adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: adrien:8cc1e01af4cf37a9daf6dc07588c8f05bf34ac3c
Branches Tags
adrien:master
..
compare: adrien:fc8d34e4a9c033ad3c72def7211a85ebbb2ab759
Branches Tags
adrien:master

No commits in common. "8cc1e01af4cf37a9daf6dc07588c8f05bf34ac3c" and "fc8d34e4a9c033ad3c72def7211a85ebbb2ab759" have entirely different histories.
8cc1e01af4 ... fc8d34e4a9

11 changed files with 32 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

6
files/longhorn/longhorn-driver-deployer-Deployment.yaml
View file

@ -15,18 +15,18 @@ spec:
spec: spec:
initContainers: initContainers:
- name: wait-longhorn-manager - name: wait-longhorn-manager
image: longhornio/longhorn-manager:v1.0.2 image: longhornio/longhorn-manager:v1.0.1
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
containers: containers:
- name: longhorn-driver-deployer - name: longhorn-driver-deployer
image: longhornio/longhorn-manager:v1.0.2 image: longhornio/longhorn-manager:v1.0.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- longhorn-manager - longhorn-manager
- -d - -d
- deploy-driver - deploy-driver
- --manager-image - --manager-image
- longhornio/longhorn-manager:v1.0.2 - longhornio/longhorn-manager:v1.0.1
- --manager-url - --manager-url
- http://longhorn-backend:9500/v1 - http://longhorn-backend:9500/v1
env: env:

7
files/longhorn/longhorn-manager-DaemonSet.yaml
View file

@ -16,7 +16,7 @@ spec:
spec: spec:
containers: containers:
- name: longhorn-manager - name: longhorn-manager
image: longhornio/longhorn-manager:v1.0.2 image: longhornio/longhorn-manager:v1.0.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
privileged: true privileged: true
@ -25,11 +25,11 @@ spec:
- -d - -d
- daemon - daemon
- --engine-image - --engine-image
- longhornio/longhorn-engine:v1.0.2 - longhornio/longhorn-engine:v1.0.1
- --instance-manager-image - --instance-manager-image
- longhornio/longhorn-instance-manager:v1_20200514 - longhornio/longhorn-instance-manager:v1_20200514
- --manager-image - --manager-image
- longhornio/longhorn-manager:v1.0.2 - longhornio/longhorn-manager:v1.0.1
- --service-account - --service-account
- longhorn-service-account - longhorn-service-account
ports: ports:
@ -45,7 +45,6 @@ spec:
mountPath: /host/proc/ mountPath: /host/proc/
- name: varrun - name: varrun
mountPath: /var/run/ mountPath: /var/run/
mountPropagation: Bidirectional
- name: longhorn - name: longhorn
mountPath: /var/lib/longhorn/ mountPath: /var/lib/longhorn/
mountPropagation: Bidirectional mountPropagation: Bidirectional

29
files/longhorn/longhorn-psp-PodSecurityPolicy.yaml
View file

@ -1,29 +0,0 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: longhorn-psp
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities:
- NET_RAW
allowedCapabilities:
- SYS_ADMIN
hostNetwork: false
hostIPC: false
hostPID: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
- hostPath

16
files/longhorn/longhorn-psp-binding-RoleBinding.yaml
View file

@ -1,16 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: longhorn-psp-binding
namespace: longhorn-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: longhorn-psp-role
subjects:
- kind: ServiceAccount
name: longhorn-service-account
namespace: longhorn-system
- kind: ServiceAccount
name: default
namespace: longhorn-system

14
files/longhorn/longhorn-psp-role-Role.yaml
View file

@ -1,14 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: longhorn-psp-role
namespace: longhorn-system
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- longhorn-psp

2
files/longhorn/longhorn-ui-Deployment.yaml
View file

@ -17,7 +17,7 @@ spec:
spec: spec:
containers: containers:
- name: longhorn-ui - name: longhorn-ui
image: longhornio/longhorn-ui:v1.0.2 image: longhornio/longhorn-ui:v1.0.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
runAsUser: 0 runAsUser: 0

2
files/secrets-store/csi-secrets-store-DaemonSet.yaml
View file

@ -43,7 +43,7 @@ spec:
- name: registration-dir - name: registration-dir
mountPath: /registration mountPath: /registration
- name: secrets-store - name: secrets-store
image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.13 image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.12
args: args:
- "--debug=true" - "--debug=true"
- "--endpoint=$(CSI_ENDPOINT)" - "--endpoint=$(CSI_ENDPOINT)"

25
files/secrets-store/secretproviderclasses-role-ClusterRole.yaml
View file

@ -1,7 +1,6 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
creationTimestamp: null
name: secretproviderclasses-role name: secretproviderclasses-role
rules: rules:
- apiGroups: - apiGroups:
@ -11,6 +10,28 @@ rules:
verbs: verbs:
- get - get
- list - list
- update
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasses/status
verbs:
- get
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- update
- patch
- list
- watch - watch
- apiGroups: - apiGroups:
- secrets-store.csi.x-k8s.io - secrets-store.csi.x-k8s.io
@ -30,5 +51,5 @@ rules:
- secretproviderclasspodstatuses/status - secretproviderclasspodstatuses/status
verbs: verbs:
- get - get
- patch
- update - update
- patch

6
files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml
View file

@ -12,7 +12,6 @@ spec:
listKind: SecretProviderClassList listKind: SecretProviderClassList
plural: secretproviderclasses plural: secretproviderclasses
singular: secretproviderclass singular: secretproviderclass
preserveUnknownFields: false
scope: Namespaced scope: Namespaced
validation: validation:
openAPIV3Schema: openAPIV3Schema:
@ -60,11 +59,6 @@ spec:
type: string type: string
type: object type: object
type: array type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName: secretName:
description: name of the K8s secret object description: name of the K8s secret object
type: string type: string

3
vars/longhorn.yaml
View file

@ -12,9 +12,6 @@ storage_longhorn_files_list:
- "nodes.longhorn.io-CustomResourceDefinition.yaml" - "nodes.longhorn.io-CustomResourceDefinition.yaml"
- "instancemanagers.longhorn.io-CustomResourceDefinition.yaml" - "instancemanagers.longhorn.io-CustomResourceDefinition.yaml"
- "longhorn-default-setting-ConfigMap.yaml" - "longhorn-default-setting-ConfigMap.yaml"
- "longhorn-psp-PodSecurityPolicy.yaml"
- "longhorn-psp-role-Role.yaml"
- "longhorn-psp-binding-RoleBinding.yaml"
- "longhorn-manager-DaemonSet.yaml" - "longhorn-manager-DaemonSet.yaml"
- "longhorn-backend-Service.yaml" - "longhorn-backend-Service.yaml"
- "longhorn-ui-Deployment.yaml" - "longhorn-ui-Deployment.yaml"

2
vars/secrets_store_files_list.yml
View file

@ -1,7 +1,7 @@
--- ---
secrets_store_files: secrets_store_files:
- "secrets-store/secrets-store-csi-driver-ServiceAccount.yaml"
- "secrets-store/secretproviderclasses-role-ClusterRole.yaml" - "secrets-store/secretproviderclasses-role-ClusterRole.yaml"
- "secrets-store/secrets-store-csi-driver-ServiceAccount.yaml"
- "secrets-store/secretproviderclasses-rolebinding-ClusterRoleBinding.yaml" - "secrets-store/secretproviderclasses-rolebinding-ClusterRoleBinding.yaml"
- "secrets-store/secrets-store.csi.k8s.io-CSIDriver.yaml" - "secrets-store/secrets-store.csi.k8s.io-CSIDriver.yaml"
- "secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml" - "secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml"