Update longhorn

files/longhorn/longhorn-driver-deployer-Deployment.yaml

@@ -15,18 +15,18 @@ spec:
     spec:
       initContainers:
         - name: wait-longhorn-manager
-          image: longhornio/longhorn-manager:v1.0.1
+          image: longhornio/longhorn-manager:v1.0.2
           command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
       containers:
         - name: longhorn-driver-deployer
-          image: longhornio/longhorn-manager:v1.0.1
+          image: longhornio/longhorn-manager:v1.0.2
           imagePullPolicy: IfNotPresent
           command:
           - longhorn-manager
           - -d
           - deploy-driver
           - --manager-image
-          - longhornio/longhorn-manager:v1.0.1
+          - longhornio/longhorn-manager:v1.0.2
           - --manager-url
           - http://longhorn-backend:9500/v1
           env:

files/longhorn/longhorn-manager-DaemonSet.yaml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: longhorn-manager
-        image: longhornio/longhorn-manager:v1.0.1
+        image: longhornio/longhorn-manager:v1.0.2
         imagePullPolicy: IfNotPresent
         securityContext:
           privileged: true
@@ -25,11 +25,11 @@ spec:
         - -d
         - daemon
         - --engine-image
-        - longhornio/longhorn-engine:v1.0.1
+        - longhornio/longhorn-engine:v1.0.2
         - --instance-manager-image
         - longhornio/longhorn-instance-manager:v1_20200514
         - --manager-image
-        - longhornio/longhorn-manager:v1.0.1
+        - longhornio/longhorn-manager:v1.0.2
         - --service-account
         - longhorn-service-account
         ports:
@@ -45,6 +45,7 @@ spec:
           mountPath: /host/proc/
         - name: varrun
           mountPath: /var/run/
+          mountPropagation: Bidirectional
         - name: longhorn
           mountPath: /var/lib/longhorn/
           mountPropagation: Bidirectional

files/longhorn/longhorn-psp-PodSecurityPolicy.yaml

@@ -0,0 +1,29 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: longhorn-psp
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  requiredDropCapabilities:
+    - NET_RAW
+  allowedCapabilities:
+    - SYS_ADMIN
+  hostNetwork: false
+  hostIPC: false
+  hostPID: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+    - configMap
+    - downwardAPI
+    - emptyDir
+    - secret
+    - projected
+    - hostPath

files/longhorn/longhorn-psp-binding-RoleBinding.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: longhorn-psp-binding
+  namespace: longhorn-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: longhorn-psp-role
+subjects:
+  - kind: ServiceAccount
+    name: longhorn-service-account
+    namespace: longhorn-system
+  - kind: ServiceAccount
+    name: default
+    namespace: longhorn-system

files/longhorn/longhorn-psp-role-Role.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: longhorn-psp-role
+  namespace: longhorn-system
+rules:
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+    resourceNames:
+      - longhorn-psp

files/longhorn/longhorn-ui-Deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
       - name: longhorn-ui
-        image: longhornio/longhorn-ui:v1.0.1
+        image: longhornio/longhorn-ui:v1.0.2
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 0

vars/longhorn.yaml

@@ -12,6 +12,9 @@ storage_longhorn_files_list:
   - "nodes.longhorn.io-CustomResourceDefinition.yaml"
   - "instancemanagers.longhorn.io-CustomResourceDefinition.yaml"
   - "longhorn-default-setting-ConfigMap.yaml"
+  - "longhorn-psp-PodSecurityPolicy.yaml"
+  - "longhorn-psp-role-Role.yaml"
+  - "longhorn-psp-binding-RoleBinding.yaml"
   - "longhorn-manager-DaemonSet.yaml"
   - "longhorn-backend-Service.yaml"
   - "longhorn-ui-Deployment.yaml"