longhorn helm chart

2022-12-03 05:43:04 -06:00
parent d3ed792526
commit aa752797e3
6 changed files with 269 additions and 142 deletions
--- a/argocd/templates/longhorn.yaml
+++ b/argocd/templates/longhorn.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: longhorn
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: longhorn
+  destination:
+    namespace: longhorn
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
--- a/keycloak/Chart.yaml
+++ b/keycloak/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: keycloak
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: keycloak
-  repository: https://charts.bitnami.com/bitnami
-  version: 10.1.4
--- a/keycloak/templates/keyclock.yaml
+++ b/keycloak/templates/keyclock.yaml
@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: keycloak-credentials
-  namespace: keycloak
-spec:
-  encryptedData:
-    admin-password: AgAahQvC7WJ0AQuDEC1trSxEi2C8AeJwhz1nzH+44V6rt3lxiCjWzDJcIFsnXhQJDk+Cpn9vuyZarIgwUhegpJlkdILURnWa6Zc6XvbDCCBoQ2aqQWvMbG56DZdzK352G+taPny8/wAdXFAsDx3vSG0wfrmIU7Fo1IJKdvdKI204L+zJ8Msvkodoj9gt8Iq1ZkIGYk2jaN5eGuRr2g9qkCMPdInR/Vj9nrlUmS1w9MJv5Jr3djSkTaENucTpaqtl0dtJv7Br7mWZ6QTWKsuVa/UwaIm//wcw+RQh3QHqrau7KOeZdEy3xVJf8w5XkSQam/qcFL5MP1WYzLiuaGvQlsQlaI5ud9bFW/rFerGaOvWxs4elrFQjkxwqegyFPg41s8tTwA0/D46bhetRm+TzhXa/nAgsj9CI53SQhNFRsmNH3gQghsL2C8PS67b+Rk4kJ3XxPFegMRLZqNe55u5dN5eTsNyq0yDLaqf3extTogwtLMB4G68TwFxCVuMecoeRvFitl3WJyDtPGr2fWGhoOr3QzZn8hlw3e5+Kx3w1KATMd1WGonp2w+IIOe8nLMXQDHGAJaCG5u8BNjHhdIRS+0mDHp40jNSdaFlM9OrEpsnfUU25+H3cEn5f2Bd9OYzWWFrOr60CBvG3qIBnMytHOKtXC8vqrhSdtSScgqIqbcYGHFzts/fujc3IUvjeoGyrTGwB3o6DUTxD3+uMNsI=
-    password: AgBruTBtb5AXviMuqM4eimlN6SwwJaXf3XBKX/2K7oYG8XTMJNq7135imrPULdvgR7rA5RLKXPiE5bZV/kkJhANbJuf/H4g6R0c0eBVEzoM+dlLHN5ktFrwAGaNsAim/UH5CmPATap8QtVfdBmQwBO1fdmCbtXqYJq0yhHSs7XeE+M8b408Sn2tr95i0/8wLqii4/as0B3Ecqrx8g66P0pPcMEsp3CuJTppchIQu35Ty6rKTHrwhcs2OZpfUu0oevAaVQwPulNYQ4tG6y+z2CT1bsJ3W7OS4HnhRtONiG8URlcrFgkBfwYQbofl781DskcjWxIlpOmyFl3m5riWrNHmznhalptScr7Eg+vxPHCeK5XjMD5Rg5z6YYPpfXwmq1rReCv9IWMaMV+0LdaTiU0JTKT6mfJxuZEtwBmU6N4Z00EIGghYFZ/xZ2Ld9jqfOl53QCapv2lqWN26+ZAr8FB7I0qQ7qWp2iMbaoKNZ2YMopjDQm8PEH328GXOuE+pPZM5V6rEw53urJn3pOf1ZUAEzoKo1zOqzU54Scg1xARHQI17RdyiR8+jbzmztV38orpf4jT/srxdPKUZKTI099kt+qB3YAkPrxgESq//fcIme1q2Ox1H3vVQydFRWXrDCXDX8WA1tdwKHBZwBhQJ5DKAXRRSLLXxGqmPG36WZ7du+KfPTIYpq+Mh2Hut750ALZ5XnMnioxc3OTLGzjiY=
-    postgres-password: AgARK2JKzY8lXbAxBxZYkpjoKPY9wMFgVrVtaZpS5gs0p9M+pRdEhSPVfQxJ/MzrkadBWxaCd3ShracqQLy+WvnCXc3hI65TKKgTp6uwkGppWnKg2AA3JICwMDOdax/U2qbsKXjdbC0XEsRlJBCBaIZ3Tr5cbCx7eZYgg5RsBXGP3rz6joeV30CU6qH2Q466WsdHl7PECyroTwc9uQ1eTB96b5Tw+VS/uJjQv4EP0Yte9ljfxbpQofuf2DmiJCAcDsulJLhebwGVDjAX+sF01NBEJT3Oau3P9MwHDwuoOXZguK/RRE+vrkU/EfnsTaOJhGxgKGGV5DmM5HRkV74ezxbyh44UgkKkhw6SvjX8W8V08eZmBvJXGpsldsIM8QlV9nO+xJWMK9G62HCjL0TZb/QwbaQWXq/7u4Rl0QWtJA7FNdlJwkJhzQXhgMUYXjcC1R22iuq5qYLs/93Q2MMKpOcsyyMo2p/P2mTJSncPPZQjuwSr2WXnGAbMLfYSQ3aiCGJfbB0rRQeMVDv5rvtWlRb6jggycZcfVH2Zxe1ggjRoWT+mUMyIuC4L8MPe6JcZJljbN57499QRZfZM+EfqVT2lkvGokQNyHPF5cpbezbZAFkQCIBwF6C3laPAkwb2Kgk44yf+umznl6hNm8B8JLmkYmLQVZOlyZ++tscPrmD4CQxKJmlawZ8DVODfz8rVrwsd9CLfBd/Fn6iSnJo0=
-  template:
-    data: null
-    metadata:
-      creationTimestamp: null
-      name: keycloak-credentials
-      namespace: keycloak
--- a/keycloak/values.yaml
+++ b/keycloak/values.yaml
@@ -1,114 +0,0 @@
-keycloak:  
-
-  global:
-    storageClass: nfs-storage
-
-  image:
-    registry: docker.io
-    repository: bitnami/keycloak
-    digest: ""
-    pullPolicy: Always
-    pullSecrets: []
-    debug: false
-  auth:
-    adminUser: user
-    existingSecret: "keycloak-credentials"
-    existingSecretPerPassword: {}
-
-  replicaCount: 1
-
-  containerPorts:
-    http: 8080
-    https: 8443
-
-  podSecurityContext:
-    enabled: true
-    fsGroup: 1001
-
-  containerSecurityContext:
-    enabled: true
-    runAsUser: 1001
-    runAsNonRoot: true
-
-  resources:
-    limits: {}
-    requests: {}
-
-  livenessProbe:
-    enabled: true
-    initialDelaySeconds: 300
-    periodSeconds: 1
-    timeoutSeconds: 5
-    failureThreshold: 3
-    successThreshold: 1
-
-  readinessProbe:
-    enabled: true
-    initialDelaySeconds: 30
-    periodSeconds: 10
-    timeoutSeconds: 1
-    failureThreshold: 3
-    successThreshold: 1
-
-  startupProbe:
-    enabled: false
-
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate: {}
-
-  service:
-    type: ClusterIP
-    http:
-      enabled: true
-    ports:
-      http: 80
-      https: 443
-  
-  ingress:
-    enabled: true
-    ingressClassName: ""
-    pathType: ImplementationSpecific
-    hostname: keycloak.durp.info
-    servicePort: http
-    annotations: 
-        cert-manager.io/cluster-issuer: letsencrypt-production
-        kubernetes.io/ingress.class: nginx
-    tls: 
-      - secretName: keycloak-tls
-        hosts:
-        - keycloak.durp.info
-    selfSigned: false
-    secrets: []
-    extraRules: []
-  
-  
-  serviceAccount:
-    create: true
-    name: ""
-    automountServiceAccountToken: true
-    annotations: {}
-    
-  postgresql:
-    enabled: true
-    auth:
-      username: bn_keycloak
-      database: bitnami_keycloak
-      existingSecret: "keycloak-credentials"
-    architecture: standalone
-
-  externalDatabase:
-    host: ""
-    port: 5432
-    user: bn_keycloak
-    database: bitnami_keycloak
-    password: "password122"
-    existingSecret: ""
-    existingSecretPasswordKey: ""
-  
-  cache:
-    enabled: false
-  
-  logging:
-    output: default
-  
--- a/longhorn/Chart.yaml
+++ b/longhorn/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: longhorn
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
+
+dependencies:
+- name: longhorn
+  repository: https://charts.longhorn.io
+  version: 1.3.2
--- a/longhorn/values.yaml
+++ b/longhorn/values.yaml
@@ -0,0 +1,236 @@
+longhorn: 
+
+  # Default values for longhorn.
+  # This is a YAML-formatted file.
+  # Declare variables to be passed into your templates.
+  global:
+    cattle:
+      systemDefaultRegistry: ""
+  
+  image:
+    longhorn:
+      engine:
+        repository: longhornio/longhorn-engine
+      manager:
+        repository: longhornio/longhorn-manager
+      ui:
+        repository: longhornio/longhorn-ui
+      instanceManager:
+        repository: longhornio/longhorn-instance-manager
+      shareManager:
+        repository: longhornio/longhorn-share-manager
+      backingImageManager:
+        repository: longhornio/backing-image-manager
+    csi:
+      attacher:
+        repository: longhornio/csi-attacher
+      provisioner:
+        repository: longhornio/csi-provisioner
+      nodeDriverRegistrar:
+        repository: longhornio/csi-node-driver-registrar
+      resizer:
+        repository: longhornio/csi-resizer
+      snapshotter:
+        repository: longhornio/csi-snapshotter
+    pullPolicy: always
+  
+  service:
+    ui:
+      type: ClusterIP
+      nodePort: null
+    manager:
+      type: ClusterIP
+      nodePort: ""
+      loadBalancerIP: ""
+      loadBalancerSourceRanges: ""
+  
+  persistence:
+    defaultClass: true
+    defaultFsType: ext4
+    defaultClassReplicaCount: 3
+    defaultDataLocality: disabled # best-effort otherwise
+    reclaimPolicy: Delete
+    migratable: false
+    recurringJobSelector:
+      enable: false
+      jobList: []
+    backingImage:
+      enable: false
+      name: ~
+      dataSourceType: ~
+      dataSourceParameters: ~
+      expectedChecksum: ~
+  
+  csi:
+    kubeletRootDir: ~
+    attacherReplicaCount: ~
+    provisionerReplicaCount: ~
+    resizerReplicaCount: ~
+    snapshotterReplicaCount: ~
+  
+  defaultSettings:
+    backupTarget: ~
+    backupTargetCredentialSecret: ~
+    allowRecurringJobWhileVolumeDetached: ~
+    createDefaultDiskLabeledNodes: ~
+    defaultDataPath: ~
+    defaultDataLocality: ~
+    replicaSoftAntiAffinity: ~
+    replicaAutoBalance: ~
+    storageOverProvisioningPercentage: ~
+    storageMinimalAvailablePercentage: ~
+    upgradeChecker: ~
+    defaultReplicaCount: ~
+    defaultLonghornStaticStorageClass: ~
+    backupstorePollInterval: ~
+    taintToleration: ~
+    systemManagedComponentsNodeSelector: ~
+    priorityClass: ~
+    autoSalvage: ~
+    autoDeletePodWhenVolumeDetachedUnexpectedly: ~
+    disableSchedulingOnCordonedNode: ~
+    replicaZoneSoftAntiAffinity: ~
+    nodeDownPodDeletionPolicy: ~
+    allowNodeDrainWithLastHealthyReplica: ~
+    mkfsExt4Parameters: ~
+    disableReplicaRebuild: ~
+    replicaReplenishmentWaitInterval: ~
+    concurrentReplicaRebuildPerNodeLimit: ~
+    disableRevisionCounter: ~
+    systemManagedPodsImagePullPolicy: ~
+    allowVolumeCreationWithDegradedAvailability: ~
+    autoCleanupSystemGeneratedSnapshot: ~
+    concurrentAutomaticEngineUpgradePerNodeLimit: ~
+    backingImageCleanupWaitInterval: ~
+    backingImageRecoveryWaitInterval: ~
+    guaranteedEngineManagerCPU: ~
+    guaranteedReplicaManagerCPU: ~
+    kubernetesClusterAutoscalerEnabled: ~
+    orphanAutoDeletion: ~
+    storageNetwork: ~
+  privateRegistry:
+    createSecret: ~
+    registryUrl: ~
+    registryUser: ~
+    registryPasswd: ~
+    registrySecret: ~
+  
+  longhornManager:
+    priorityClass: ~
+    tolerations: []
+    ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above
+    ## and uncomment this example block
+    # - key: "key"
+    #   operator: "Equal"
+    #   value: "value"
+    #   effect: "NoSchedule"
+    nodeSelector: {}
+    ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above
+    ## and uncomment this example block
+    #  label-key1: "label-value1"
+    #  label-key2: "label-value2"
+  
+  longhornDriver:
+    priorityClass: ~
+    tolerations: []
+    ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above
+    ## and uncomment this example block
+    # - key: "key"
+    #   operator: "Equal"
+    #   value: "value"
+    #   effect: "NoSchedule"
+    nodeSelector: {}
+    ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above
+    ## and uncomment this example block
+    #  label-key1: "label-value1"
+    #  label-key2: "label-value2"
+  
+  longhornUI:
+    priorityClass: ~
+    tolerations: []
+    ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above
+    ## and uncomment this example block
+    # - key: "key"
+    #   operator: "Equal"
+    #   value: "value"
+    #   effect: "NoSchedule"
+    nodeSelector: {}
+    ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above
+    ## and uncomment this example block
+    #  label-key1: "label-value1"
+    #  label-key2: "label-value2"
+  
+  resources: {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #  cpu: 100m
+    #  memory: 128Mi
+    # requests:
+    #  cpu: 100m
+    #  memory: 128Mi
+    #
+  
+  ingress:
+    ## Set to true to enable ingress record generation
+    enabled: false
+  
+    ## Add ingressClassName to the Ingress
+    ## Can replace the kubernetes.io/ingress.class annotation on v1.18+
+    ingressClassName: ~
+  
+    host: sslip.io
+  
+    ## Set this to true in order to enable TLS on the ingress record
+    ## A side effect of this will be that the backend service will be connected at port 443
+    tls: false
+  
+    ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
+    tlsSecret: longhorn.local-tls
+  
+    ## If ingress is enabled you can set the default ingress path
+    ## then you can access the UI by using the following full path {{host}}+{{path}}
+    path: /
+  
+    ## Ingress annotations done as key:value pairs
+    ## If you're using kube-lego, you will want to add:
+    ## kubernetes.io/tls-acme: true
+    ##
+    ## For a full list of possible ingress annotations, please see
+    ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md
+    ##
+    ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
+    annotations:
+    #  kubernetes.io/ingress.class: nginx
+    #  kubernetes.io/tls-acme: true
+  
+    secrets:
+    ## If you're providing your own certificates, please use this to add the certificates as secrets
+    ## key and certificate should start with -----BEGIN CERTIFICATE----- or
+    ## -----BEGIN RSA PRIVATE KEY-----
+    ##
+    ## name should line up with a tlsSecret set further up
+    ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set
+    ##
+    ## It is also possible to create and manage the certificates outside of this helm chart
+    ## Please see README.md for more information
+    # - name: longhorn.local-tls
+    #   key:
+    #   certificate:
+  
+  # Configure a pod security policy in the Longhorn namespace to allow privileged pods
+  enablePSP: true
+  
+  ## Specify override namespace, specifically this is useful for using longhorn as sub-chart
+  ## and its release namespace is not the `longhorn-system`
+  namespaceOverride: ""
+  
+  # Annotations to add to the Longhorn Manager DaemonSet Pods. Optional.
+  annotations: {}
+  
+  serviceAccount:
+    # Annotations to add to the service account
+    annotations: {}
+