From fe7ec521f287db3226715dfa8cbc4c7d241e5a7b Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Wed, 30 Nov 2022 07:08:16 +0100
Subject: [PATCH] Fix indentation & add longhorn-crypt StorageClass

---
 tasks/longhorn.yml | 53 ++++++++++++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 21 deletions(-)

diff --git a/tasks/longhorn.yml b/tasks/longhorn.yml
index 6e39f5f..5957907 100644
--- a/tasks/longhorn.yml
+++ b/tasks/longhorn.yml
@@ -39,28 +39,39 @@
         namespace: "{{ storage_longhorn_namespace }}"
         resource_definition: "{{ lookup('template', 'longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}"
       with_items:
-        - {
-            name: "snapshot",
-            ansible.builtin.cron: "1 * * * *",
-            task: "snapshot",
-            retain: 25
-          }
-        - {
-            name: "backup-daily",
-            ansible.builtin.cron: "0 1 * * *",
-            task: "backup",
-            retain: 8
-          }
+        - { name: "snapshot", cron: "1 * * * *", task: "snapshot", retain: 25 }
+        - { name: "backup-daily", cron: "0 1 * * *", task: "backup", retain: 8 }
+
+    - name: Add longhorn-crypt StorageClass
+      kubernetes.core.k8s:
+        state: present
+        context: "{{ my_context }}"
+        definition:
+          apiVersion: storage.k8s.io/v1
+          kind: StorageClass
+          metadata:
+            annotations:
+              storageclass.kubernetes.io/is-default-class: "false"
+            name: longhorn-crypt
+          provisioner: driver.longhorn.io
+          reclaimPolicy: Delete
+          volumeBindingMode: Immediate
+          allowVolumeExpansion: true
+          parameters:
+            numberOfReplicas: "3"
+            staleReplicaTimeout: "2880"
+            dataLocality: best-effort
+            fromBackup: ""
+            encrypted: "true"
+            csi.storage.k8s.io/provisioner-secret-name: "longhorn-crypto"
+            csi.storage.k8s.io/provisioner-secret-namespace: ${pvc.namespace}
+            csi.storage.k8s.io/node-publish-secret-name: "longhorn-crypto"
+            csi.storage.k8s.io/node-publish-secret-namespace: ${pvc.namespace}
+            csi.storage.k8s.io/node-stage-secret-name: "longhorn-crypto"
+            csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace}
+            csi.storage.k8s.io/fsType: ext4
+            recurringJobSelector: '[{"name":"snapshot","isGroup":true}, {"name":"backup-daily","isGroup":true}]'
 
-#    - name: Install longhorn UI Ingress
-#      kubernetes.core.k8s:
-#        state: present
-#        context: "{{ my_context }}"
-#        apply: true
-#        namespace: "{{ storage_longhorn_namespace }}"
-#        resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
-#      with_items:
-#        - "longhorn_ingressroute.yaml.j2"
   when:
     - storage_longhorn_enabled
   tags: