Attempt to get longhorn working on nixos

2023-04-02 23:40:27 -04:00 · 2023-04-02 23:40:27 -04:00 · 9650216b99
parent b1249c5d48
commit 9650216b99
2 changed files with 101 additions and 2 deletions
--- a/cluster/core/storage/kustomization.yaml
+++ b/cluster/core/storage/kustomization.yaml
@ -1,4 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
- ./longhorn
+- ./rook-ceph
--- a/cluster/core/storage/longhorn/helm.yaml
+++ b/cluster/core/storage/longhorn/helm.yaml
@ -7,6 +7,25 @@ spec:
  interval: 1m
  url: https://charts.longhorn.io
 ---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: kyverno-charts
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://kyverno.github.io/kyverno
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: incubator-charts
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://charts.helm.sh/incubator
+---
+# ================= Release for longhorn =================
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
@ -22,4 +41,84 @@ spec:
        kind: HelmRepository
        name: longhorn-charts
        namespace: flux-system
-      interval: 1m
+      interval: 1m
+---
+# ================= Release for kyverno =================
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kyverno
+  namespace: longhorn-system
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: kyverno
+      version: '2.6.x'
+      sourceRef:
+        kind: HelmRepository
+        name: kyverno-charts
+        namespace: flux-system
+      interval: 1m
+---
+# ================= Release for incubator/raw =================
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: incubator-raw
+  namespace: longhorn-system
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: raw
+      version: '2.6.x'
+      sourceRef:
+        kind: HelmRepository
+        name: incubator-charts
+        namespace: flux-system
+      interval: 1m
+  values:
+    - resources:
+        - apiVersion: v1
+          kind: ConfigMap
+          metadata:
+            name: longhorn
+            namespace: longhorn-system
+          data:
+            PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
+        - apiVersion: kyverno.io/v1
+          kind: ClusterPolicy
+          metadata:
+            name: longhorn
+            annotations:
+              policies.kyverno.io/title: Add Environment Variables from ConfigMap
+              policies.kyverno.io/subject: Pod
+              policies.kyverno.io/category: Other
+              policies.kyverno.io/description: >-
+                Longhorn invokes executables on the host system, and needs
+                to be aware of the host systems PATH. This modifies all
+                deployments such that the PATH is explicitly set to support
+                NixOS based systems.
+          spec:
+            rules:
+              - name: add-env-vars
+                match:
+                  resources:
+                    kinds:
+                      - Pod
+                    namespaces:
+                      - longhorn-system
+                mutate:
+                  patchStrategicMerge:
+                    spec:
+                      initContainers:
+                        - (name): "*"
+                          envFrom:
+                            - configMapRef:
+                                name: longhorn
+                      containers:
+                        - (name): "*"
+                          envFrom:
+                            - configMapRef:
+                                name: longhorn