabels: - app: longhorn-recovery-backend + app: longhorn-manager policyTypes: - Ingress ingress: - ports: - protocol: TCP - port: 9600 + port: 9503 diff --git a/examples/network-policy/webhook-network-policy.yaml b/examples/network-policy/webhook-network-policy.yaml index 6ca8926..271a9f2 100644 --- a/examples/network-policy/webhook-network-policy.yaml +++ b/examples/network-policy/webhook-network-policy.yaml @@ -6,13 +6,13 @@ metadata: spec: podSelector: matchLabels: - app: longhorn-conversion-webhook + app: longhorn-manager policyTypes: - Ingress ingress: - ports: - protocol: TCP - port: 9443 + port: 9501 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -22,10 +22,10 @@ metadata: spec: podSelector: matchLabels: - app: longhorn-admission-webhook + app: longhorn-manager policyTypes: - Ingress ingress: - ports: - protocol: TCP - port: 9443 + port: 9502