adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: adrien:fc8d34e4a9c033ad3c72def7211a85ebbb2ab759
Branches Tags
adrien:master
..
compare: adrien:8cc1e01af4cf37a9daf6dc07588c8f05bf34ac3c
Branches Tags
adrien:master

2 commits
fc8d34e4a9 ... 8cc1e01af4

Author SHA1 Message Date
Adrien
8cc1e01af4 Update longhorn
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-08-24 15:20:25 +02:00
Adrien
3d54f0c30d Update secret-store 2020-08-24 15:20:02 +02:00
11 changed files with 80 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

6
files/longhorn/longhorn-driver-deployer-Deployment.yaml
View file

@ -15,18 +15,18 @@ spec:
spec: spec:
initContainers: initContainers:
- name: wait-longhorn-manager - name: wait-longhorn-manager
image: longhornio/longhorn-manager:v1.0.1 image: longhornio/longhorn-manager:v1.0.2
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
containers: containers:
- name: longhorn-driver-deployer - name: longhorn-driver-deployer
image: longhornio/longhorn-manager:v1.0.1 image: longhornio/longhorn-manager:v1.0.2
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- longhorn-manager - longhorn-manager
- -d - -d
- deploy-driver - deploy-driver
- --manager-image - --manager-image
- longhornio/longhorn-manager:v1.0.1 - longhornio/longhorn-manager:v1.0.2
- --manager-url - --manager-url
- http://longhorn-backend:9500/v1 - http://longhorn-backend:9500/v1
env: env:

7
files/longhorn/longhorn-manager-DaemonSet.yaml
View file

@ -16,7 +16,7 @@ spec:
spec: spec:
containers: containers:
- name: longhorn-manager - name: longhorn-manager
image: longhornio/longhorn-manager:v1.0.1 image: longhornio/longhorn-manager:v1.0.2
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
privileged: true privileged: true
@ -25,11 +25,11 @@ spec:
- -d - -d
- daemon - daemon
- --engine-image - --engine-image
- longhornio/longhorn-engine:v1.0.1 - longhornio/longhorn-engine:v1.0.2
- --instance-manager-image - --instance-manager-image
- longhornio/longhorn-instance-manager:v1_20200514 - longhornio/longhorn-instance-manager:v1_20200514
- --manager-image - --manager-image
- longhornio/longhorn-manager:v1.0.1 - longhornio/longhorn-manager:v1.0.2
- --service-account - --service-account
- longhorn-service-account - longhorn-service-account
ports: ports:
@ -45,6 +45,7 @@ spec:
mountPath: /host/proc/ mountPath: /host/proc/
- name: varrun - name: varrun
mountPath: /var/run/ mountPath: /var/run/
mountPropagation: Bidirectional
- name: longhorn - name: longhorn
mountPath: /var/lib/longhorn/ mountPath: /var/lib/longhorn/
mountPropagation: Bidirectional mountPropagation: Bidirectional

29
files/longhorn/longhorn-psp-PodSecurityPolicy.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: longhorn-psp
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities:
- NET_RAW
allowedCapabilities:
- SYS_ADMIN
hostNetwork: false
hostIPC: false
hostPID: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
- hostPath

16
files/longhorn/longhorn-psp-binding-RoleBinding.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: longhorn-psp-binding
namespace: longhorn-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: longhorn-psp-role
subjects:
- kind: ServiceAccount
name: longhorn-service-account
namespace: longhorn-system
- kind: ServiceAccount
name: default
namespace: longhorn-system

14
files/longhorn/longhorn-psp-role-Role.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: longhorn-psp-role
namespace: longhorn-system
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- longhorn-psp

2
files/longhorn/longhorn-ui-Deployment.yaml
View file

@ -17,7 +17,7 @@ spec:
spec: spec:
containers: containers:
- name: longhorn-ui - name: longhorn-ui
image: longhornio/longhorn-ui:v1.0.1 image: longhornio/longhorn-ui:v1.0.2
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
runAsUser: 0 runAsUser: 0

2
files/secrets-store/csi-secrets-store-DaemonSet.yaml
View file

@ -43,7 +43,7 @@ spec:
- name: registration-dir - name: registration-dir
mountPath: /registration mountPath: /registration
- name: secrets-store - name: secrets-store
image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.12 image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.13
args: args:
- "--debug=true" - "--debug=true"
- "--endpoint=$(CSI_ENDPOINT)" - "--endpoint=$(CSI_ENDPOINT)"

25
files/secrets-store/secretproviderclasses-role-ClusterRole.yaml
View file

@ -1,6 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
creationTimestamp: null
name: secretproviderclasses-role name: secretproviderclasses-role
rules: rules:
- apiGroups: - apiGroups:
@ -10,28 +11,6 @@ rules:
verbs: verbs:
- get - get
- list - list
- update
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasses/status
verbs:
- get
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- update
- patch
- list
- watch - watch
- apiGroups: - apiGroups:
- secrets-store.csi.x-k8s.io - secrets-store.csi.x-k8s.io
@ -51,5 +30,5 @@ rules:
- secretproviderclasspodstatuses/status - secretproviderclasspodstatuses/status
verbs: verbs:
- get - get
- update
- patch - patch
- update

6
files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml
View file

@ -12,6 +12,7 @@ spec:
listKind: SecretProviderClassList listKind: SecretProviderClassList
plural: secretproviderclasses plural: secretproviderclasses
singular: secretproviderclass singular: secretproviderclass
preserveUnknownFields: false
scope: Namespaced scope: Namespaced
validation: validation:
openAPIV3Schema: openAPIV3Schema:
@ -59,6 +60,11 @@ spec:
type: string type: string
type: object type: object
type: array type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName: secretName:
description: name of the K8s secret object description: name of the K8s secret object
type: string type: string

3
vars/longhorn.yaml
View file

@ -12,6 +12,9 @@ storage_longhorn_files_list:
- "nodes.longhorn.io-CustomResourceDefinition.yaml" - "nodes.longhorn.io-CustomResourceDefinition.yaml"
- "instancemanagers.longhorn.io-CustomResourceDefinition.yaml" - "instancemanagers.longhorn.io-CustomResourceDefinition.yaml"
- "longhorn-default-setting-ConfigMap.yaml" - "longhorn-default-setting-ConfigMap.yaml"
- "longhorn-psp-PodSecurityPolicy.yaml"
- "longhorn-psp-role-Role.yaml"
- "longhorn-psp-binding-RoleBinding.yaml"
- "longhorn-manager-DaemonSet.yaml" - "longhorn-manager-DaemonSet.yaml"
- "longhorn-backend-Service.yaml" - "longhorn-backend-Service.yaml"
- "longhorn-ui-Deployment.yaml" - "longhorn-ui-Deployment.yaml"

2
vars/secrets_store_files_list.yml
View file

@ -1,7 +1,7 @@
--- ---
secrets_store_files: secrets_store_files:
- "secrets-store/secretproviderclasses-role-ClusterRole.yaml"
- "secrets-store/secrets-store-csi-driver-ServiceAccount.yaml" - "secrets-store/secrets-store-csi-driver-ServiceAccount.yaml"
- "secrets-store/secretproviderclasses-role-ClusterRole.yaml"
- "secrets-store/secretproviderclasses-rolebinding-ClusterRoleBinding.yaml" - "secrets-store/secretproviderclasses-rolebinding-ClusterRoleBinding.yaml"
- "secrets-store/secrets-store.csi.k8s.io-CSIDriver.yaml" - "secrets-store/secrets-store.csi.k8s.io-CSIDriver.yaml"
- "secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml" - "secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml"