From 4952e6f278227e5d03eac20975b43596f2184fd2 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 24 Apr 2023 23:17:26 -0500 Subject: [PATCH] storage: Upgrade Longhorn to v1.4.1 --- storage/longhorn.yaml | 768 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 635 insertions(+), 133 deletions(-) diff --git a/storage/longhorn.yaml b/storage/longhorn.yaml index ce9c4da..a825c74 100644 --- a/storage/longhorn.yaml +++ b/storage/longhorn.yaml @@ -5,41 +5,6 @@ kind: Namespace metadata: name: longhorn-system --- -# Source: longhorn/templates/psp.yaml -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: longhorn-psp - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 -spec: - privileged: true - allowPrivilegeEscalation: true - requiredDropCapabilities: - - NET_RAW - allowedCapabilities: - - SYS_ADMIN - hostNetwork: false - hostIPC: false - hostPID: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - fsGroup: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - downwardAPI - - emptyDir - - secret - - projected - - hostPath ---- # Source: longhorn/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount @@ -49,7 +14,18 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 +--- +# Source: longhorn/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-support-bundle + namespace: longhorn-system + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.4.1 --- # Source: longhorn/templates/default-setting.yaml apiVersion: v1 @@ -60,10 +36,9 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 data: default-setting.yaml: |- - create-default-disk-labeled-nodes: true --- # Source: longhorn/templates/storageclass.yaml apiVersion: v1 @@ -74,9 +49,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 - annotations: - storageclass.kubernetes.io/is-default-class: 'true' + app.kubernetes.io/version: v1.4.1 data: storageclass.yaml: | kind: StorageClass @@ -106,7 +79,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: backingimagedatasources.longhorn.io spec: @@ -277,7 +250,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: backingimagemanagers.longhorn.io spec: @@ -462,7 +435,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: backingimages.longhorn.io spec: @@ -637,7 +610,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: backups.longhorn.io spec: @@ -830,7 +803,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: backuptargets.longhorn.io spec: @@ -1013,7 +986,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: backupvolumes.longhorn.io spec: @@ -1177,10 +1150,11 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: engineimages.longhorn.io spec: + preserveUnknownFields: false conversion: strategy: Webhook webhook: @@ -1212,7 +1186,7 @@ spec: jsonPath: .spec.image name: Image type: string - - description: Number of volumes are using the engine image + - description: Number of resources using the engine image jsonPath: .status.refCount name: RefCount type: integer @@ -1254,7 +1228,7 @@ spec: jsonPath: .spec.image name: Image type: string - - description: Number of volumes are using the engine image + - description: Number of resources using the engine image jsonPath: .status.refCount name: RefCount type: integer @@ -1368,7 +1342,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: engines.longhorn.io spec: @@ -1492,6 +1466,8 @@ spec: type: boolean salvageRequested: type: boolean + unmapMarkSnapChainRemovedEnabled: + type: boolean upgradedReplicaAddressMap: additionalProperties: type: string @@ -1541,6 +1517,30 @@ spec: type: object nullable: true type: object + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array currentImage: type: string currentReplicaAddressMap: @@ -1666,6 +1666,8 @@ spec: type: boolean storageIP: type: string + unmapMarkSnapChainRemovedEnabled: + type: boolean type: object type: object served: true @@ -1689,7 +1691,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: instancemanagers.longhorn.io spec: @@ -1774,7 +1776,7 @@ spec: description: InstanceManagerSpec defines the desired state of the Longhorn instancer manager properties: engineImage: - description: 'TODO: deprecate this field' + description: 'Deprecated: This field is useless.' type: string image: type: string @@ -1859,10 +1861,11 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: nodes.longhorn.io spec: + preserveUnknownFields: false conversion: strategy: Webhook webhook: @@ -2064,6 +2067,14 @@ spec: type: object region: type: string + snapshotCheckStatus: + properties: + lastPeriodicCheckedAt: + format: date-time + type: string + snapshotCheckState: + type: string + type: object zone: type: string type: object @@ -2089,7 +2100,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: orphans.longhorn.io spec: @@ -2258,7 +2269,7 @@ spec: jsonPath: .spec.groups name: Groups type: string - - description: Should be one of "backup" or "snapshot" + - description: Should be one of "snapshot", "snapshot-cleanup", "snapshot-delete" or "backup" jsonPath: .spec.task name: Task type: string @@ -2320,9 +2331,11 @@ spec: description: The retain count of the snapshot/backup. type: integer task: - description: The recurring job type. Can be "snapshot" or "backup". + description: The recurring job task. Can be "snapshot", "snapshot-cleanup", "snapshot-delete" or "backup". enum: - snapshot + - snapshot-cleanup + - snapshot-delete - backup type: string type: object @@ -2355,7 +2368,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: replicas.longhorn.io spec: @@ -2493,6 +2506,8 @@ spec: type: boolean salvageRequested: type: boolean + unmapMarkDiskChainRemovedEnabled: + type: boolean volumeName: type: string volumeSize: @@ -2502,6 +2517,30 @@ spec: status: description: ReplicaStatus defines the observed state of the Longhorn replica properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array currentImage: type: string currentState: @@ -2547,7 +2586,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: settings.longhorn.io spec: @@ -2638,7 +2677,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: sharemanagers.longhorn.io spec: @@ -2749,7 +2788,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: snapshots.longhorn.io spec: @@ -2821,6 +2860,8 @@ spec: status: description: SnapshotStatus defines the observed state of Longhorn Snapshot properties: + checksum: + type: string children: additionalProperties: type: boolean @@ -2870,13 +2911,366 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 + longhorn-manager: "" + name: supportbundles.longhorn.io +spec: + group: longhorn.io + names: + kind: SupportBundle + listKind: SupportBundleList + plural: supportbundles + shortNames: + - lhbundle + singular: supportbundle + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The state of the support bundle + jsonPath: .status.state + name: State + type: string + - description: The issue URL + jsonPath: .spec.issueURL + name: Issue + type: string + - description: A brief description of the issue + jsonPath: .spec.description + name: Description + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: SupportBundle is where Longhorn stores support bundle object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SupportBundleSpec defines the desired state of the Longhorn SupportBundle + properties: + description: + description: A brief description of the issue + type: string + issueURL: + description: The issue URL + nullable: true + type: string + nodeID: + description: The preferred responsible controller node ID. + type: string + required: + - description + type: object + status: + description: SupportBundleStatus defines the observed state of the Longhorn SupportBundle + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + filename: + type: string + filesize: + format: int64 + type: integer + image: + description: The support bundle manager image + type: string + managerIP: + description: The support bundle manager IP + type: string + ownerID: + description: The current responsible controller node ID + type: string + progress: + type: integer + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +# Source: longhorn/templates/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.4.1 + longhorn-manager: "" + name: systembackups.longhorn.io +spec: + group: longhorn.io + names: + kind: SystemBackup + listKind: SystemBackupList + plural: systembackups + shortNames: + - lhsb + singular: systembackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The system backup Longhorn version + jsonPath: .status.version + name: Version + type: string + - description: The system backup state + jsonPath: .status.state + name: State + type: string + - description: The system backup creation time + jsonPath: .status.createdAt + name: Created + type: string + - description: The last time that the system backup was synced into the cluster + jsonPath: .status.lastSyncedAt + name: LastSyncedAt + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: SystemBackup is where Longhorn stores system backup object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SystemBackupSpec defines the desired state of the Longhorn SystemBackup + type: object + status: + description: SystemBackupStatus defines the observed state of the Longhorn SystemBackup + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + createdAt: + description: The system backup creation time. + format: date-time + type: string + gitCommit: + description: The saved Longhorn manager git commit. + nullable: true + type: string + lastSyncedAt: + description: The last time that the system backup was synced into the cluster. + format: date-time + nullable: true + type: string + managerImage: + description: The saved manager image. + type: string + ownerID: + description: The node ID of the responsible controller to reconcile this SystemBackup. + type: string + state: + description: The system backup state. + type: string + version: + description: The saved Longhorn version. + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +# Source: longhorn/templates/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.4.1 + longhorn-manager: "" + name: systemrestores.longhorn.io +spec: + group: longhorn.io + names: + kind: SystemRestore + listKind: SystemRestoreList + plural: systemrestores + shortNames: + - lhsr + singular: systemrestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The system restore state + jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: SystemRestore is where Longhorn stores system restore object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SystemRestoreSpec defines the desired state of the Longhorn SystemRestore + properties: + systemBackup: + description: The system backup name in the object store. + type: string + required: + - systemBackup + type: object + status: + description: SystemRestoreStatus defines the observed state of the Longhorn SystemRestore + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + ownerID: + description: The node ID of the responsible controller to reconcile this SystemRestore. + type: string + sourceURL: + description: The source system backup URL. + type: string + state: + description: The system restore state. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +# Source: longhorn/templates/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.4.1 longhorn-manager: "" name: volumes.longhorn.io spec: + preserveUnknownFields: false conversion: strategy: Webhook webhook: @@ -3001,6 +3395,7 @@ spec: enum: - disabled - best-effort + - strict-local type: string dataSource: type: string @@ -3016,6 +3411,12 @@ spec: type: string fromBackup: type: string + restoreVolumeRecurringJob: + enum: + - ignored + - enabled + - disabled + type: string frontend: enum: - blockdev @@ -3039,7 +3440,7 @@ spec: recurringJobs: description: Deprecated. Replaced by a separate resource named "RecurringJob" items: - description: 'VolumeRecurringJobSpec is a deprecated struct. TODO: Should be removed when recurringJobs gets removed from the volume spec.' + description: 'Deprecated: This field is useless and has been replaced by the RecurringJob CRD' properties: concurrency: type: integer @@ -3060,6 +3461,8 @@ spec: task: enum: - snapshot + - snapshot-cleanup + - snapshot-delete - backup type: string type: object @@ -3076,8 +3479,21 @@ spec: size: format: int64 type: string + snapshotDataIntegrity: + enum: + - ignored + - disabled + - enabled + - fast-check + type: string staleReplicaTimeout: type: integer + unmapMarkSnapChainRemoved: + enum: + - ignored + - disabled + - enabled + type: string type: object status: description: VolumeStatus defines the observed state of the Longhorn volume @@ -3204,7 +3620,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 rules: - apiGroups: - apiextensions.k8s.io @@ -3213,7 +3629,7 @@ rules: verbs: - "*" - apiGroups: [""] - resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps", "serviceaccounts"] verbs: ["*"] - apiGroups: [""] resources: ["namespaces"] @@ -3225,7 +3641,7 @@ rules: resources: ["jobs", "cronjobs"] verbs: ["*"] - apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] + resources: ["poddisruptionbudgets", "podsecuritypolicies"] verbs: ["*"] - apiGroups: ["scheduling.k8s.io"] resources: ["priorityclasses"] @@ -3242,7 +3658,8 @@ rules: "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", - "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status"] + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status"] verbs: ["*"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -3256,6 +3673,9 @@ rules: - apiGroups: ["admissionregistration.k8s.io"] resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] verbs: ["get", "list", "create", "patch", "delete"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles", "rolebindings", "clusterrolebindings", "clusterroles"] + verbs: ["*"] --- # Source: longhorn/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -3265,7 +3685,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -3275,46 +3695,22 @@ subjects: name: longhorn-service-account namespace: longhorn-system --- -# Source: longhorn/templates/psp.yaml +# Source: longhorn/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRoleBinding metadata: - name: longhorn-psp-role + name: longhorn-support-bundle labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 - namespace: longhorn-system -rules: -- apiGroups: - - policy - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - longhorn-psp ---- -# Source: longhorn/templates/psp.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: longhorn-psp-binding - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 - namespace: longhorn-system + app.kubernetes.io/version: v1.4.1 roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: longhorn-psp-role + kind: ClusterRole + name: cluster-admin subjects: - kind: ServiceAccount - name: longhorn-service-account - namespace: longhorn-system -- kind: ServiceAccount - name: default + name: longhorn-support-bundle namespace: longhorn-system --- # Source: longhorn/templates/daemonset-sa.yaml @@ -3324,7 +3720,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-manager name: longhorn-backend namespace: longhorn-system @@ -3345,7 +3741,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-ui name: longhorn-frontend namespace: longhorn-system @@ -3366,7 +3762,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-conversion-webhook name: longhorn-conversion-webhook namespace: longhorn-system @@ -3387,7 +3783,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-admission-webhook name: longhorn-admission-webhook namespace: longhorn-system @@ -3408,7 +3804,28 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 + app: longhorn-recovery-backend + name: longhorn-recovery-backend + namespace: longhorn-system +spec: + type: ClusterIP + sessionAffinity: ClientIP + selector: + app: longhorn-recovery-backend + ports: + - name: recovery-backend + port: 9600 + targetPort: recov-backend +--- +# Source: longhorn/templates/services.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.4.1 name: longhorn-engine-manager namespace: longhorn-system spec: @@ -3424,7 +3841,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 name: longhorn-replica-manager namespace: longhorn-system spec: @@ -3440,7 +3857,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-manager name: longhorn-manager namespace: longhorn-system @@ -3453,16 +3870,16 @@ spec: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-manager spec: initContainers: - name: wait-longhorn-admission-webhook - image: longhornio/longhorn-manager:v1.3.0 + image: longhornio/longhorn-manager:v1.4.1 command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-admission-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] containers: - name: longhorn-manager - image: longhornio/longhorn-manager:v1.3.0 + image: longhornio/longhorn-manager:v1.4.1 imagePullPolicy: IfNotPresent securityContext: privileged: true @@ -3471,15 +3888,17 @@ spec: - -d - daemon - --engine-image - - "longhornio/longhorn-engine:v1.3.0" + - "longhornio/longhorn-engine:v1.4.1" - --instance-manager-image - - "longhornio/longhorn-instance-manager:v1_20220611" + - "longhornio/longhorn-instance-manager:v1.4.1" - --share-manager-image - - "longhornio/longhorn-share-manager:v1_20220531" + - "longhornio/longhorn-share-manager:v1.4.1" - --backing-image-manager-image - - "longhornio/backing-image-manager:v3_20220609" + - "longhornio/backing-image-manager:v1.4.1" + - --support-bundle-manager-image + - "longhornio/support-bundle-kit:v0.0.19" - --manager-image - - "longhornio/longhorn-manager:v1.3.0" + - "longhornio/longhorn-manager:v1.4.1" - --service-account - longhorn-service-account ports: @@ -3539,7 +3958,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 spec: replicas: 1 selector: @@ -3550,23 +3969,23 @@ spec: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-driver-deployer spec: initContainers: - name: wait-longhorn-manager - image: longhornio/longhorn-manager:v1.3.0 + image: longhornio/longhorn-manager:v1.4.1 command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] containers: - name: longhorn-driver-deployer - image: longhornio/longhorn-manager:v1.3.0 + image: longhornio/longhorn-manager:v1.4.1 imagePullPolicy: IfNotPresent command: - longhorn-manager - -d - deploy-driver - --manager-image - - "longhornio/longhorn-manager:v1.3.0" + - "longhornio/longhorn-manager:v1.4.1" - --manager-url - http://longhorn-backend:9500/v1 env: @@ -3589,13 +4008,81 @@ spec: - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE value: "longhornio/csi-node-driver-registrar:v2.5.0" - name: CSI_RESIZER_IMAGE - value: "longhornio/csi-resizer:v1.2.0" + value: "longhornio/csi-resizer:v1.3.0" - name: CSI_SNAPSHOTTER_IMAGE - value: "longhornio/csi-snapshotter:v3.0.3" + value: "longhornio/csi-snapshotter:v5.0.1" + - name: CSI_LIVENESS_PROBE_IMAGE + value: "longhornio/livenessprobe:v2.8.0" serviceAccountName: longhorn-service-account securityContext: runAsUser: 0 --- +# Source: longhorn/templates/deployment-recovery-backend.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.4.1 + app: longhorn-recovery-backend + name: longhorn-recovery-backend + namespace: longhorn-system +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-recovery-backend + template: + metadata: + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.4.1 + app: longhorn-recovery-backend + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - longhorn-recovery-backend + topologyKey: kubernetes.io/hostname + containers: + - name: longhorn-recovery-backend + image: longhornio/longhorn-manager:v1.4.1 + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 2000 + command: + - longhorn-manager + - recovery-backend + - --service-account + - longhorn-service-account + ports: + - containerPort: 9600 + name: recov-backend + readinessProbe: + tcpSocket: + port: 9600 + initialDelaySeconds: 3 + periodSeconds: 5 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + serviceAccountName: longhorn-service-account +--- # Source: longhorn/templates/deployment-ui.yaml apiVersion: apps/v1 kind: Deployment @@ -3603,7 +4090,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-ui name: longhorn-ui namespace: longhorn-system @@ -3617,12 +4104,24 @@ spec: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-ui spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - longhorn-ui + topologyKey: kubernetes.io/hostname containers: - name: longhorn-ui - image: longhornio/longhorn-ui:v1.3.0 + image: longhornio/longhorn-ui:v1.4.1 imagePullPolicy: IfNotPresent volumeMounts: - name : nginx-cache @@ -3654,12 +4153,12 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-conversion-webhook name: longhorn-conversion-webhook namespace: longhorn-system spec: - replicas: 2 + replicas: 1 selector: matchLabels: app: longhorn-conversion-webhook @@ -3668,7 +4167,7 @@ spec: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-conversion-webhook spec: affinity: @@ -3685,7 +4184,7 @@ spec: topologyKey: kubernetes.io/hostname containers: - name: longhorn-conversion-webhook - image: longhornio/longhorn-manager:v1.3.0 + image: longhornio/longhorn-manager:v1.4.1 imagePullPolicy: IfNotPresent securityContext: runAsUser: 2000 @@ -3714,12 +4213,12 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-admission-webhook name: longhorn-admission-webhook namespace: longhorn-system spec: - replicas: 2 + replicas: 1 selector: matchLabels: app: longhorn-admission-webhook @@ -3728,7 +4227,7 @@ spec: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.3.0 + app.kubernetes.io/version: v1.4.1 app: longhorn-admission-webhook spec: affinity: @@ -3745,14 +4244,14 @@ spec: topologyKey: kubernetes.io/hostname initContainers: - name: wait-longhorn-conversion-webhook - image: longhornio/longhorn-manager:v1.3.0 + image: longhornio/longhorn-manager:v1.4.1 command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-conversion-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] imagePullPolicy: IfNotPresent securityContext: runAsUser: 2000 containers: - name: longhorn-admission-webhook - image: longhornio/longhorn-manager:v1.3.0 + image: longhornio/longhorn-manager:v1.4.1 imagePullPolicy: IfNotPresent securityContext: runAsUser: 2000 @@ -3777,3 +4276,6 @@ spec: fieldRef: fieldPath: spec.nodeName serviceAccountName: longhorn-service-account +--- +# Source: longhorn/templates/validate-psp-install.yaml +#