From bc3e836dac0c7f38f78ff489d976d303967bda5b Mon Sep 17 00:00:00 2001 From: julien Date: Tue, 14 Apr 2026 18:47:44 +0200 Subject: [PATCH] "Updates" --- .../headlamp-ingress.yaml | 1 - kubeconfig | 6 +- auth => longhorn/auth | 0 .../check-longhorn.sh | 0 longhorn/deployment.yaml | 806 ++++++++++++++++++ .../longhorn-ingress.yaml | 22 - longhorn/longhorn-middleware.yaml | 10 + longhorn/longhorn-secret.yaml | 9 + .../metallb-config.yaml | 2 +- .../PVC-traefik-certs.yml | 0 .../traefik-ingress.yaml | 22 - traefik/traefik-middleware.yaml | 10 + traefik/traefik-secret.yaml | 9 + 13 files changed, 848 insertions(+), 49 deletions(-) rename headlamp-ingress.yml => headlamp/headlamp-ingress.yaml (89%) rename auth => longhorn/auth (100%) rename check-longhorn.sh => longhorn/check-longhorn.sh (100%) create mode 100644 longhorn/deployment.yaml rename longhorn-ingress.yml => longhorn/longhorn-ingress.yaml (51%) create mode 100644 longhorn/longhorn-middleware.yaml create mode 100644 longhorn/longhorn-secret.yaml rename metallb-config.yml => metallb/metallb-config.yaml (90%) rename PVC-traefik-certs.yml => traefik/PVC-traefik-certs.yml (100%) rename traefik-ingress.yml => traefik/traefik-ingress.yaml (51%) create mode 100644 traefik/traefik-middleware.yaml create mode 100644 traefik/traefik-secret.yaml diff --git a/headlamp-ingress.yml b/headlamp/headlamp-ingress.yaml similarity index 89% rename from headlamp-ingress.yml rename to headlamp/headlamp-ingress.yaml index 8b6ae54..f061c98 100644 --- a/headlamp-ingress.yml +++ b/headlamp/headlamp-ingress.yaml @@ -16,4 +16,3 @@ spec: name: headlamp port: number: 8080 - loadBalancerIP: 192.168.1.22 diff --git a/kubeconfig b/kubeconfig index f073566..8620908 100644 --- a/kubeconfig +++ b/kubeconfig @@ -1,7 +1,7 @@ apiVersion: v1 clusters: - cluster: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTnpFek16a3pNakV3SGhjTk1qWXdNakUzTVRRME1qQXhXaGNOTXpZd01qRTFNVFEwTWpBeApXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTnpFek16a3pNakV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTQm5mcUdBa0pRaS9pSnNwRFc3YjRseUtYQWtGUk9kZGt0cndGMzhTVm4KN2NtOFZRNjltd1lTVXUxYzBRMDd0SUZ2M3VXSlg4cE9wY2Z1MUZaUTZJL1FvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVW5yZTZ1NnkyQ1VpcUZZVGNRWGYvCjBVZ0MyL2N3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQU9NaTh0TGg3NythL25aK1BkWnhGZ3RoT1lOQnFBcUIKUXU4NVllaTAvRWo2QWlFQXV6TGh1cWNqdW1tbFRnb1pMRFhOc3RmSWlhdllobWdxNHpOU1l6SnM5Skk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTnpZeE9ERTFPRGt3SGhjTk1qWXdOREUwTVRRME5qSTVXaGNOTXpZd05ERXhNVFEwTmpJNQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTnpZeE9ERTFPRGt3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTSzBJZUJKd1A3MG04Mmt1TmhRVGlvS1hKMDVBWEs0ck94NWJUTHdFU2gKUUdBQ08rak0vNjI3eG82UXlaanVkZXR6NGR5aTJwSUV0RWp5L2hxRWpYQ0ZvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTNadEF1RkxsK2dIZUROZGIyaUlzCmJMZC9Wc0V3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnVFpsdGxXY3VoektiTGc5a0NCNWhDTFZjeWxRUEIycXIKSzJKekFod2RjSHNDSVFDQ1B3VDBZa3YyL2UybHBvRnhZTysyM2NlbHJNZ1V4N2FIZUlDaHhsZEpoZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://192.168.1.14:6443 name: default contexts: @@ -14,5 +14,5 @@ kind: Config users: - name: default user: - client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJS3lPbkxmWlhsRUl3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOemN4TXpNNU16SXhNQjRYRFRJMk1ESXhOekUwTkRJd01Wb1hEVEkzTURJeApOekUwTkRJd01Wb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJFQVZkbFoxeHJqZVRTc3gKbVQ5L1BRK2t2enJvWUlSa3lqWHEvcnpuUmt2MXlPUVRGWDFkWEFiQ3pvRm5SRGFFczYxdzY1QmxFMklHWWZHZwpTNmErQS9PalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUk9ReXBOKzNPRzFjMUIvRm44TEphVWYyMlNXVEFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQWpEU3MyL0Y0dkZ3NVJ1cHlTZ0ZmWlVvcWJ0TVQ4MFVrNlZFRkdJcmF5MndDSUVUVXVLSGd4cFdVVmhXaQpMa1F4Yk4zMFNyZ3BpeFV6amlRdU1KaXdzME1mCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTnpFek16a3pNakV3SGhjTk1qWXdNakUzTVRRME1qQXhXaGNOTXpZd01qRTFNVFEwTWpBeApXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTnpFek16a3pNakV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFSTjZ4S0VIZkdTQVpjR3Q4aVB4ci9LUEJCUUJiTTZES3JhN29NUGM2UG0KVnJKZnVwTzJwUkhIZTZrSnhlYlp4TTlpbnBKOFBqaURrT1BzT3IxMEVkcEtvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVVRrTXFUZnR6aHRYTlFmeFovQ3lXCmxIOXRrbGt3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUs1Q1NVUVlqT0w4Q21ySGtxVityU1RRTVZHN3I5UHoKb0YyNUdzaXNKMElDQWlBeko2WlZPNU1QRmFHV0VCMW5Lb2k3VGdBWWhMS25ncUVDV2tCcDJoSlRlUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlDNWtpMEdNbTZWeGg0U3VKVTRQWnZlY0JaaGNpcURPNllRTHc5S3B3SjNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFUUJWMlZuWEd1TjVOS3pHWlAzODlENlMvT3VoZ2hHVEtOZXIrdk9kR1MvWEk1Qk1WZlYxYwpCc0xPZ1dkRU5vU3pyWERya0dVVFlnWmg4YUJMcHI0RDh3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJR0Raa2dtc1VHN1l3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOemMyTVRneE5UZzVNQjRYRFRJMk1EUXhOREUwTkRZeU9Wb1hEVEkzTURReApOREUwTkRZeU9Wb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJDZXBpcjA0YW5hYTR3S2cKZzlRZkljZUlDM3BQVXVvWGx2V0Y2YTVDUjFNeko4RmFFNitBakpxcURWaFIxUmdUYlFtdG9ka2FYZGE4TjNVRgphSDVCc01talNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUjloVm8zREVrVDVWV0V6Mlg1akNJSE9sNGtBVEFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQWlmOVRadXJyTlRPWHRUbzBiVE0zeDhnSkFTSzRKMjVWMVpHS0lTOXlkbllDSUdIRFNXN3NWc3dqWjFTRApEcU5DYUN0K2R3UEQyaDJna0dobU96M1U2MTAwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTnpZeE9ERTFPRGt3SGhjTk1qWXdOREUwTVRRME5qSTVXaGNOTXpZd05ERXhNVFEwTmpJNQpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTnpZeE9ERTFPRGt3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFSRVpRZjdjQy9qTDRtdzJBREs4V2lXUVBob2Z2TStoNDVRY2t3eXc2L3oKbXZyN0dSdWZ4c3h1Z2xIT1VtdDhaZitEckVxenkrSWVKVWd1NUxmalRjZXlvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWZZVmFOd3hKRStWVmhNOWwrWXdpCkJ6cGVKQUV3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUlYSUJFMml2TlNqUEZ2RFNJek1xUnhwM29kNUo3TUYKa0s0Y1lhSFZIa0hMQWlFQWtqeTRHcWJ5MlVvdzlycjdIdE9CVHNiM1o3cHVGdGdUZmNjY1UvZTRyNTQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUhIb0h0Njhkcm9WOW9RYkpmczB1b1BpK0ltK2FJYmVhbVFKV0FNYk1ub0JvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSjZtS3ZUaHFkcHJqQXFDRDFCOGh4NGdMZWs5UzZoZVc5WVhwcmtKSFV6TW53Vm9UcjRDTQptcW9OV0ZIVkdCTnRDYTJoMlJwZDFydzNkUVZvZmtHd3lRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= diff --git a/auth b/longhorn/auth similarity index 100% rename from auth rename to longhorn/auth diff --git a/check-longhorn.sh b/longhorn/check-longhorn.sh similarity index 100% rename from check-longhorn.sh rename to longhorn/check-longhorn.sh diff --git a/longhorn/deployment.yaml b/longhorn/deployment.yaml new file mode 100644 index 0000000..4dd43bc --- /dev/null +++ b/longhorn/deployment.yaml @@ -0,0 +1,806 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: longhorn-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: longhorn-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: longhorn-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the engine + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the engine is on + jsonPath: .spec.nodeID + - name: InstanceManager + type: string + description: The instance manager of the engine + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the engine + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the replica + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the replica is on + jsonPath: .spec.nodeID + - name: Disk + type: string + description: The disk that the replica is on + jsonPath: .spec.diskID + - name: InstanceManager + type: string + description: The instance manager of the replica + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the replica + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Value + type: string + description: The value of the setting + jsonPath: .value + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the volume + jsonPath: .status.state + - name: Robustness + type: string + description: The robustness of the volume + jsonPath: .status.robustness + - name: Scheduled + type: string + description: The scheduled condition of the volume + jsonPath: .status.conditions['scheduled']['status'] + - name: Size + type: string + description: The size of the volume + jsonPath: .spec.size + - name: Node + type: string + description: The node that the volume is currently attaching to + jsonPath: .status.currentNodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: State of the engine image + jsonPath: .status.state + - name: Image + type: string + description: The Longhorn engine image + jsonPath: .spec.image + - name: RefCount + type: integer + description: Number of volumes are using the engine image + jsonPath: .status.refCount + - name: BuildDate + type: date + description: The build date of the engine image + jsonPath: .status.buildDate + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + description: Indicate whether the node is ready + jsonPath: .status.conditions['Ready']['status'] + - name: AllowScheduling + type: boolean + description: Indicate whether the user disabled/enabled replica scheduling for the node + jsonPath: .spec.allowScheduling + - name: Schedulable + type: string + description: Indicate whether Longhorn can schedule replicas on the node + jsonPath: .status.conditions['Schedulable']['status'] + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the instance manager + jsonPath: .status.currentState + - name: Type + type: string + description: The type of the instance manager (engine or replica) + jsonPath: .spec.type + - name: Node + type: string + description: The node that the instance manager is running on + jsonPath: .spec.nodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: ShareManager + name: sharemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: ShareManager + listKind: ShareManagerList + plural: sharemanagers + shortNames: + - lhsm + singular: sharemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the share manager + jsonPath: .status.state + - name: Node + type: string + description: The node that the share manager is owned by + jsonPath: .status.ownerID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: longhorn-system +data: + default-setting.yaml: |- + backup-target: + backup-target-credential-secret: + allow-recurring-job-while-volume-detached: + create-default-disk-labeled-nodes: true + default-data-path: /mnt/ssd + replica-soft-anti-affinity: + storage-over-provisioning-percentage: + storage-minimal-available-percentage: + upgrade-checker: + default-replica-count: + default-data-locality: + guaranteed-engine-cpu: + default-longhorn-static-storage-class: + backupstore-poll-interval: + taint-toleration: + priority-class: + auto-salvage: + auto-delete-pod-when-volume-detached-unexpectedly: + disable-scheduling-on-cordoned-node: + replica-zone-soft-anti-affinity: + volume-attachment-recovery-policy: + node-down-pod-deletion-policy: + allow-node-drain-with-last-healthy-replica: + mkfs-ext4-parameters: + disable-replica-rebuild: + replica-replenishment-wait-interval: + disable-revision-counter: + system-managed-pods-image-pull-policy: + allow-volume-creation-with-degraded-availability: + auto-cleanup-system-generated-snapshot: +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + namespace: longhorn-system +rules: + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + namespace: longhorn-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: + - kind: ServiceAccount + name: longhorn-service-account + namespace: longhorn-system + - kind: ServiceAccount + name: default + namespace: longhorn-system +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: longhorn-system +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: Delete + volumeBindingMode: Immediate + parameters: + numberOfReplicas: "3" + staleReplicaTimeout: "2880" + fromBackup: "" + # diskSelector: "ssd,fast" + # nodeSelector: "storage,fast" + # recurringJobs: '[{"name":"snap", "task":"snapshot", "cron":"*/1 * * * *", "retain":1}, + # {"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1, + # "labels": {"interval":"2m"}}]' +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: longhorn-manager + name: longhorn-manager + namespace: longhorn-system +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: longhornio/longhorn-manager:v1.1.0 + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - longhornio/longhorn-engine:v1.1.0 + - --instance-manager-image + - longhornio/longhorn-instance-manager:v1_20201216 + - --share-manager-image + - longhornio/longhorn-share-manager:v1_20201204 + - --manager-image + - longhornio/longhorn-manager:v1.1.0 + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # Should be: mount path of the volume longhorn-default-setting + the key of the configmap data in 04-default-setting.yaml + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting +# imagePullSecrets: +# - name: "" + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: longhorn-manager + name: longhorn-backend + namespace: longhorn-system +spec: + type: ClusterIP + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: longhorn-ui + name: longhorn-ui + namespace: longhorn-system +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: longhornio/longhorn-ui:v1.1.0 + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" +# imagePullSecrets: +# - name: +--- +kind: Service +apiVersion: v1 +metadata: + labels: + app: longhorn-ui + name: longhorn-frontend + namespace: longhorn-system +spec: + type: ClusterIP + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + nodePort: null +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: longhorn-system +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: longhornio/longhorn-manager:v1.1.0 + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: longhornio/longhorn-manager:v1.1.0 + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - longhornio/longhorn-manager:v1.1.0 + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + # Manually set root directory for csi + #- name: KUBELET_ROOT_DIR + # value: /var/lib/rancher/k3s/agent/kubelet + # For AirGap Installation + # Replace PREFIX with your private registery + #- name: CSI_ATTACHER_IMAGE + # value: PREFIX/csi-attacher:v2.2.1-lh1 + #- name: CSI_PROVISIONER_IMAGE + # value: PREFIX/csi-provisioner:v1.6.0-lh1 + #- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + # value: PREFIX/csi-node-driver-registrar:v1.2.0-lh1 + #- name: CSI_RESIZER_IMAGE + # value: PREFIX/csi-resizer:v0.5.1-lh1 + #- name: CSI_SNAPSHOTTER_IMAGE + # value: PREFIX/csi-snapshotter:v2.1.1-lh1 + # Manually specify number of CSI attacher replicas + #- name: CSI_ATTACHER_REPLICA_COUNT + # value: "3" + # Manually specify number of CSI provisioner replicas + #- name: CSI_PROVISIONER_REPLICA_COUNT + # value: "3" + #- name: CSI_RESIZER_REPLICA_COUNT + # value: "3" + #- name: CSI_SNAPSHOTTER_REPLICA_COUNT + # value: "3" + #imagePullSecrets: + #- name: + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 +--- diff --git a/longhorn-ingress.yml b/longhorn/longhorn-ingress.yaml similarity index 51% rename from longhorn-ingress.yml rename to longhorn/longhorn-ingress.yaml index 33c98fe..310f9b2 100644 --- a/longhorn-ingress.yml +++ b/longhorn/longhorn-ingress.yaml @@ -1,24 +1,3 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: longhorn-basic-auth-secret - namespace: longhorn-system -data: - users: |2 - YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK - ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: longhorn-basic-auth-middleware - namespace: longhorn-system -spec: - basicAuth: - secret: longhorn-basic-auth-secret - realm: "Longhorn Dashboard" - --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -39,4 +18,3 @@ spec: name: longhorn-frontend port: number: 80 - loadBalancerIP: 192.168.1.23 diff --git a/longhorn/longhorn-middleware.yaml b/longhorn/longhorn-middleware.yaml new file mode 100644 index 0000000..9fc67bb --- /dev/null +++ b/longhorn/longhorn-middleware.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: longhorn-basic-auth-middleware + namespace: longhorn-system +spec: + basicAuth: + secret: longhorn-basic-auth-secret + realm: "Longhorn Dashboard" diff --git a/longhorn/longhorn-secret.yaml b/longhorn/longhorn-secret.yaml new file mode 100644 index 0000000..3275a47 --- /dev/null +++ b/longhorn/longhorn-secret.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: longhorn-basic-auth-secret + namespace: longhorn-system +data: + users: |2 + YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK diff --git a/metallb-config.yml b/metallb/metallb-config.yaml similarity index 90% rename from metallb-config.yml rename to metallb/metallb-config.yaml index 59a10ed..493fb63 100644 --- a/metallb-config.yml +++ b/metallb/metallb-config.yaml @@ -6,7 +6,7 @@ metadata: namespace: metallb-system spec: addresses: - - 192.168.1.21-192.168.1.40 + - 192.168.1.21-192.168.1.49 --- apiVersion: metallb.io/v1beta1 diff --git a/PVC-traefik-certs.yml b/traefik/PVC-traefik-certs.yml similarity index 100% rename from PVC-traefik-certs.yml rename to traefik/PVC-traefik-certs.yml diff --git a/traefik-ingress.yml b/traefik/traefik-ingress.yaml similarity index 51% rename from traefik-ingress.yml rename to traefik/traefik-ingress.yaml index 3907787..5659eaa 100644 --- a/traefik-ingress.yml +++ b/traefik/traefik-ingress.yaml @@ -1,24 +1,3 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: traefik-basic-auth-secret - namespace: kube-system -data: - users: |2 - YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK - ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: traefik-basic-auth-middleware - namespace: kube-system -spec: - basicAuth: - secret: traefik-basic-auth-secret - realm: "Traefik Dashboard" - --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -39,4 +18,3 @@ spec: name: traefik-dashboard port: number: 8080 - loadBalancerIP: 192.168.1.21 diff --git a/traefik/traefik-middleware.yaml b/traefik/traefik-middleware.yaml new file mode 100644 index 0000000..828f0b0 --- /dev/null +++ b/traefik/traefik-middleware.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: traefik-basic-auth-middleware + namespace: kube-system +spec: + basicAuth: + secret: traefik-basic-auth-secret + realm: "Traefik Dashboard" diff --git a/traefik/traefik-secret.yaml b/traefik/traefik-secret.yaml new file mode 100644 index 0000000..d649195 --- /dev/null +++ b/traefik/traefik-secret.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: traefik-basic-auth-secret + namespace: kube-system +data: + users: |2 + YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK