adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update longhorn
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2020-08-24 15:20:25 +02:00
parent 3d54f0c30d
commit 8cc1e01af4
7 changed files with 70 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
files/longhorn/longhorn-driver-deployer-Deployment.yaml
View file

@ -15,18 +15,18 @@ spec:
spec: spec:
initContainers: initContainers:
- name: wait-longhorn-manager - name: wait-longhorn-manager
image: longhornio/longhorn-manager:v1.0.1 image: longhornio/longhorn-manager:v1.0.2
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
containers: containers:
- name: longhorn-driver-deployer - name: longhorn-driver-deployer
image: longhornio/longhorn-manager:v1.0.1 image: longhornio/longhorn-manager:v1.0.2
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- longhorn-manager - longhorn-manager
- -d - -d
- deploy-driver - deploy-driver
- --manager-image - --manager-image
- longhornio/longhorn-manager:v1.0.1 - longhornio/longhorn-manager:v1.0.2
- --manager-url - --manager-url
- http://longhorn-backend:9500/v1 - http://longhorn-backend:9500/v1
env: env:

7
files/longhorn/longhorn-manager-DaemonSet.yaml
View file

@ -16,7 +16,7 @@ spec:
spec: spec:
containers: containers:
- name: longhorn-manager - name: longhorn-manager
image: longhornio/longhorn-manager:v1.0.1 image: longhornio/longhorn-manager:v1.0.2
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
privileged: true privileged: true
@ -25,11 +25,11 @@ spec:
- -d - -d
- daemon - daemon
- --engine-image - --engine-image
- longhornio/longhorn-engine:v1.0.1 - longhornio/longhorn-engine:v1.0.2
- --instance-manager-image - --instance-manager-image
- longhornio/longhorn-instance-manager:v1_20200514 - longhornio/longhorn-instance-manager:v1_20200514
- --manager-image - --manager-image
- longhornio/longhorn-manager:v1.0.1 - longhornio/longhorn-manager:v1.0.2
- --service-account - --service-account
- longhorn-service-account - longhorn-service-account
ports: ports:
@ -45,6 +45,7 @@ spec:
mountPath: /host/proc/ mountPath: /host/proc/
- name: varrun - name: varrun
mountPath: /var/run/ mountPath: /var/run/
mountPropagation: Bidirectional
- name: longhorn - name: longhorn
mountPath: /var/lib/longhorn/ mountPath: /var/lib/longhorn/
mountPropagation: Bidirectional mountPropagation: Bidirectional

29
files/longhorn/longhorn-psp-PodSecurityPolicy.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: longhorn-psp
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities:
- NET_RAW
allowedCapabilities:
- SYS_ADMIN
hostNetwork: false
hostIPC: false
hostPID: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
- hostPath

16
files/longhorn/longhorn-psp-binding-RoleBinding.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: longhorn-psp-binding
namespace: longhorn-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: longhorn-psp-role
subjects:
- kind: ServiceAccount
name: longhorn-service-account
namespace: longhorn-system
- kind: ServiceAccount
name: default
namespace: longhorn-system

14
files/longhorn/longhorn-psp-role-Role.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: longhorn-psp-role
namespace: longhorn-system
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- longhorn-psp

2
files/longhorn/longhorn-ui-Deployment.yaml
View file

@ -17,7 +17,7 @@ spec:
spec: spec:
containers: containers:
- name: longhorn-ui - name: longhorn-ui
image: longhornio/longhorn-ui:v1.0.1 image: longhornio/longhorn-ui:v1.0.2
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
runAsUser: 0 runAsUser: 0

3
vars/longhorn.yaml
View file

@ -12,6 +12,9 @@ storage_longhorn_files_list:
- "nodes.longhorn.io-CustomResourceDefinition.yaml" - "nodes.longhorn.io-CustomResourceDefinition.yaml"
- "instancemanagers.longhorn.io-CustomResourceDefinition.yaml" - "instancemanagers.longhorn.io-CustomResourceDefinition.yaml"
- "longhorn-default-setting-ConfigMap.yaml" - "longhorn-default-setting-ConfigMap.yaml"
- "longhorn-psp-PodSecurityPolicy.yaml"
- "longhorn-psp-role-Role.yaml"
- "longhorn-psp-binding-RoleBinding.yaml"
- "longhorn-manager-DaemonSet.yaml" - "longhorn-manager-DaemonSet.yaml"
- "longhorn-backend-Service.yaml" - "longhorn-backend-Service.yaml"
- "longhorn-ui-Deployment.yaml" - "longhorn-ui-Deployment.yaml"