feat: add longhorn

This commit is contained in:
SeanOMik 2023-10-06 12:26:55 -04:00
parent 22ce223ab5
commit 625da51e49
Signed by: SeanOMik
GPG Key ID: 568F326C7EB33ACB
7 changed files with 47 additions and 203 deletions

View File

@ -1,5 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources: []
#- ./longhorn
resources:
- ./longhorn
#- ./local-path-provisioner

View File

@ -0,0 +1,32 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: longhorn
namespace: longhorn-system
spec:
interval: 5m
chart:
spec:
chart: longhorn
version: "1.5.1"
sourceRef:
kind: HelmRepository
name: longhorn-charts
namespace: flux-system
values:
longhornUI:
replicas: 1
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
host: lnghrn.${SECRET_NEW_DOMAIN}
tls: true
tlsSecret: wildcard-main-tls
persistence:
defaultClassReplicaCount: 1 # TODO: When the cluster expands, expand the replica count

View File

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: longhorn-charts
namespace: flux-system
spec:
interval: 1m
url: https://charts.longhorn.io

View File

@ -1,178 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: longhorn-charts
namespace: flux-system
spec:
interval: 1m
url: https://charts.longhorn.io
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: kyverno-charts
namespace: flux-system
spec:
interval: 1m
url: https://kyverno.github.io/kyverno
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: raw-charts
namespace: flux-system
spec:
interval: 1m
url: https://buttahtoast.github.io/helm-charts/
---
# ================= Release for longhorn =================
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: longhorn
namespace: longhorn-system
spec:
interval: 5m
chart:
spec:
chart: longhorn
version: '1.4.x'
sourceRef:
kind: HelmRepository
name: longhorn-charts
namespace: flux-system
interval: 1m
---
# ================= Release for kyverno =================
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kyverno
namespace: longhorn-system
spec:
interval: 5m
chart:
spec:
chart: kyverno
version: '2.6.x'
sourceRef:
kind: HelmRepository
name: kyverno-charts
namespace: flux-system
interval: 1m
---
# ================= Release for incubator/raw =================
#apiVersion: helm.toolkit.fluxcd.io/v2beta1
#kind: HelmRelease
#metadata:
# name: raw
# namespace: longhorn-system
#spec:
# interval: 5m
# dependsOn:
# - name: kyverno
# namespace: longhorn-system
# chart:
# spec:
# chart: raw
# version: '2.0.0'
# sourceRef:
# kind: HelmRepository
# name: raw-charts
# namespace: flux-system
# interval: 1m
# values:
# resources:
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# name: longhorn-custom-path
# namespace: longhorn-system
# data:
# PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
# - apiVersion: kyverno.io/v1
# kind: ClusterPolicy
# metadata:
# name: add-host-path-to-longhorn
# annotations:
# policies.kyverno.io/title: Add Environment Variables from ConfigMap
# policies.kyverno.io/subject: Pod
# policies.kyverno.io/category: Other
# policies.kyverno.io/description: >-
# Longhorn invokes executables on the host system, and needs
# to be aware of the host systems PATH. This modifies all
# deployments such that the PATH is explicitly set to support
# NixOS based systems.
# spec:
# rules:
# - name: add-env-vars
# match:
# resources:
# kinds:
# - Pod
# namespaces:
# - longhorn-system
# mutate:
# patchStrategicMerge:
# spec:
# initContainers:
# - (name): "*"
# envFrom:
# - configMapRef:
# name: longhorn-custom-path
# containers:
# - (name): "*"
# envFrom:
# - configMapRef:
# name: longhorn-custom-path
---
apiVersion: v1
kind: ConfigMap
metadata:
name: longhorn-custom-path
namespace: longhorn-system
data:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: add-host-path-to-longhorn
annotations:
policies.kyverno.io/title: Add Environment Variables from ConfigMap
policies.kyverno.io/subject: Pod
policies.kyverno.io/category: Other
policies.kyverno.io/description: >-
Longhorn invokes executables on the host system, and needs
to be aware of the host systems PATH. This modifies all
deployments such that the PATH is explicitly set to support
NixOS based systems.
spec:
rules:
- name: add-env-vars
match:
resources:
kinds:
- Pod
namespaces:
- longhorn-system
mutate:
patchStrategicMerge:
spec:
initContainers:
- (name): "*"
envFrom:
- configMapRef:
name: longhorn-custom-path
containers:
- (name): "*"
envFrom:
- configMapRef:
name: longhorn-custom-path

View File

@ -1,20 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: longhorn-ingress
namespace: longhorn-system
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
rules:
- host: "longhorn.${SECRET_DOMAIN}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: longhorn
port:
number: 80

View File

@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./helm.yaml
- ./ingress.yaml
- ./helm-repository.yaml
- ./helm-release.yaml

View File

@ -1,4 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: longhorn-system
name: longhorn-system
labels:
name: longhorn-system