ivampiresp/longhorn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add back RWX examples

Browse Source 
It should be added to longhorn/manager instead. Will be fixed by the
next RC.

Signed-off-by: Sheng Yang <sheng.yang@rancher.com>
This commit is contained in:
Sheng Yang 2020-07-10 17:46:34 -07:00 committed by Sheng Yang
parent 1b20b1b0fe
commit f67834598e
3 changed files with 320 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
examples/rwx/01-security.yaml Normal file
View File

@ -0,0 +1,85 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: longhorn-nfs-provisioner
spec:
fsGroup:
rule: RunAsAny
allowedCapabilities:
- DAC_READ_SEARCH
- SYS_RESOURCE
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- secret
- hostPath
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: longhorn-nfs-provisioner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get"]
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
resourceNames: ["nfs-provisioner"]
verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: longhorn-nfs-provisioner
subjects:
- kind: ServiceAccount
name: longhorn-nfs-provisioner
namespace: longhorn-system
roleRef:
kind: ClusterRole
name: longhorn-nfs-provisioner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-longhorn-nfs-provisioner
namespace: longhorn-system
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-longhorn-nfs-provisioner
namespace: longhorn-system
subjects:
- kind: ServiceAccount
name: longhorn-nfs-provisioner
namespace: longhorn-system
roleRef:
kind: Role
name: leader-locking-longhorn-nfs-provisioner
apiGroup: rbac.authorization.k8s.io

178
examples/rwx/02-longhorn-nfs-provisioner.yaml Normal file
View File

@ -0,0 +1,178 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: longhorn-nfs-provisioner
namespace: longhorn-system
---
kind: Service
apiVersion: v1
metadata:
name: longhorn-nfs-provisioner
namespace: longhorn-system
labels:
app: longhorn-nfs-provisioner
spec:
# hardcode a cluster ip for the service
# so that on delete & recreate of the service the previous pv's still point
# to this nfs-provisioner, pick a new ip for each new nfs provisioner
clusterIP: 10.43.111.111
ports:
- name: nfs
port: 2049
- name: nfs-udp
port: 2049
protocol: UDP
- name: nlockmgr
port: 32803
- name: nlockmgr-udp
port: 32803
protocol: UDP
- name: mountd
port: 20048
- name: mountd-udp
port: 20048
protocol: UDP
- name: rquotad
port: 875
- name: rquotad-udp
port: 875
protocol: UDP
- name: rpcbind
port: 111
- name: rpcbind-udp
port: 111
protocol: UDP
- name: statd
port: 662
- name: statd-udp
port: 662
protocol: UDP
selector:
app: longhorn-nfs-provisioner
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: longhorn-nfs-provisioner
namespace: longhorn-system
spec:
selector:
matchLabels:
app: longhorn-nfs-provisioner
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: longhorn-nfs-provisioner
spec:
serviceAccount: longhorn-nfs-provisioner
containers:
- name: longhorn-nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:latest
ports:
- name: nfs
containerPort: 2049
- name: nfs-udp
containerPort: 2049
protocol: UDP
- name: nlockmgr
containerPort: 32803
- name: nlockmgr-udp
containerPort: 32803
protocol: UDP
- name: mountd
containerPort: 20048
- name: mountd-udp
containerPort: 20048
protocol: UDP
- name: rquotad
containerPort: 875
- name: rquotad-udp
containerPort: 875
protocol: UDP
- name: rpcbind
containerPort: 111
- name: rpcbind-udp
containerPort: 111
protocol: UDP
- name: statd
containerPort: 662
- name: statd-udp
containerPort: 662
protocol: UDP
securityContext:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
args:
- "-provisioner=nfs.longhorn.io"
- "-device-based-fsids=false"
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICE_NAME
value: longhorn-nfs-provisioner
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
imagePullPolicy: "IfNotPresent"
readinessProbe:
exec:
command:
- ls
- /export
initialDelaySeconds: 5
periodSeconds: 5
livenessProbe:
exec:
command:
- ls
- /export
initialDelaySeconds: 5
periodSeconds: 5
volumeMounts:
- name: export-volume
mountPath: /export
volumes:
- name: export-volume
persistentVolumeClaim:
claimName: longhorn-nfs-provisioner
# we want really quick failover
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 60
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 60
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: longhorn-nfs-provisioner # longhorn backing pvc
namespace: longhorn-system
spec:
storageClassName: longhorn
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "20G" # make this 10% bigger then the workload pvc
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: longhorn-nfs # workload storage class
provisioner: nfs.longhorn.io
mountOptions:
- "vers=4.1"
- "noresvport"

57
examples/rwx/03-rwx-test.yaml Normal file
View File

@ -0,0 +1,57 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-test
spec:
accessModes:
- ReadWriteMany
storageClassName: longhorn-nfs
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-test
labels:
app: nfs-test
spec:
replicas: 4
selector:
matchLabels:
app: nfs-test
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-test
spec:
containers:
- image: ubuntu:xenial
imagePullPolicy: Always
command: ["/bin/sh", "-c"]
args:
- sleep 30; touch /mnt/nfs-test/test.log; while true; do date >> /mnt/nfs-test/test.log; sleep 1; done;
name: nfs-test
stdin: true
tty: true
livenessProbe:
exec:
command:
- timeout
- "10"
- ls
- /mnt/nfs-test
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 10
volumeMounts:
- mountPath: /mnt/nfs-test
name: nfs-test
restartPolicy: Always
volumes:
- name: nfs-test
persistentVolumeClaim:
claimName: nfs-test