diff --git a/cluster/core/storage/kustomization.yaml b/cluster/core/storage/kustomization.yaml index c85f8d1..fef75f8 100644 --- a/cluster/core/storage/kustomization.yaml +++ b/cluster/core/storage/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ./longhorn \ No newline at end of file +- ./rook-ceph \ No newline at end of file diff --git a/cluster/core/storage/longhorn/helm.yaml b/cluster/core/storage/longhorn/helm.yaml index 57fa2cf..d96b03c 100644 --- a/cluster/core/storage/longhorn/helm.yaml +++ b/cluster/core/storage/longhorn/helm.yaml @@ -7,6 +7,25 @@ spec: interval: 1m url: https://charts.longhorn.io --- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: kyverno-charts + namespace: flux-system +spec: + interval: 1m + url: https://kyverno.github.io/kyverno +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: incubator-charts + namespace: flux-system +spec: + interval: 1m + url: https://charts.helm.sh/incubator +--- +# ================= Release for longhorn ================= apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: @@ -22,4 +41,84 @@ spec: kind: HelmRepository name: longhorn-charts namespace: flux-system - interval: 1m \ No newline at end of file + interval: 1m +--- +# ================= Release for kyverno ================= +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: kyverno + namespace: longhorn-system +spec: + interval: 5m + chart: + spec: + chart: kyverno + version: '2.6.x' + sourceRef: + kind: HelmRepository + name: kyverno-charts + namespace: flux-system + interval: 1m +--- +# ================= Release for incubator/raw ================= +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: incubator-raw + namespace: longhorn-system +spec: + interval: 5m + chart: + spec: + chart: raw + version: '2.6.x' + sourceRef: + kind: HelmRepository + name: incubator-charts + namespace: flux-system + interval: 1m + values: + - resources: + - apiVersion: v1 + kind: ConfigMap + metadata: + name: longhorn + namespace: longhorn-system + data: + PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin + - apiVersion: kyverno.io/v1 + kind: ClusterPolicy + metadata: + name: longhorn + annotations: + policies.kyverno.io/title: Add Environment Variables from ConfigMap + policies.kyverno.io/subject: Pod + policies.kyverno.io/category: Other + policies.kyverno.io/description: >- + Longhorn invokes executables on the host system, and needs + to be aware of the host systems PATH. This modifies all + deployments such that the PATH is explicitly set to support + NixOS based systems. + spec: + rules: + - name: add-env-vars + match: + resources: + kinds: + - Pod + namespaces: + - longhorn-system + mutate: + patchStrategicMerge: + spec: + initContainers: + - (name): "*" + envFrom: + - configMapRef: + name: longhorn + containers: + - (name): "*" + envFrom: + - configMapRef: + name: longhorn \ No newline at end of file