From f8899caf7841552681b117563bb25d44f9742561 Mon Sep 17 00:00:00 2001 From: user Date: Wed, 15 Jan 2025 05:12:37 -0600 Subject: [PATCH] update --- infra/argocd/templates/argocd.yaml | 20 +++ infra/argocd/templates/longhorn.yaml | 21 +++ infra/longhorn/Chart.yaml | 12 ++ infra/longhorn/templates/ingress.yaml | 41 ++++++ infra/longhorn/templates/secrets.yaml | 23 +++ infra/longhorn/values.yaml | 195 ++++++++++++++++++++++++++ 6 files changed, 312 insertions(+) create mode 100644 infra/argocd/templates/longhorn.yaml create mode 100644 infra/longhorn/Chart.yaml create mode 100644 infra/longhorn/templates/ingress.yaml create mode 100644 infra/longhorn/templates/secrets.yaml create mode 100644 infra/longhorn/values.yaml diff --git a/infra/argocd/templates/argocd.yaml b/infra/argocd/templates/argocd.yaml index e2b106e..af5d266 100644 --- a/infra/argocd/templates/argocd.yaml +++ b/infra/argocd/templates/argocd.yaml @@ -18,3 +18,23 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true + +--- + +#apiVersion: external-secrets.io/v1beta1 +#kind: ExternalSecret +#metadata: +# name: vault-argocd +# labels: +# app.kubernetes.io/part-of: argocd +#spec: +# secretStoreRef: +# name: vault +# kind: ClusterSecretStore +# target: +# name: client-secret +# data: +# - secretKey: clientSecret +# remoteRef: +# key: secrets/argocd/authentik +# property: clientsecret diff --git a/infra/argocd/templates/longhorn.yaml b/infra/argocd/templates/longhorn.yaml new file mode 100644 index 0000000..9690120 --- /dev/null +++ b/infra/argocd/templates/longhorn.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: longhorn-system + namespace: argocd +spec: + project: default + source: + repoURL: https://gitlab.com/developerdurp/homelab.git + targetRevision: main + path: infra/longhorn + destination: + namespace: longhorn-system + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/infra/longhorn/Chart.yaml b/infra/longhorn/Chart.yaml new file mode 100644 index 0000000..85720ac --- /dev/null +++ b/infra/longhorn/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: longhorn-system +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "1.16.0" + +dependencies: +- name: longhorn + repository: https://charts.longhorn.io + version: 1.7.2 diff --git a/infra/longhorn/templates/ingress.yaml b/infra/longhorn/templates/ingress.yaml new file mode 100644 index 0000000..84b973b --- /dev/null +++ b/infra/longhorn/templates/ingress.yaml @@ -0,0 +1,41 @@ +#apiVersion: traefik.containo.us/v1alpha1 +#kind: IngressRoute +#metadata: +# name: longhorn-ingress +#spec: +# entryPoints: +# - websecure +# routes: +# - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/`) +# middlewares: +# - name: whitelist +# namespace: traefik +# - name: authentik-proxy-provider +# namespace: traefik +# kind: Rule +# services: +# - name: longhorn-frontend +# port: 80 +# - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) +# kind: Rule +# services: +# - name: ak-outpost-authentik-embedded-outpost +# namespace: authentik +# port: 9000 +# tls: +# secretName: longhorn-tls +# +#--- +# +#apiVersion: cert-manager.io/v1 +#kind: Certificate +#metadata: +# name: longhorn-tls +#spec: +# secretName: longhorn-tls +# issuerRef: +# name: letsencrypt-production +# kind: ClusterIssuer +# commonName: "longhorn.internal.durp.info" +# dnsNames: +# - "longhorn.internal.durp.info" diff --git a/infra/longhorn/templates/secrets.yaml b/infra/longhorn/templates/secrets.yaml new file mode 100644 index 0000000..d7cb88b --- /dev/null +++ b/infra/longhorn/templates/secrets.yaml @@ -0,0 +1,23 @@ +#apiVersion: external-secrets.io/v1beta1 +#kind: ExternalSecret +#metadata: +# name: external-longhorn-backup-token-secret +#spec: +# secretStoreRef: +# name: vault +# kind: ClusterSecretStore +# target: +# name: longhorn-backup-token-secret +# data: +# - secretKey: AWS_ACCESS_KEY_ID +# remoteRef: +# key: secrets/longhorn/backup +# property: AWS_ACCESS_KEY_ID +# - secretKey: AWS_ENDPOINTS +# remoteRef: +# key: secrets/longhorn/backup +# property: AWS_ENDPOINTS +# - secretKey: AWS_SECRET_ACCESS_KEY +# remoteRef: +# key: secrets/longhorn/backup +# property: AWS_SECRET_ACCESS_KEY diff --git a/infra/longhorn/values.yaml b/infra/longhorn/values.yaml new file mode 100644 index 0000000..e3e609c --- /dev/null +++ b/infra/longhorn/values.yaml @@ -0,0 +1,195 @@ +longhorn: + global: + cattle: + systemDefaultRegistry: "" + + image: + longhorn: + engine: + repository: longhornio/longhorn-engine + manager: + repository: longhornio/longhorn-manager + ui: + repository: longhornio/longhorn-ui + instanceManager: + repository: longhornio/longhorn-instance-manager + shareManager: + repository: longhornio/longhorn-share-manager + backingImageManager: + repository: longhornio/backing-image-manager + csi: + attacher: + repository: longhornio/csi-attacher + provisioner: + repository: longhornio/csi-provisioner + nodeDriverRegistrar: + repository: longhornio/csi-node-driver-registrar + resizer: + repository: longhornio/csi-resizer + snapshotter: + repository: longhornio/csi-snapshotter + pullPolicy: Always + + service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + loadBalancerIP: "" + loadBalancerSourceRanges: "" + + persistence: + defaultClass: true + defaultFsType: ext4 + defaultClassReplicaCount: 3 + defaultDataLocality: disabled # best-effort otherwise + reclaimPolicy: Retain + migratable: false + recurringJobSelector: + enable: true + jobList: '[ + { + "name":"backup", + "task":"backup", + "cron":"0 0 * * ?", + "retain":24 + } + ]' + backingImage: + enable: false + name: ~ + dataSourceType: ~ + dataSourceParameters: ~ + expectedChecksum: ~ + + csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + snapshotterReplicaCount: ~ + + defaultSettings: + backupTarget: S3://longhorn-infra@us-east-1/ + backupTargetCredentialSecret: longhorn-backup-token-secret + allowRecurringJobWhileVolumeDetached: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + defaultDataLocality: ~ + replicaSoftAntiAffinity: ~ + replicaAutoBalance: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + defaultLonghornStaticStorageClass: longhorn + backupstorePollInterval: ~ + taintToleration: ~ + systemManagedComponentsNodeSelector: ~ + priorityClass: ~ + autoSalvage: ~ + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + nodeDownPodDeletionPolicy: ~ + allowNodeDrainWithLastHealthyReplica: ~ + mkfsExt4Parameters: ~ + disableReplicaRebuild: ~ + replicaReplenishmentWaitInterval: ~ + concurrentReplicaRebuildPerNodeLimit: ~ + disableRevisionCounter: ~ + systemManagedPodsImagePullPolicy: ~ + allowVolumeCreationWithDegradedAvailability: ~ + autoCleanupSystemGeneratedSnapshot: ~ + concurrentAutomaticEngineUpgradePerNodeLimit: ~ + backingImageCleanupWaitInterval: ~ + backingImageRecoveryWaitInterval: ~ + guaranteedEngineManagerCPU: ~ + guaranteedReplicaManagerCPU: ~ + kubernetesClusterAutoscalerEnabled: ~ + orphanAutoDeletion: ~ + storageNetwork: ~ + privateRegistry: + createSecret: ~ + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + registrySecret: ~ + + longhornManager: + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + + longhornDriver: + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + + longhornUI: + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + + ingress: + enabled: false + + # Configure a pod security policy in the Longhorn namespace to allow privileged pods + enablePSP: true + + ## Specify override namespace, specifically this is useful for using longhorn as sub-chart + ## and its release namespace is not the `longhorn-system` + namespaceOverride: "" + + # Annotations to add to the Longhorn Manager DaemonSet Pods. Optional. + annotations: {} + + serviceAccount: + # Annotations to add to the service account + annotations: {} +