move longhorn deployment to helm

kustomize/bases/longhorn/kustomization.yaml

@@ -1,6 +1,14 @@
 resources:
-  - https://raw.githubusercontent.com/longhorn/longhorn/v1.2.0/deploy/longhorn.yaml
+  - longhorn-helmchart.yaml
-  - longhorn-ingress.yaml
+  - longhorn-recurringjob.yaml
 
-patchesStrategicMerge:
+secretGenerator:
-  - longhorn-configmap-patch.yaml
+  - name: s3-backupstore-credentials
+    type: Opaque
+    namespace: longhorn-system
+    literals:
+      - AWS_ACCESS_KEY_ID=changeme
+      - AWS_SECRET_ACCESS_KEY=changeme
+
+generatorOptions:
+  disableNameSuffixHash: true

kustomize/bases/longhorn/longhorn-configmap-patch.yaml

@@ -1,70 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: longhorn-default-setting
-  namespace: longhorn-system
-data:
-  default-setting.yaml: |-
-    backup-target:
-    backup-target-credential-secret:
-    allow-recurring-job-while-volume-detached:
-    create-default-disk-labeled-nodes:
-    default-data-path:
-    replica-soft-anti-affinity:
-    storage-over-provisioning-percentage:
-    storage-minimal-available-percentage:
-    upgrade-checker:
-    default-replica-count: 2
-    default-data-locality: best-effort
-    guaranteed-engine-cpu:
-    default-longhorn-static-storage-class:
-    backupstore-poll-interval:
-    taint-toleration:
-    system-managed-components-node-selector:
-    priority-class:
-    auto-salvage:
-    auto-delete-pod-when-volume-detached-unexpectedly:
-    disable-scheduling-on-cordoned-node:
-    replica-zone-soft-anti-affinity:
-    volume-attachment-recovery-policy:
-    node-down-pod-deletion-policy:
-    allow-node-drain-with-last-healthy-replica:
-    mkfs-ext4-parameters:
-    disable-replica-rebuild:
-    replica-replenishment-wait-interval:
-    disable-revision-counter:
-    system-managed-pods-image-pull-policy:
-    allow-volume-creation-with-degraded-availability:
-    auto-cleanup-system-generated-snapshot:
-    concurrent-automatic-engine-upgrade-per-node-limit:
-    backing-image-cleanup-wait-interval:
-    guaranteed-engine-manager-cpu:
-    guaranteed-replica-manager-cpu:
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: longhorn-storageclass
-  namespace: longhorn-system
-data:
-  storageclass.yaml: |
-    kind: StorageClass
-    apiVersion: storage.k8s.io/v1
-    metadata:
-      name: longhorn
-    provisioner: driver.longhorn.io
-    allowVolumeExpansion: true
-    reclaimPolicy: Delete
-    volumeBindingMode: Immediate
-    parameters:
-      numberOfReplicas: "2"
-      staleReplicaTimeout: "2880"
-      fromBackup: ""
-    #  backingImage: "bi-test"
-    #  backingImageDataSourceType: "download"
-    #  backingImageDataSourceParameters: '{"url": "https://backing-image-example.s3-region.amazonaws.com/test-backing-image"}'
-    #  backingImageChecksum: "SHA512 checksum of the backing image"
-    #  diskSelector: "ssd,fast"
-    #  nodeSelector: "storage,fast"
-    #  recurringJobSelector: '[{"name":"snap-group", "isGroup":true},
-    #                          {"name":"backup", "isGroup":false}]'

kustomize/bases/longhorn/longhorn-helmchart.yaml

@@ -0,0 +1,21 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: longhorn
+  namespace: kube-system
+spec:
+  repo: https://charts.longhorn.io
+  chart: longhorn
+  version: 1.2.3
+  targetNamespace: longhorn-system
+  set:
+    backupTargetCredentialSecret: s3-backupstore-credentials
+  valuesContent: |-
+    defaultSettings:
+      backupTarget: s3://longhorn-backups@home/
+      defaultReplicaCount: 2
+      defaultDataLocality: best-effort
+      replicaAutoBalance: least-effort
+    ingress:
+      enabled: true
+      host: ${LONGHORN_EXTERNAL_HOST}

kustomize/bases/longhorn/longhorn-ingress.yaml

@@ -1,20 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: longhorn-frontend
-  namespace: longhorn-system
-  labels:
-    app.kubernetes.io/name: longhorn-ui
-    probe: blackbox-http
-spec:
-  rules:
-  - host: ${LONGHORN_EXTERNAL_HOST}
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: longhorn-frontend
-            port:
-              name: http

kustomize/bases/longhorn/longhorn-recurringjob.yaml

@@ -0,0 +1,14 @@
+apiVersion: longhorn.io/v1beta1
+kind: RecurringJob
+metadata:
+  name: weekly-backups
+  namespace: longhorn-system
+spec:
+  cron: "0 3 * * 2"
+  task: "backup"
+  groups:
+    - default
+  retain: 2
+  concurrency: 1
+  labels:
+    - job: weekly-backups

kustomize/overlays/prod-cluster/kustomization.yaml

@@ -9,3 +9,14 @@ commonLabels:
 
 transformers:
   - transformers/placeholders.yaml
+  - transformers/ssm-secrets.yaml
+
+secretGenerator:
+  - name: s3-backupstore-credentials
+    type: Opaque
+    namespace: longhorn-system
+    behavior: replace
+    literals:
+      - AWS_ACCESS_KEY_ID=${ssm:/k3s/prod/longhorn/s3_access_key_id}
+      - AWS_SECRET_ACCESS_KEY=${ssm:/k3s/prod/longhorn/s3_secret_access_key}
+      - AWS_ENDPOINTS=https://s3.badjware.dev