diff --git a/kustomize/bases/longhorn/kustomization.yaml b/kustomize/bases/longhorn/kustomization.yaml index b4e4bc3..a618721 100644 --- a/kustomize/bases/longhorn/kustomization.yaml +++ b/kustomize/bases/longhorn/kustomization.yaml @@ -1,6 +1,14 @@ resources: - - https://raw.githubusercontent.com/longhorn/longhorn/v1.2.0/deploy/longhorn.yaml - - longhorn-ingress.yaml + - longhorn-helmchart.yaml + - longhorn-recurringjob.yaml -patchesStrategicMerge: - - longhorn-configmap-patch.yaml +secretGenerator: + - name: s3-backupstore-credentials + type: Opaque + namespace: longhorn-system + literals: + - AWS_ACCESS_KEY_ID=changeme + - AWS_SECRET_ACCESS_KEY=changeme + +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/kustomize/bases/longhorn/longhorn-configmap-patch.yaml b/kustomize/bases/longhorn/longhorn-configmap-patch.yaml deleted file mode 100644 index dfc15da..0000000 --- a/kustomize/bases/longhorn/longhorn-configmap-patch.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: longhorn-default-setting - namespace: longhorn-system -data: - default-setting.yaml: |- - backup-target: - backup-target-credential-secret: - allow-recurring-job-while-volume-detached: - create-default-disk-labeled-nodes: - default-data-path: - replica-soft-anti-affinity: - storage-over-provisioning-percentage: - storage-minimal-available-percentage: - upgrade-checker: - default-replica-count: 2 - default-data-locality: best-effort - guaranteed-engine-cpu: - default-longhorn-static-storage-class: - backupstore-poll-interval: - taint-toleration: - system-managed-components-node-selector: - priority-class: - auto-salvage: - auto-delete-pod-when-volume-detached-unexpectedly: - disable-scheduling-on-cordoned-node: - replica-zone-soft-anti-affinity: - volume-attachment-recovery-policy: - node-down-pod-deletion-policy: - allow-node-drain-with-last-healthy-replica: - mkfs-ext4-parameters: - disable-replica-rebuild: - replica-replenishment-wait-interval: - disable-revision-counter: - system-managed-pods-image-pull-policy: - allow-volume-creation-with-degraded-availability: - auto-cleanup-system-generated-snapshot: - concurrent-automatic-engine-upgrade-per-node-limit: - backing-image-cleanup-wait-interval: - guaranteed-engine-manager-cpu: - guaranteed-replica-manager-cpu: ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: longhorn-storageclass - namespace: longhorn-system -data: - storageclass.yaml: | - kind: StorageClass - apiVersion: storage.k8s.io/v1 - metadata: - name: longhorn - provisioner: driver.longhorn.io - allowVolumeExpansion: true - reclaimPolicy: Delete - volumeBindingMode: Immediate - parameters: - numberOfReplicas: "2" - staleReplicaTimeout: "2880" - fromBackup: "" - # backingImage: "bi-test" - # backingImageDataSourceType: "download" - # backingImageDataSourceParameters: '{"url": "https://backing-image-example.s3-region.amazonaws.com/test-backing-image"}' - # backingImageChecksum: "SHA512 checksum of the backing image" - # diskSelector: "ssd,fast" - # nodeSelector: "storage,fast" - # recurringJobSelector: '[{"name":"snap-group", "isGroup":true}, - # {"name":"backup", "isGroup":false}]' \ No newline at end of file diff --git a/kustomize/bases/longhorn/longhorn-helmchart.yaml b/kustomize/bases/longhorn/longhorn-helmchart.yaml new file mode 100644 index 0000000..0079378 --- /dev/null +++ b/kustomize/bases/longhorn/longhorn-helmchart.yaml @@ -0,0 +1,21 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: longhorn + namespace: kube-system +spec: + repo: https://charts.longhorn.io + chart: longhorn + version: 1.2.3 + targetNamespace: longhorn-system + set: + backupTargetCredentialSecret: s3-backupstore-credentials + valuesContent: |- + defaultSettings: + backupTarget: s3://longhorn-backups@home/ + defaultReplicaCount: 2 + defaultDataLocality: best-effort + replicaAutoBalance: least-effort + ingress: + enabled: true + host: ${LONGHORN_EXTERNAL_HOST} diff --git a/kustomize/bases/longhorn/longhorn-ingress.yaml b/kustomize/bases/longhorn/longhorn-ingress.yaml deleted file mode 100644 index 9b033ae..0000000 --- a/kustomize/bases/longhorn/longhorn-ingress.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: longhorn-frontend - namespace: longhorn-system - labels: - app.kubernetes.io/name: longhorn-ui - probe: blackbox-http -spec: - rules: - - host: ${LONGHORN_EXTERNAL_HOST} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: longhorn-frontend - port: - name: http diff --git a/kustomize/bases/longhorn/longhorn-recurringjob.yaml b/kustomize/bases/longhorn/longhorn-recurringjob.yaml new file mode 100644 index 0000000..cd38a91 --- /dev/null +++ b/kustomize/bases/longhorn/longhorn-recurringjob.yaml @@ -0,0 +1,14 @@ +apiVersion: longhorn.io/v1beta1 +kind: RecurringJob +metadata: + name: weekly-backups + namespace: longhorn-system +spec: + cron: "0 3 * * 2" + task: "backup" + groups: + - default + retain: 2 + concurrency: 1 + labels: + - job: weekly-backups \ No newline at end of file diff --git a/kustomize/overlays/prod-cluster/kustomization.yaml b/kustomize/overlays/prod-cluster/kustomization.yaml index 1ac61ac..995da4d 100644 --- a/kustomize/overlays/prod-cluster/kustomization.yaml +++ b/kustomize/overlays/prod-cluster/kustomization.yaml @@ -9,3 +9,14 @@ commonLabels: transformers: - transformers/placeholders.yaml + - transformers/ssm-secrets.yaml + +secretGenerator: + - name: s3-backupstore-credentials + type: Opaque + namespace: longhorn-system + behavior: replace + literals: + - AWS_ACCESS_KEY_ID=${ssm:/k3s/prod/longhorn/s3_access_key_id} + - AWS_SECRET_ACCESS_KEY=${ssm:/k3s/prod/longhorn/s3_secret_access_key} + - AWS_ENDPOINTS=https://s3.badjware.dev \ No newline at end of file