Skip to content

Commit

Permalink
Longhorn v1.0.2
Browse files Browse the repository at this point in the history
Signed-off-by: Sheng Yang <sheng.yang@rancher.com>
  • Loading branch information
yasker committed Aug 15, 2020
1 parent d5e2455 commit 0a88eaa
Show file tree
Hide file tree
Showing 10 changed files with 188 additions and 30 deletions.
4 changes: 2 additions & 2 deletions charts/longhorn/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: longhorn
version: 1.0.1
appVersion: v1.0.1
version: 1.0.2
appVersion: v1.0.2
kubeVersion: ">=v1.14.0-r0"
description: Longhorn is a distributed block storage system for Kubernetes.
keywords:
Expand Down
44 changes: 37 additions & 7 deletions charts/longhorn/questions.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ questions:
label: Longhorn Manager Image Name
group: "Longhorn Images Settings"
- variable: image.longhorn.managerTag
default: v1.0.1
default: v1.0.2
description: "Specify Longhorn Manager Image Tag"
type: string
label: Longhorn Manager Image Tag
Expand All @@ -29,7 +29,7 @@ questions:
label: Longhorn Engine Image Name
group: "Longhorn Images Settings"
- variable: image.longhorn.engineTag
default: v1.0.1
default: v1.0.2
description: "Specify Longhorn Engine Image Tag"
type: string
label: Longhorn Engine Image Tag
Expand All @@ -41,7 +41,7 @@ questions:
label: Longhorn UI Image Name
group: "Longhorn Images Settings"
- variable: image.longhorn.uiTag
default: v1.0.1
default: v1.0.2
description: "Specify Longhorn UI Image Tag"
type: string
label: Longhorn UI Image Tag
Expand All @@ -59,29 +59,53 @@ questions:
label: Longhorn Instance Manager Image Tag
group: "Longhorn Images Settings"
- variable: csi.attacherImage
default:
default: longhornio/csi-attacher
description: "Specify CSI attacher image. Leave blank to autodetect."
type: string
label: Longhorn CSI Attacher Image
group: "Longhorn CSI Driver Images"
- variable: csi.attacherImageTag
default: v2.0.0
description: "Specify CSI attacher image tag. Leave blank to autodetect."
type: string
label: Longhorn CSI Attacher Image Tag
group: "Longhorn CSI Driver Images"
- variable: csi.provisionerImage
default:
default: longhornio/csi-provisioner
description: "Specify CSI provisioner image. Leave blank to autodetect."
type: string
label: Longhorn CSI Provisioner Image
group: "Longhorn CSI Driver Images"
- variable: csi.provisionerImageTag
default: v1.4.0
description: "Specify CSI provisioner image tag. Leave blank to autodetect."
type: string
label: Longhorn CSI Provisioner Image Tag
group: "Longhorn CSI Driver Images"
- variable: csi.nodeDriverRegistrarImage
default:
default: longhornio/csi-node-driver-registrar
description: "Specify CSI Node Driver Registrar image. Leave blank to autodetect."
type: string
label: Longhorn CSI Node Driver Registrar Image
group: "Longhorn CSI Driver Images"
- variable: csi.nodeDriverRegistrarImageTag
default: v1.2.0
description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect."
type: string
label: Longhorn CSI Node Driver Registrar Image Tag
group: "Longhorn CSI Driver Images"
- variable: csi.resizerImage
default:
default: longhornio/csi-resizer
description: "Specify CSI Driver Resizer image. Leave blank to autodetect."
type: string
label: Longhorn CSI Driver Resizer Image
group: "Longhorn CSI Driver Images"
- variable: csi.resizerImageTag
default: v0.3.0
description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect."
type: string
label: Longhorn CSI Driver Resizer Image Tag
group: "Longhorn CSI Driver Images"
- variable: privateRegistry.registryUrl
label: Private registry URL
description: "URL of private registry"
Expand Down Expand Up @@ -314,3 +338,9 @@ WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES.'
max: 32767
show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer"
label: UI Service NodePort number
- variable: enablePSP
default: "true"
description: "Setup a pod security policy for Longhorn workloads."
label: Pod Security Policy
type: boolean
group: "Other Settings"
17 changes: 17 additions & 0 deletions charts/longhorn/templates/daemonset-sa.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,11 @@ spec:
spec:
containers:
- name: longhorn-manager
{{- if .Values.privateRegistry.registryUrl }}
image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- else }}
image: "{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- end }}
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
Expand All @@ -25,11 +29,23 @@ spec:
- -d
- daemon
- --engine-image
{{- if .Values.privateRegistry.registryUrl }}
- "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.engine }}:{{ .Values.image.longhorn.engineTag }}"
{{- else }}
- "{{ .Values.image.longhorn.engine }}:{{ .Values.image.longhorn.engineTag }}"
{{- end }}
- --instance-manager-image
{{- if .Values.privateRegistry.registryUrl }}
- "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.instanceManager }}:{{ .Values.image.longhorn.instanceManagerTag }}"
{{- else }}
- "{{ .Values.image.longhorn.instanceManager }}:{{ .Values.image.longhorn.instanceManagerTag }}"
{{- end }}
- --manager-image
{{- if .Values.privateRegistry.registryUrl }}
- "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- else }}
- "{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- end }}
- --service-account
- longhorn-service-account
ports:
Expand All @@ -45,6 +61,7 @@ spec:
mountPath: /host/proc/
- name: varrun
mountPath: /var/run/
mountPropagation: Bidirectional
- name: longhorn
mountPath: /var/lib/longhorn/
mountPropagation: Bidirectional
Expand Down
47 changes: 39 additions & 8 deletions charts/longhorn/templates/deployment-driver.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,18 +16,30 @@ spec:
spec:
initContainers:
- name: wait-longhorn-manager
{{- if .Values.privateRegistry.registryUrl }}
image: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- end }}
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
containers:
- name: longhorn-driver-deployer
{{- if .Values.privateRegistry.registryUrl }}
image: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- end }}
imagePullPolicy: IfNotPresent
command:
- longhorn-manager
- -d
- deploy-driver
- --manager-image
{{- if .Values.privateRegistry.registryUrl }}
- {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- else }}
- {{ printf "%s:%s" .Values.image.longhorn.manager .Values.image.longhorn.managerTag | quote }}
{{- end }}
- --manager-url
- http://longhorn-backend:9500/v1
env:
Expand All @@ -47,22 +59,41 @@ spec:
- name: KUBELET_ROOT_DIR
value: {{ .Values.csi.kubeletRootDir }}
{{- end }}
{{- if .Values.csi.attacherImage }}
{{- if .Values.privateRegistry.registryUrl }}
{{- if and .Values.csi.attacherImage .Values.csi.attacherImageTag }}
- name: CSI_ATTACHER_IMAGE
value: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.csi.attacherImage .Values.csi.attacherImageTag | quote }}
{{- end }}
{{- if and .Values.csi.provisionerImage .Values.csi.provisionerImageTag }}
- name: CSI_PROVISIONER_IMAGE
value: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.csi.provisionerImage .Values.csi.provisionerImageTag | quote }}
{{- end }}
{{- if and .Values.csi.nodeDriverRegistrarImage .Values.csi.nodeDriverRegistrarImageTag }}
- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
value: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.csi.nodeDriverRegistrarImage .Values.csi.nodeDriverRegistrarImageTag | quote }}
{{- end }}
{{- if and .Values.csi.resizerImage .Values.csi.resizerImageTag }}
- name: CSI_RESIZER_IMAGE
value: {{ printf "%s/%s:%s" .Values.privateRegistry.registryUrl .Values.csi.resizerImage .Values.csi.resizerImageTag | quote }}
{{- end }}
{{- else }}
{{- if and .Values.csi.attacherImage .Values.csi.attacherImageTag }}
- name: CSI_ATTACHER_IMAGE
value: {{ .Values.csi.attacherImage }}
value: {{ printf "%s:%s" .Values.csi.attacherImage .Values.csi.attacherImageTag | quote }}
{{- end }}
{{- if .Values.csi.provisionerImage }}
{{- if and .Values.csi.provisionerImage .Values.csi.provisionerImageTag }}
- name: CSI_PROVISIONER_IMAGE
value: {{ .Values.csi.provisionerImage }}
value: {{ printf "%s:%s" .Values.csi.provisionerImage .Values.csi.provisionerImageTag | quote }}
{{- end }}
{{- if .Values.csi.nodeDriverRegistrarImage }}
{{- if and .Values.csi.nodeDriverRegistrarImage .Values.csi.nodeDriverRegistrarImageTag }}
- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
value: {{ .Values.csi.nodeDriverRegistrarImage }}
value: {{ printf "%s:%s" .Values.csi.nodeDriverRegistrarImage .Values.csi.nodeDriverRegistrarImageTag | quote }}
{{- end }}
{{- if .Values.csi.resizerImage }}
{{- if and .Values.csi.resizerImage .Values.csi.resizerImageTag }}
- name: CSI_RESIZER_IMAGE
value: {{ .Values.csi.resizerImage }}
value: {{ printf "%s:%s" .Values.csi.resizerImage .Values.csi.resizerImageTag | quote }}
{{- end }}
{{- end }}
{{- if .Values.csi.attacherReplicaCount }}
- name: CSI_ATTACHER_REPLICA_COUNT
value: {{ .Values.csi.attacherReplicaCount | quote }}
Expand Down
4 changes: 4 additions & 0 deletions charts/longhorn/templates/deployment-ui.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@ spec:
spec:
containers:
- name: longhorn-ui
{{- if .Values.privateRegistry.registryUrl }}
image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.ui }}:{{ .Values.image.longhorn.uiTag }}"
{{- else }}
image: "{{ .Values.image.longhorn.ui }}:{{ .Values.image.longhorn.uiTag }}"
{{- end }}
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 0
Expand Down
4 changes: 4 additions & 0 deletions charts/longhorn/templates/postupgrade-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@ spec:
spec:
containers:
- name: longhorn-post-upgrade
{{- if .Values.privateRegistry.registryUrl }}
image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- else }}
image: "{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- end }}
imagePullPolicy: Always
command:
- longhorn-manager
Expand Down
66 changes: 66 additions & 0 deletions charts/longhorn/templates/psp.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
{{- if .Values.enablePSP }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: longhorn-psp
labels: {{- include "longhorn.labels" . | nindent 4 }}
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities:
- NET_RAW
allowedCapabilities:
- SYS_ADMIN
hostNetwork: false
hostIPC: false
hostPID: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
- hostPath
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: longhorn-psp-role
labels: {{- include "longhorn.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- longhorn-psp
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: longhorn-psp-binding
labels: {{- include "longhorn.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: longhorn-psp-role
subjects:
- kind: ServiceAccount
name: longhorn-service-account
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: default
namespace: {{ .Release.Namespace }}
{{- end }}
7 changes: 1 addition & 6 deletions charts/longhorn/templates/storageclass.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,8 @@ kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: longhorn
{{- if .Values.persistence.defaultClass }}
annotations:
storageclass.beta.kubernetes.io/is-default-class: "true"
{{- else }}
annotations:
storageclass.beta.kubernetes.io/is-default-class: "false"
{{- end }}
storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }}
labels: {{- include "longhorn.labels" . | nindent 4 }}
provisioner: driver.longhorn.io
allowVolumeExpansion: true
Expand Down
4 changes: 4 additions & 0 deletions charts/longhorn/templates/uninstall-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@ spec:
spec:
containers:
- name: longhorn-uninstall
{{- if .Values.privateRegistry.registryUrl }}
image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- else }}
image: "{{ .Values.image.longhorn.manager }}:{{ .Values.image.longhorn.managerTag }}"
{{- end }}
imagePullPolicy: Always
command:
- longhorn-manager
Expand Down
21 changes: 14 additions & 7 deletions charts/longhorn/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
image:
longhorn:
engine: longhornio/longhorn-engine
engineTag: v1.0.1
engineTag: v1.0.2
manager: longhornio/longhorn-manager
managerTag: v1.0.1
managerTag: v1.0.2
ui: longhornio/longhorn-ui
uiTag: v1.0.1
uiTag: v1.0.2
instanceManager: longhornio/longhorn-instance-manager
instanceManagerTag: v1_20200514
pullPolicy: IfNotPresent
Expand All @@ -26,10 +26,14 @@ persistence:
defaultClassReplicaCount: 3

csi:
attacherImage: ~
provisionerImage: ~
nodeDriverRegistrarImage: ~
resizerImage: ~
attacherImage: longhornio/csi-attacher
attacherImageTag: v2.0.0
provisionerImage: longhornio/csi-provisioner
provisionerImageTag: v1.4.0
nodeDriverRegistrarImage: longhornio/csi-node-driver-registrar
nodeDriverRegistrarImageTag: v1.2.0
resizerImage: longhornio/csi-resizer
resizerImageTag: v0.3.0
kubeletRootDir: ~
attacherReplicaCount: ~
provisionerReplicaCount: ~
Expand Down Expand Up @@ -114,3 +118,6 @@ ingress:
# - name: longhorn.local-tls
# key:
# certificate:

# Configure a pod security policy in the Longhorn namespace to allow privileged pods
enablePSP: true

0 comments on commit 0a88eaa

Please sign in to comment.