ivampiresp/longhorn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor (webhook and recovery service): merge webhook and recovery service into longhorn manager daemonset

Browse Source 
Ref: longhorn/longhorn5590

Signed-off-by: Jack Lin <jack.lin@suse.com>
This commit is contained in:
Jack Lin 2023-03-23 17:15:38 +08:00 committed by David Ko
parent ab67f9c98c
commit 88101a2274
8 changed files with 48 additions and 486 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
chart/templates/crds.yaml
View File

@ -364,7 +364,7 @@ spec:
name: longhorn-conversion-webhook
namespace: {{ include "release_namespace" . }}
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1
@ -727,7 +727,7 @@ spec:
name: longhorn-conversion-webhook
namespace: {{ include "release_namespace" . }}
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1
@ -1067,7 +1067,7 @@ spec:
name: longhorn-conversion-webhook
namespace: {{ include "release_namespace" . }}
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1
@ -1766,7 +1766,7 @@ spec:
name: longhorn-conversion-webhook
namespace: {{ include "release_namespace" . }}
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1
@ -3136,7 +3136,7 @@ spec:
name: longhorn-conversion-webhook
namespace: {{ include "release_namespace" . }}
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1

16
chart/templates/daemonset-sa.yaml
View File

@ -18,10 +18,6 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
initContainers:
- name: wait-longhorn-admission-webhook
image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-admission-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done']
containers:
- name: longhorn-manager
image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
@ -52,9 +48,17 @@ spec:
ports:
- containerPort: 9500
name: manager
- containerPort: 9501
name: conversion-wh
- containerPort: 9502
name: admission-wh
- containerPort: 9503
name: recov-backend
readinessProbe:
tcpSocket:
port: 9500
httpGet:
path: /v1/healthz
port: 9501
scheme: HTTPS
volumeMounts:
- name: dev
mountPath: /host/dev/

83
chart/templates/deployment-recovery-backend.yaml
View File

@ -1,83 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels: {{- include "longhorn.labels" . | nindent 4 }}
app: longhorn-recovery-backend
name: longhorn-recovery-backend
namespace: {{ include "release_namespace" . }}
spec:
replicas: {{ .Values.longhornRecoveryBackend.replicas }}
selector:
matchLabels:
app: longhorn-recovery-backend
template:
metadata:
labels: {{- include "longhorn.labels" . | nindent 8 }}
app: longhorn-recovery-backend
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- longhorn-recovery-backend
topologyKey: kubernetes.io/hostname
containers:
- name: longhorn-recovery-backend
image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: 2000
command:
- longhorn-manager
- recovery-backend
- --service-account
- longhorn-service-account
ports:
- containerPort: 9600
name: recov-backend
readinessProbe:
tcpSocket:
port: 9600
initialDelaySeconds: 3
periodSeconds: 5
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- if .Values.privateRegistry.registrySecret }}
imagePullSecrets:
- name: {{ .Values.privateRegistry.registrySecret }}
{{- end }}
{{- if .Values.longhornRecoveryBackend.priorityClass }}
priorityClassName: {{ .Values.longhornRecoveryBackend.priorityClass | quote }}
{{- end }}
{{- if or .Values.longhornRecoveryBackend.tolerations .Values.global.cattle.windowsCluster.enabled }}
tolerations:
{{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
{{- end }}
{{- if .Values.longhornRecoveryBackend.tolerations }}
{{ toYaml .Values.longhornRecoveryBackend.tolerations | indent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.longhornRecoveryBackend.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
nodeSelector:
{{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.longhornRecoveryBackend.nodeSelector }}
{{ toYaml .Values.longhornRecoveryBackend.nodeSelector | indent 8 }}
{{- end }}
{{- end }}
serviceAccountName: longhorn-service-account

166
chart/templates/deployment-webhook.yaml
View File

@ -1,166 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels: {{- include "longhorn.labels" . | nindent 4 }}
app: longhorn-conversion-webhook
name: longhorn-conversion-webhook
namespace: {{ include "release_namespace" . }}
spec:
replicas: {{ .Values.longhornConversionWebhook.replicas }}
selector:
matchLabels:
app: longhorn-conversion-webhook
template:
metadata:
labels: {{- include "longhorn.labels" . | nindent 8 }}
app: longhorn-conversion-webhook
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- longhorn-conversion-webhook
topologyKey: kubernetes.io/hostname
containers:
- name: longhorn-conversion-webhook
image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: 2000
command:
- longhorn-manager
- conversion-webhook
- --service-account
- longhorn-service-account
ports:
- containerPort: 9443
name: conversion-wh
readinessProbe:
tcpSocket:
port: 9443
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.privateRegistry.registrySecret }}
imagePullSecrets:
- name: {{ .Values.privateRegistry.registrySecret }}
{{- end }}
{{- if .Values.longhornConversionWebhook.priorityClass }}
priorityClassName: {{ .Values.longhornConversionWebhook.priorityClass | quote }}
{{- end }}
{{- if or .Values.longhornConversionWebhook.tolerations .Values.global.cattle.windowsCluster.enabled }}
tolerations:
{{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
{{- end }}
{{- if .Values.longhornConversionWebhook.tolerations }}
{{ toYaml .Values.longhornConversionWebhook.tolerations | indent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.longhornConversionWebhook.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
nodeSelector:
{{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.longhornConversionWebhook.nodeSelector }}
{{ toYaml .Values.longhornConversionWebhook.nodeSelector | indent 8 }}
{{- end }}
{{- end }}
serviceAccountName: longhorn-service-account
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels: {{- include "longhorn.labels" . | nindent 4 }}
app: longhorn-admission-webhook
name: longhorn-admission-webhook
namespace: {{ include "release_namespace" . }}
spec:
replicas: {{ .Values.longhornAdmissionWebhook.replicas }}
selector:
matchLabels:
app: longhorn-admission-webhook
template:
metadata:
labels: {{- include "longhorn.labels" . | nindent 8 }}
app: longhorn-admission-webhook
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- longhorn-admission-webhook
topologyKey: kubernetes.io/hostname
initContainers:
- name: wait-longhorn-conversion-webhook
image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-conversion-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done']
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: 2000
containers:
- name: longhorn-admission-webhook
image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: 2000
command:
- longhorn-manager
- admission-webhook
- --service-account
- longhorn-service-account
ports:
- containerPort: 9443
name: admission-wh
readinessProbe:
tcpSocket:
port: 9443
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- if .Values.privateRegistry.registrySecret }}
imagePullSecrets:
- name: {{ .Values.privateRegistry.registrySecret }}
{{- end }}
{{- if .Values.longhornAdmissionWebhook.priorityClass }}
priorityClassName: {{ .Values.longhornAdmissionWebhook.priorityClass | quote }}
{{- end }}
{{- if or .Values.longhornAdmissionWebhook.tolerations .Values.global.cattle.windowsCluster.enabled }}
tolerations:
{{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
{{- end }}
{{- if .Values.longhornAdmissionWebhook.tolerations }}
{{ toYaml .Values.longhornAdmissionWebhook.tolerations | indent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.longhornAdmissionWebhook.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
nodeSelector:
{{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.longhornAdmissionWebhook.nodeSelector }}
{{ toYaml .Values.longhornAdmissionWebhook.nodeSelector | indent 8 }}
{{- end }}
{{- end }}
serviceAccountName: longhorn-service-account

12
chart/templates/services.yaml
View File

@ -9,10 +9,10 @@ spec:
type: ClusterIP
sessionAffinity: ClientIP
selector:
app: longhorn-conversion-webhook
app: longhorn-manager
ports:
- name: conversion-webhook
port: 9443
port: 9501
targetPort: conversion-wh
---
apiVersion: v1
@ -26,10 +26,10 @@ spec:
type: ClusterIP
sessionAffinity: ClientIP
selector:
app: longhorn-admission-webhook
app: longhorn-manager
ports:
- name: admission-webhook
port: 9443
port: 9502
targetPort: admission-wh
---
apiVersion: v1
@ -43,10 +43,10 @@ spec:
type: ClusterIP
sessionAffinity: ClientIP
selector:
app: longhorn-recovery-backend
app: longhorn-manager
ports:
- name: recovery-backend
port: 9600
port: 9503
targetPort: recov-backend
---
apiVersion: v1

235
deploy/longhorn.yaml
View File

@ -447,7 +447,7 @@ spec:
name: longhorn-conversion-webhook
namespace: longhorn-system
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1
@ -818,7 +818,7 @@ spec:
name: longhorn-conversion-webhook
namespace: longhorn-system
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1
@ -1166,7 +1166,7 @@ spec:
name: longhorn-conversion-webhook
namespace: longhorn-system
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1
@ -1877,7 +1877,7 @@ spec:
name: longhorn-conversion-webhook
namespace: longhorn-system
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1
@ -3284,7 +3284,7 @@ spec:
name: longhorn-conversion-webhook
namespace: longhorn-system
path: /v1/webhook/conversion
port: 9443
port: 9501
conversionReviewVersions:
- v1beta2
- v1beta1
@ -3783,10 +3783,10 @@ spec:
type: ClusterIP
sessionAffinity: ClientIP
selector:
app: longhorn-conversion-webhook
app: longhorn-manager
ports:
- name: conversion-webhook
port: 9443
port: 9501
targetPort: conversion-wh
---
# Source: longhorn/templates/services.yaml
@ -3804,10 +3804,10 @@ spec:
type: ClusterIP
sessionAffinity: ClientIP
selector:
app: longhorn-admission-webhook
app: longhorn-manager
ports:
- name: admission-webhook
port: 9443
port: 9502
targetPort: admission-wh
---
# Source: longhorn/templates/services.yaml
@ -3825,10 +3825,10 @@ spec:
type: ClusterIP
sessionAffinity: ClientIP
selector:
app: longhorn-recovery-backend
app: longhorn-manager
ports:
- name: recovery-backend
port: 9600
port: 9503
targetPort: recov-backend
---
# Source: longhorn/templates/services.yaml
@ -3886,10 +3886,6 @@ spec:
app.kubernetes.io/version: v1.4.0-dev
app: longhorn-manager
spec:
initContainers:
- name: wait-longhorn-admission-webhook
image: longhornio/longhorn-manager:master-head
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-admission-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done']
containers:
- name: longhorn-manager
image: longhornio/longhorn-manager:master-head
@ -3917,9 +3913,17 @@ spec:
ports:
- containerPort: 9500
name: manager
- containerPort: 9501
name: conversion-wh
- containerPort: 9502
name: admission-wh
- containerPort: 9503
name: recov-backend
readinessProbe:
tcpSocket:
port: 9500
httpGet:
path: /v1/healthz
port: 9501
scheme: HTTPS
volumeMounts:
- name: dev
mountPath: /host/dev/
@ -4030,72 +4034,6 @@ spec:
securityContext:
runAsUser: 0
---
# Source: longhorn/templates/deployment-recovery-backend.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: longhorn
app.kubernetes.io/instance: longhorn
app.kubernetes.io/version: v1.4.0-dev
app: longhorn-recovery-backend
name: longhorn-recovery-backend
namespace: longhorn-system
spec:
replicas: 2
selector:
matchLabels:
app: longhorn-recovery-backend
template:
metadata:
labels:
app.kubernetes.io/name: longhorn
app.kubernetes.io/instance: longhorn
app.kubernetes.io/version: v1.4.0-dev
app: longhorn-recovery-backend
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- longhorn-recovery-backend
topologyKey: kubernetes.io/hostname
containers:
- name: longhorn-recovery-backend
image: longhornio/longhorn-manager:master-head
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 2000
command:
- longhorn-manager
- recovery-backend
- --service-account
- longhorn-service-account
ports:
- containerPort: 9600
name: recov-backend
readinessProbe:
tcpSocket:
port: 9600
initialDelaySeconds: 3
periodSeconds: 5
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
serviceAccountName: longhorn-service-account
---
# Source: longhorn/templates/deployment-ui.yaml
apiVersion: apps/v1
kind: Deployment
@ -4159,136 +4097,5 @@ spec:
- emptyDir: {}
name: var-run
---
# Source: longhorn/templates/deployment-webhook.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: longhorn
app.kubernetes.io/instance: longhorn
app.kubernetes.io/version: v1.4.0-dev
app: longhorn-conversion-webhook
name: longhorn-conversion-webhook
namespace: longhorn-system
spec:
replicas: 2
selector:
matchLabels:
app: longhorn-conversion-webhook
template:
metadata:
labels:
app.kubernetes.io/name: longhorn
app.kubernetes.io/instance: longhorn
app.kubernetes.io/version: v1.4.0-dev
app: longhorn-conversion-webhook
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- longhorn-conversion-webhook
topologyKey: kubernetes.io/hostname
containers:
- name: longhorn-conversion-webhook
image: longhornio/longhorn-manager:master-head
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 2000
command:
- longhorn-manager
- conversion-webhook
- --service-account
- longhorn-service-account
ports:
- containerPort: 9443
name: conversion-wh
readinessProbe:
tcpSocket:
port: 9443
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
serviceAccountName: longhorn-service-account
---
# Source: longhorn/templates/deployment-webhook.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: longhorn
app.kubernetes.io/instance: longhorn
app.kubernetes.io/version: v1.4.0-dev
app: longhorn-admission-webhook
name: longhorn-admission-webhook
namespace: longhorn-system
spec:
replicas: 2
selector:
matchLabels:
app: longhorn-admission-webhook
template:
metadata:
labels:
app.kubernetes.io/name: longhorn
app.kubernetes.io/instance: longhorn
app.kubernetes.io/version: v1.4.0-dev
app: longhorn-admission-webhook
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- longhorn-admission-webhook
topologyKey: kubernetes.io/hostname
initContainers:
- name: wait-longhorn-conversion-webhook
image: longhornio/longhorn-manager:master-head
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-conversion-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done']
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 2000
containers:
- name: longhorn-admission-webhook
image: longhornio/longhorn-manager:master-head
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 2000
command:
- longhorn-manager
- admission-webhook
- --service-account
- longhorn-service-account
ports:
- containerPort: 9443
name: admission-wh
readinessProbe:
tcpSocket:
port: 9443
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
serviceAccountName: longhorn-service-account
---
# Source: longhorn/templates/validate-psp-install.yaml
#

4
examples/network-policy/recovery-backend-network-policy.yaml
View File

@ -6,11 +6,11 @@ metadata:
spec:
podSelector:
matchLabels:
app: longhorn-recovery-backend
app: longhorn-manager
policyTypes:
- Ingress
ingress:
- ports:
- protocol: TCP
port: 9600
port: 9503

8
examples/network-policy/webhook-network-policy.yaml
View File

@ -6,13 +6,13 @@ metadata:
spec:
podSelector:
matchLabels:
app: longhorn-conversion-webhook
app: longhorn-manager
policyTypes:
- Ingress
ingress:
- ports:
- protocol: TCP
port: 9443
port: 9501
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
@ -22,10 +22,10 @@ metadata:
spec:
podSelector:
matchLabels:
app: longhorn-admission-webhook
app: longhorn-manager
policyTypes:
- Ingress
ingress:
- ports:
- protocol: TCP
port: 9443
port: 9502