From 885487253d50c20a559d66dde39e73165bbab868 Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@rancher.com>
Date: Tue, 11 Aug 2020 22:00:50 -0700
Subject: [PATCH] Sync up with manager

commit 9744665adfca40c21b7f4ed26e5b70feb7cdafdb
Author: Sheng Yang <sheng.yang@rancher.com>
Date:   Tue Aug 11 21:31:15 2020 -0700

    Longhorn v1.0.2-rc1 release

    Signed-off-by: Sheng Yang <sheng.yang@rancher.com>

Signed-off-by: Sheng Yang <sheng.yang@rancher.com>
---
 deploy/longhorn-images.txt |  6 +--
 deploy/longhorn.yaml       | 76 ++++++++++++++++++++++++++++++++++----
 deploy/release-images.txt  |  6 +--
 uninstall/uninstall.yaml   |  2 +-
 4 files changed, 76 insertions(+), 14 deletions(-)

diff --git a/deploy/longhorn-images.txt b/deploy/longhorn-images.txt
index 3ad6943..0c88e5b 100644
--- a/deploy/longhorn-images.txt
+++ b/deploy/longhorn-images.txt
@@ -1,7 +1,7 @@
-longhornio/longhorn-engine:v1.0.1
+longhornio/longhorn-engine:v1.0.x
 longhornio/longhorn-instance-manager:v1_20200514
-longhornio/longhorn-manager:v1.0.1
-longhornio/longhorn-ui:v1.0.1
+longhornio/longhorn-manager:v1.0.x
+longhornio/longhorn-ui:v1.0.x
 longhornio/csi-attacher:v2.0.0
 longhornio/csi-node-driver-registrar:v1.2.0
 longhornio/csi-provisioner:v1.4.0
diff --git a/deploy/longhorn.yaml b/deploy/longhorn.yaml
index f780921..6610957 100644
--- a/deploy/longhorn.yaml
+++ b/deploy/longhorn.yaml
@@ -228,6 +228,68 @@ data:
     volume-attachment-recovery-policy:
     mkfs-ext4-parameters:
 ---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: longhorn-psp
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  requiredDropCapabilities:
+    - NET_RAW
+  allowedCapabilities:
+    - SYS_ADMIN
+  hostNetwork: false
+  hostIPC: false
+  hostPID: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+    - configMap
+    - downwardAPI
+    - emptyDir
+    - secret
+    - projected
+    - hostPath
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: longhorn-psp-role
+  namespace: longhorn-system
+rules:
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+    resourceNames:
+      - longhorn-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: longhorn-psp-binding
+  namespace: longhorn-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: longhorn-psp-role
+subjects:
+  - kind: ServiceAccount
+    name: longhorn-service-account
+    namespace: longhorn-system
+  - kind: ServiceAccount
+    name: default
+    namespace: longhorn-system
+---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -246,7 +308,7 @@ spec:
     spec:
       containers:
       - name: longhorn-manager
-        image: longhornio/longhorn-manager:v1.0.1
+        image: longhornio/longhorn-manager:v1.0.x
         imagePullPolicy: IfNotPresent
         securityContext:
           privileged: true
@@ -255,11 +317,11 @@ spec:
         - -d
         - daemon
         - --engine-image
-        - longhornio/longhorn-engine:v1.0.1
+        - longhornio/longhorn-engine:v1.0.x
         - --instance-manager-image
         - longhornio/longhorn-instance-manager:v1_20200514
         - --manager-image
-        - longhornio/longhorn-manager:v1.0.1
+        - longhornio/longhorn-manager:v1.0.x
         - --service-account
         - longhorn-service-account
         ports:
@@ -355,7 +417,7 @@ spec:
     spec:
       containers:
       - name: longhorn-ui
-        image: longhornio/longhorn-ui:v1.0.1
+        image: longhornio/longhorn-ui:v1.0.x
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 0
@@ -402,18 +464,18 @@ spec:
     spec:
       initContainers:
         - name: wait-longhorn-manager
-          image: longhornio/longhorn-manager:v1.0.1
+          image: longhornio/longhorn-manager:v1.0.x
           command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
       containers:
         - name: longhorn-driver-deployer
-          image: longhornio/longhorn-manager:v1.0.1
+          image: longhornio/longhorn-manager:v1.0.x
           imagePullPolicy: IfNotPresent
           command:
           - longhorn-manager
           - -d
           - deploy-driver
           - --manager-image
-          - longhornio/longhorn-manager:v1.0.1
+          - longhornio/longhorn-manager:v1.0.x
           - --manager-url
           - http://longhorn-backend:9500/v1
           env:
diff --git a/deploy/release-images.txt b/deploy/release-images.txt
index 03bd6e9..342dc14 100644
--- a/deploy/release-images.txt
+++ b/deploy/release-images.txt
@@ -1,7 +1,7 @@
-longhornio/longhorn-engine:v1.0.1
+longhornio/longhorn-engine:v1.0.x
 longhornio/longhorn-instance-manager:v1_20200514
-longhornio/longhorn-manager:v1.0.1
-longhornio/longhorn-ui:v1.0.1
+longhornio/longhorn-manager:v1.0.x
+longhornio/longhorn-ui:v1.0.x
 quay.io/k8scsi/csi-attacher:v2.0.0
 quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
 quay.io/k8scsi/csi-provisioner:v1.4.0
diff --git a/uninstall/uninstall.yaml b/uninstall/uninstall.yaml
index 48fde05..3c2dd42 100644
--- a/uninstall/uninstall.yaml
+++ b/uninstall/uninstall.yaml
@@ -61,7 +61,7 @@ spec:
     spec:
       containers:
       - name: longhorn-uninstall
-        image: longhornio/longhorn-manager:v1.0.1
+        image: longhornio/longhorn-manager:v1.0.x
         imagePullPolicy: Always
         command:
         - longhorn-manager