ivampiresp/longhorn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync uninstallation manifest from longhorn/longhorn-manager repo

Browse Source 
Longhorn-4239

Signed-off-by: Phan Le <phan.le@suse.com>
This commit is contained in:
Phan Le 2022-10-10 22:21:30 -07:00 committed by David Ko
parent 6172382d1b
commit 89270bf0fa
1 changed files with 49 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
uninstall/uninstall.yaml
View File

@ -1,38 +1,38 @@
apiVersion: policy/v1beta1 #apiVersion: policy/v1beta1
kind: PodSecurityPolicy #kind: PodSecurityPolicy
metadata: #metadata:
name: longhorn-uninstall-psp # name: longhorn-uninstall-psp
spec: #spec:
privileged: true # privileged: true
allowPrivilegeEscalation: true # allowPrivilegeEscalation: true
requiredDropCapabilities: # requiredDropCapabilities:
- NET_RAW # - NET_RAW
allowedCapabilities: # allowedCapabilities:
- SYS_ADMIN # - SYS_ADMIN
hostNetwork: false # hostNetwork: false
hostIPC: false # hostIPC: false
hostPID: true # hostPID: true
runAsUser: # runAsUser:
rule: RunAsAny # rule: RunAsAny
seLinux: # seLinux:
rule: RunAsAny # rule: RunAsAny
fsGroup: # fsGroup:
rule: RunAsAny # rule: RunAsAny
supplementalGroups: # supplementalGroups:
rule: RunAsAny # rule: RunAsAny
volumes: # volumes:
- configMap # - configMap
- downwardAPI # - downwardAPI
- emptyDir # - emptyDir
- secret # - secret
- projected # - projected
- hostPath # - hostPath
--- #---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: longhorn-uninstall-service-account name: longhorn-uninstall-service-account
namespace: default namespace: longhorn-system
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
@ -71,10 +71,10 @@ rules:
- apiGroups: ["coordination.k8s.io"] - apiGroups: ["coordination.k8s.io"]
resources: ["leases"] resources: ["leases"]
verbs: ["*"] verbs: ["*"]
- apiGroups: ["policy"] # - apiGroups: ["policy"]
resources: ["podsecuritypolicies"] # resources: ["podsecuritypolicies"]
verbs: ["use"] # verbs: ["use"]
resourceNames: ["longhorn-uninstall-psp"] # resourceNames: ["longhorn-uninstall-psp"]
- apiGroups: ["admissionregistration.k8s.io"] - apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
verbs: ["get", "delete"] verbs: ["get", "delete"]
@ -90,13 +90,13 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: longhorn-uninstall-service-account name: longhorn-uninstall-service-account
namespace: default namespace: longhorn-system
--- ---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: longhorn-uninstall name: longhorn-uninstall
namespace: default namespace: longhorn-system
spec: spec:
activeDeadlineSeconds: 900 activeDeadlineSeconds: 900
backoffLimit: 1 backoffLimit: 1
@ -105,18 +105,18 @@ spec:
name: longhorn-uninstall name: longhorn-uninstall
spec: spec:
containers: containers:
- name: longhorn-uninstall - name: longhorn-uninstall
image: longhornio/longhorn-manager:master-head image: longhornio/longhorn-manager:master-head
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
privileged: true privileged: true
command: command:
- longhorn-manager - longhorn-manager
- uninstall - uninstall
- --force - --force
env: env:
- name: LONGHORN_NAMESPACE - name: LONGHORN_NAMESPACE
value: longhorn-system value: longhorn-system
restartPolicy: OnFailure restartPolicy: OnFailure
serviceAccountName: longhorn-uninstall-service-account serviceAccountName: longhorn-uninstall-service-account
# imagePullSecrets: # imagePullSecrets: