diff --git a/cluster/flux-system/helm-chart-repositories.yaml b/cluster/flux-system/helm-chart-repositories.yaml index cdb4737b8..77cf9775d 100644 --- a/cluster/flux-system/helm-chart-repositories.yaml +++ b/cluster/flux-system/helm-chart-repositories.yaml @@ -117,4 +117,14 @@ metadata: spec: interval: 10m url: https://charts.drone.io + timeout: 3m +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: longhorn-charts + namespace: flux-system +spec: + interval: 10m + url: https://charts.longhorn.io timeout: 3m \ No newline at end of file diff --git a/cluster/longhorn-system/_namespace.yaml b/cluster/longhorn-system/_namespace.yaml new file mode 100644 index 000000000..b94901943 --- /dev/null +++ b/cluster/longhorn-system/_namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: longhorn-system + labels: + goldilocks.fairwinds.com/enabled: "true" \ No newline at end of file diff --git a/cluster/longhorn-system/longhorn.yaml b/cluster/longhorn-system/longhorn.yaml new file mode 100644 index 000000000..3b9bc5ebb --- /dev/null +++ b/cluster/longhorn-system/longhorn.yaml @@ -0,0 +1,77 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: longhorn + namespace: longhorn-system +spec: + interval: 5m + chart: + spec: + chart: longhorn + version: 1.0.2 + sourceRef: + kind: HelmRepository + name: longhorn-charts + namespace: flux-system + interval: 5m + values: + defaultSettings: + backupTarget: s3://longhorn@us-east-1/ + backupTargetCredentialSecret: minio-truenas-credentials + createDefaultDiskLabeledNodes: true + defaultDataPath: /var/lib/longhorn/ + replicaSoftAntiAffinity: false + storageOverProvisioningPercentage: 300 + storageMinimalAvailablePercentage: 25 + upgradeChecker: true + defaultReplicaCount: 3 + guaranteedEngineCPU: 0.25 + defaultLonghornStaticStorageClass: longhorn-backups + backupstorePollInterval: 10800 + autoSalvage: true + disableSchedulingOnCordonedNode: true + replicaZoneSoftAntiAffinity: true + volumeAttachmentRecoveryPolicy: wait + #mkfsExt4Parameters: + csi: + kubeletRootDir: /var/lib/kubelet + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + tls: true + valuesFrom: + - kind: ConfigMap + name: "helmrelease-longhorn-system-longhorn" + optional: false +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: longhorn-hdd +provisioner: driver.longhorn.io +allowVolumeExpansion: true +parameters: + numberOfReplicas: "1" + staleReplicaTimeout: "2880" + fromBackup: "" + diskSelector: "hdd,slow" + nodeSelector: "storage,slow" +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: longhorn-backups +provisioner: driver.longhorn.io +allowVolumeExpansion: true +reclaimPolicy: Retain +parameters: + numberOfReplicas: "3" + staleReplicaTimeout: "2880" + fromBackup: "" + diskSelector: "ssd,fast" + nodeSelector: "storage,fast" + recurringJobs: + '[{"name":"backup", "task":"backup", "cron":"30 23 * * *", "retain":1, + "labels": {"interval":"daily"}}]' \ No newline at end of file diff --git a/secrets/helmrelease-longhorn-system-longhorn.yaml b/secrets/helmrelease-longhorn-system-longhorn.yaml new file mode 100644 index 000000000..bfaccabba --- /dev/null +++ b/secrets/helmrelease-longhorn-system-longhorn.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +data: + values.yaml: ENC[AES256_GCM,data:HrcWLEorbzC/w3HiO5GGkjvYtlod7HtgqETn5/Ebo3wpbJvZAOCoFexL2ZE33pFRPNlEgLOeSGRmoPJ9sUMm6i+QHu3OQiCwZPcfLVOSQdJTjXK03uJlD6RL/ViYf1NuT/6G8Pxla4HJmUoLGPdmS4vJhuX0nLGWWpf5ihY2W+XYZsmQoJ0A7nHHTEvaYWsG2ypZlAVkE/3s+cM1xQ1nf8O15Ed4d31z+vRkPqIZpqaeZigc1zkJrNQ9Zb6cQIS10ojPe0Ht+rCdiwPOE6GHNJivb1q8pwsTjNoiGCSLCMVB+GgEqw==,iv:lrbp4UMR9Kpt8sKIOdtC6GCioQa/LZRgWjfAilD+I+I=,tag:VSMhYfCr9Kd1t6IVyJ3tHw==,type:str] +kind: ConfigMap +metadata: + creationTimestamp: null + name: helmrelease-longhorn-system-longhorn + namespace: longhorn-system +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + lastmodified: '2020-12-04T13:04:31Z' + mac: ENC[AES256_GCM,data:8he6+qGN2dTdHj4PZOK7HV2ZZp+Jxi8G1wDpi+QgmUKx9EEfGP/zS+cQ6KnYSdv4HdaQMjmje7UqL1HaxQnw6NQHXNadhMupnq5bxzdGCuofam5EyA32mT5oVggCrLZXFZaa3W2DsqIU3Apcl7eMzTAIfsnqHQ8VoqHhwTTHx+I=,iv:b/zKatr4xB5O7TZTJh7JPm/b1VchpXrnBi4kbDJmlTo=,tag:bWvbf4WpSYL3PmXbbffRYg==,type:str] + pgp: + - created_at: '2020-12-04T13:04:31Z' + enc: | + -----BEGIN PGP MESSAGE----- + + hQGMA/JorPHm1g9XAQv+M8agU8m4ypiZ8ViUObypSXTMaPzLswxoVXGxejwdDlKB + H/sRXqqBQVTcnc49Bknl4qR3SKutzk+udTTXDlHyQ69REL6DULTNfjliZ1+0aM2T + v5NMicEnYj5b/3mKWwZYQB2afGWUxDZXqUVV+Emwk4MGid27Oz8JEA1TqBukEvdW + zMTcT0b/DIW/CHMS86xEZDBnhDajZCWzqC+Y+yymvVDlpk4RVLyo/TV/mMVHKpIp + 7fyM0jGUhztKQkJ5uAk5O2WizH91BOKHiiHLMRifmuzXSIynFhLyt+/k9VivrQHg + zLxF+t/TEw5s1mJfh1Taeg+tGOvsW4bSsy5y0mJ+pmOr6r0s3IwAEgtL+93ZCpCH + IyEU/P9td2KyK9Tmh76Yg33Zxg5uL2viKiWWX9pQsKn90vIjIrx0RO3LKV06fUVS + ZR051rODPGRrDWOI7IZ/e1HYUp3R1pVyz2bOprh5EHERYicMrkEnuXVNliOpdMO5 + pDt+VoxFUMDlfJgBIxYM0l4BM1J+t+69cvB+Iy8lvHYUEsHdfcyA/Jf1kU/KzSdG + 6K1yt1MmzWuZTxr8j2Z1o45hqL4fDGZeL1X1KXgFZ65RRKDrEx6Jdrpp8oXeMLj7 + su3QTFA+Kh3//QrqTdxm + =F3xY + -----END PGP MESSAGE----- + fp: C8F8A49D04A1AB639F8EA21CDBA4B1DCB1FA5BDD + encrypted_regex: ^(data|stringData)$ + version: 3.6.1 diff --git a/secrets/longhorn-system-minio-truenas-credentials.yaml b/secrets/longhorn-system-minio-truenas-credentials.yaml new file mode 100644 index 000000000..79e1c0feb --- /dev/null +++ b/secrets/longhorn-system-minio-truenas-credentials.yaml @@ -0,0 +1,39 @@ +kind: Secret +apiVersion: v1 +metadata: + name: minio-truenas-credentials + namespace: longhorn-system +data: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:cPK70Vr3B9g=,iv:mONGhEZi3qIsWJrmzPqYEFjE1i9tCi6/iGGJiwT37eA=,tag:gA6P8FYsUO2nF828MbfG7A==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:xMGEDQ41HLQcdvaiaojjAiOJxKJbjRxRg97/Sg==,iv:quIX6T9mGjPT34cdPdTVhwoJ7GHN+dqlBhOQOb5Rl3I=,tag:nqXdg/q5vMzi+lfgzKHPcg==,type:str] + AWS_ENDPOINTS: ENC[AES256_GCM,data:oszOxTMyj3+XvxWQ4VXoOEAtZwAnD8jWvDkWPeQkJ4gJFLUHu7oM6YIQDRQ=,iv:+3pd3YznpMY80RYYKUiRVkfxl5sGUfnehjaTQ3sTkwQ=,tag:9YWgwg9/mG+6ReJgGTub5A==,type:str] + #ENC[AES256_GCM,data:MtwXN8vMqUygHLcZEMXb1sGcTmlzLfRcb44vPR6YPr7B,iv:vntJKl9LDnWf5RoxKwunjKYbJCJQpqh0U4gYZgQIZxc=,tag:WgtPmeNj/J/ekIMQJHEHpA==,type:comment] +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + lastmodified: '2020-12-04T13:04:42Z' + mac: ENC[AES256_GCM,data:riRe/Uive9V7eNUcavofRfQTFdk/OXlpID+EnLjpN7RH3meKGqIbu1qMH2vD96ZR3s8mnTBj2g3PmYTNXKcdlQYBnm4UCRKHpi8N+NzwXJ9r1oNdYXozgcVEwyxeO1f4FzQOif3U6UfWtzJxKSjkYLD5du9a8d0o9kIolUmVOuM=,iv:aEHuXSlAUuC3hpT6t0nut4sbk8FSEtRp69kGSulFwz4=,tag:pQj6JdbOPOcRZHHVvMS54A==,type:str] + pgp: + - created_at: '2020-12-04T13:04:42Z' + enc: | + -----BEGIN PGP MESSAGE----- + + hQGMA/JorPHm1g9XAQv7BxTYbRO08pGkUU+IF0C2oacrBkEwX2ALj559gq1Y/YwA + hH2okq/g3TQZAhaYjEHURcdVGRllmHedTrumM06Tu6oy2CxHKqlbSO5iZt+EZ9A0 + DJlhsYJYJE6d9yK02GLrZWwufBYGKeIg2evYfHvm0V/U5lisooMSAfF5St09Ul3O + XWkXtklG6VxbQnX8CriUNMXx0aBrdcKJRccd/yNSCSJFNForW66RAqVhe1BJRWXq + KrMfBIICV25WHLMr9OzW8FlGeKni1+P/skv6YueNnWyadfSRXJZbSj3KHQaK1RcW + Xn8zgsazAL2mk84+7T8kysMjD9qq/DDkD6QNHjNBWwDTM8fxkEzS7HbIVHetIUEd + rYkDOQ1Kiz9lfuE8FnU0C6Kj5F9ppXwZZ2+b0P9m3bGkmXhh+5jb2EW9/d/jTX2L + uDRl9mFwh2RwLtnccxlbjFOhGXTNrZ0XKDngSsuEvAvnMI3hJzNL9tGWE2vmSUvJ + qKL7wj8YVHbStjz9Lsb80l4BGS/ehoh9nlPICWRyDb0RT42qWt6GUMvu7fUW/QYI + NmF95KrmCvyTiuFU0gIsejhIom4y3otyQILIJfnd3VYErrmVpzIYqhKygiO24h2b + qR7B999Ff+94XOecvdk5 + =TW7B + -----END PGP MESSAGE----- + fp: C8F8A49D04A1AB639F8EA21CDBA4B1DCB1FA5BDD + encrypted_regex: ^(data|stringData)$ + version: 3.6.1