https://github.com/wubomichael/longhorn/tree/master/deploy
https://blog.51cto.com/u_15168528/4290373
【环境搭建】K8S存储:rook-ceph or Longhorn - 知乎
https://blog.csdn.net/o__cc/article/details/120858474
Linux上open-iscsi 的安装,配置和使用 - 孤独的居士 - 博客园
longhorn/uninstall at master · longhorn/longhorn · GitHub
https://github.com/wubomichael/longhorn/tree/master/scripts
【环境搭建】K8S存储:rook-ceph or Longhorn - 知乎
Longhorn 云原生容器分布式存储 - 故障排除指南_o__cc的博客-CSDN博客
Longhorn 云原生容器分布式存储 - 故障排除指南【图文】_我是为少_51CTO博客
第一步(安装环境):安装open-iscsi(这个是基础设施,不管以何种方式安装都需要),此外还要Enable MountPropagation和其它的必要软件(curl,findmnt,grep,awk,blkid,lsblk)
yum install iscsi-initiator-utils jq关于安装环境可以先运行进行check
[root@jettoloader script]# cat environment_check.sh
#!/bin/bash
dependencies() {
local targets=($@)
local allFound=true
for ((i=0; i<${#targets[@]}; i++)); do
local target=${targets[$i]}
if [ "$(which $target)" == "" ]; then
allFound=false
echo Not found: $target
fi
done
if [ "$allFound" == "false" ]; then
echo "Please install missing dependencies."
exit 2
fi
}
create_ds() {
cat <<EOF > $TEMP_DIR/environment_check.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: longhorn-environment-check
name: longhorn-environment-check
spec:
selector:
matchLabels:
app: longhorn-environment-check
template:
metadata:
labels:
app: longhorn-environment-check
spec:
containers:
- name: longhorn-environment-check
image: busybox
args: ["/bin/sh", "-c", "sleep 1000000000"]
volumeMounts:
- name: mountpoint
mountPath: /tmp/longhorn-environment-check
mountPropagation: Bidirectional
securityContext:
privileged: true
volumes:
- name: mountpoint
hostPath:
path: /tmp/longhorn-environment-check
EOF
kubectl create -f $TEMP_DIR/environment_check.yaml
}
cleanup() {
echo "cleaning up..."
kubectl delete -f $TEMP_DIR/environment_check.yaml
rm -rf $TEMP_DIR
echo "clean up complete"
}
wait_ds_ready() {
while true; do
local ds=$(kubectl get ds/longhorn-environment-check -o json)
local numberReady=$(echo $ds | jq .status.numberReady)
local desiredNumberScheduled=$(echo $ds | jq .status.desiredNumberScheduled)
if [ "$desiredNumberScheduled" == "$numberReady" ] && [ "$desiredNumberScheduled" != "0" ]; then
echo "all pods ready ($numberReady/$desiredNumberScheduled)"
return
fi
echo "waiting for pods to become ready ($numberReady/$desiredNumberScheduled)"
sleep 3
done
}
validate_ds() {
local allSupported=true
local pods=$(kubectl -l app=longhorn-environment-check get po -o json)
local ds=$(kubectl get ds/longhorn-environment-check -o json)
local desiredNumberScheduled=$(echo $ds | jq .status.desiredNumberScheduled)
for ((i=0; i<desiredNumberScheduled; i++)); do
local pod=$(echo $pods | jq .items[$i])
local nodeName=$(echo $pod | jq -r .spec.nodeName)
local mountPropagation=$(echo $pod | jq -r '.spec.containers[0].volumeMounts[] | select(.name=="mountpoint") | .mountPropagation')
if [ "$mountPropagation" != "Bidirectional" ]; then
allSupported=false
echo "node $nodeName: MountPropagation DISABLED"
fi
done
if [ "$allSupported" != "true" ]; then
echo
echo " MountPropagation is disabled on at least one node."
echo " As a result, CSI driver and Base image cannot be supported."
echo
exit 1
else
echo -e "\n MountPropagation is enabled!\n"
fi
}
dependencies kubectl jq mktemp
TEMP_DIR=$(mktemp -d)
trap cleanup EXIT
create_ds
wait_ds_ready
validate_ds
exit 0本人自己的longhorn.yaml
[root@jettoloader templates]# kubectl create -f longhorn.yaml
apiVersion: v1
kind: Namespace
metadata:
name: longhorn-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: longhorn-service-account
namespace: longhorn-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: longhorn-role
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- "*"
- apiGroups: [""]
resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"]
verbs: ["*"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list"]
- apiGroups: ["apps"]
resources: ["daemonsets", "statefulsets", "deployments"]
verbs: ["*"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["*"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["*"]
- apiGroups: ["scheduling.k8s.io"]
resources: ["priorityclasses"]
verbs: ["watch", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"]
verbs: ["*"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"]
verbs: ["*"]
- apiGroups: ["longhorn.io"]
resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
"engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
"sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status",
"backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status",
"backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status",
"recurringjobs", "recurringjobs/status"]
verbs: ["*"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["*"]
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: longhorn-bind
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: longhorn-role
subjects:
- kind: ServiceAccount
name: longhorn-service-account
namespace: longhorn-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: Engine
name: engines.longhorn.io
spec:
group: longhorn.io
names:
kind: Engine
listKind: EngineList
plural: engines
shortNames:
- lhe
singular: engine
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: The current state of the engine
jsonPath: .status.currentState
- name: Node
type: string
description: The node that the engine is on
jsonPath: .spec.nodeID
- name: InstanceManager
type: string
description: The instance manager of the engine
jsonPath: .status.instanceManagerName
- name: Image
type: string
description: The current image of the engine
jsonPath: .status.currentImage
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: Replica
name: replicas.longhorn.io
spec:
group: longhorn.io
names:
kind: Replica
listKind: ReplicaList
plural: replicas
shortNames:
- lhr
singular: replica
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: The current state of the replica
jsonPath: .status.currentState
- name: Node
type: string
description: The node that the replica is on
jsonPath: .spec.nodeID
- name: Disk
type: string
description: The disk that the replica is on
jsonPath: .spec.diskID
- name: InstanceManager
type: string
description: The instance manager of the replica
jsonPath: .status.instanceManagerName
- name: Image
type: string
description: The current image of the replica
jsonPath: .status.currentImage
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: Setting
name: settings.longhorn.io
spec:
group: longhorn.io
names:
kind: Setting
listKind: SettingList
plural: settings
shortNames:
- lhs
singular: setting
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
x-kubernetes-preserve-unknown-fields: true
additionalPrinterColumns:
- name: Value
type: string
description: The value of the setting
jsonPath: .value
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: Volume
name: volumes.longhorn.io
spec:
group: longhorn.io
names:
kind: Volume
listKind: VolumeList
plural: volumes
shortNames:
- lhv
singular: volume
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: The state of the volume
jsonPath: .status.state
- name: Robustness
type: string
description: The robustness of the volume
jsonPath: .status.robustness
- name: Scheduled
type: string
description: The scheduled condition of the volume
jsonPath: .status.conditions['scheduled']['status']
- name: Size
type: string
description: The size of the volume
jsonPath: .spec.size
- name: Node
type: string
description: The node that the volume is currently attaching to
jsonPath: .status.currentNodeID
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: EngineImage
name: engineimages.longhorn.io
spec:
group: longhorn.io
names:
kind: EngineImage
listKind: EngineImageList
plural: engineimages
shortNames:
- lhei
singular: engineimage
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: State of the engine image
jsonPath: .status.state
- name: Image
type: string
description: The Longhorn engine image
jsonPath: .spec.image
- name: RefCount
type: integer
description: Number of volumes are using the engine image
jsonPath: .status.refCount
- name: BuildDate
type: date
description: The build date of the engine image
jsonPath: .status.buildDate
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: Node
name: nodes.longhorn.io
spec:
group: longhorn.io
names:
kind: Node
listKind: NodeList
plural: nodes
shortNames:
- lhn
singular: node
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: Ready
type: string
description: Indicate whether the node is ready
jsonPath: .status.conditions['Ready']['status']
- name: AllowScheduling
type: boolean
description: Indicate whether the user disabled/enabled replica scheduling for the node
jsonPath: .spec.allowScheduling
- name: Schedulable
type: string
description: Indicate whether Longhorn can schedule replicas on the node
jsonPath: .status.conditions['Schedulable']['status']
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: InstanceManager
name: instancemanagers.longhorn.io
spec:
group: longhorn.io
names:
kind: InstanceManager
listKind: InstanceManagerList
plural: instancemanagers
shortNames:
- lhim
singular: instancemanager
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: The state of the instance manager
jsonPath: .status.currentState
- name: Type
type: string
description: The type of the instance manager (engine or replica)
jsonPath: .spec.type
- name: Node
type: string
description: The node that the instance manager is running on
jsonPath: .spec.nodeID
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: ShareManager
name: sharemanagers.longhorn.io
spec:
group: longhorn.io
names:
kind: ShareManager
listKind: ShareManagerList
plural: sharemanagers
shortNames:
- lhsm
singular: sharemanager
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: The state of the share manager
jsonPath: .status.state
- name: Node
type: string
description: The node that the share manager is owned by
jsonPath: .status.ownerID
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: BackingImage
name: backingimages.longhorn.io
spec:
group: longhorn.io
names:
kind: BackingImage
listKind: BackingImageList
plural: backingimages
shortNames:
- lhbi
singular: backingimage
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: Image
type: string
description: The backing image name
jsonPath: .spec.image
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: BackingImageManager
name: backingimagemanagers.longhorn.io
spec:
group: longhorn.io
names:
kind: BackingImageManager
listKind: BackingImageManagerList
plural: backingimagemanagers
shortNames:
- lhbim
singular: backingimagemanager
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: The current state of the manager
jsonPath: .status.currentState
- name: Image
type: string
description: The image the manager pod will use
jsonPath: .spec.image
- name: Node
type: string
description: The node the manager is on
jsonPath: .spec.nodeID
- name: DiskUUID
type: string
description: The disk the manager is responsible for
jsonPath: .spec.diskUUID
- name: DiskPath
type: string
description: The disk path the manager is using
jsonPath: .spec.diskPath
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: BackingImageDataSource
name: backingimagedatasources.longhorn.io
spec:
group: longhorn.io
names:
kind: BackingImageDataSource
listKind: BackingImageDataSourceList
plural: backingimagedatasources
shortNames:
- lhbids
singular: backingimagedatasource
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: State
type: string
description: The current state of the pod used to provisione the backing image file from source
jsonPath: .status.currentState
- name: SourceType
type: string
description: The data source type
jsonPath: .spec.sourceType
- name: Node
type: string
description: The node the backing image file will be prepared on
jsonPath: .spec.nodeID
- name: DiskUUID
type: string
description: The disk the backing image file will be prepared on
jsonPath: .spec.diskUUID
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: BackupTarget
name: backuptargets.longhorn.io
spec:
group: longhorn.io
names:
kind: BackupTarget
listKind: BackupTargetList
plural: backuptargets
shortNames:
- lhbt
singular: backuptarget
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: URL
type: string
description: The backup target URL
jsonPath: .spec.backupTargetURL
- name: Credential
type: string
description: The backup target credential secret
jsonPath: .spec.credentialSecret
- name: Interval
type: string
description: The backup target poll interval
jsonPath: .spec.pollInterval
- name: Available
type: boolean
description: Indicate whether the backup target is available or not
jsonPath: .status.available
- name: LastSyncedAt
type: string
description: The backup target last synced time
jsonPath: .status.lastSyncedAt
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: BackupVolume
name: backupvolumes.longhorn.io
spec:
group: longhorn.io
names:
kind: BackupVolume
listKind: BackupVolumeList
plural: backupvolumes
shortNames:
- lhbv
singular: backupvolume
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: CreatedAt
type: string
description: The backup volume creation time
jsonPath: .status.createdAt
- name: LastBackupName
type: string
description: The backup volume last backup name
jsonPath: .status.lastBackupName
- name: LastBackupAt
type: string
description: The backup volume last backup time
jsonPath: .status.lastBackupAt
- name: LastSyncedAt
type: string
description: The backup volume last synced time
jsonPath: .status.lastSyncedAt
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: Backup
name: backups.longhorn.io
spec:
group: longhorn.io
names:
kind: Backup
listKind: BackupList
plural: backups
shortNames:
- lhb
singular: backup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: SnapshotName
type: string
description: The snapshot name
jsonPath: .status.snapshotName
- name: SnapshotSize
type: string
description: The snapshot size
jsonPath: .status.size
- name: SnapshotCreatedAt
type: string
description: The snapshot creation time
jsonPath: .status.snapshotCreatedAt
- name: State
type: string
description: The backup state
jsonPath: .status.state
- name: LastSyncedAt
type: string
description: The backup last synced time
jsonPath: .status.lastSyncedAt
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
longhorn-manager: RecurringJob
name: recurringjobs.longhorn.io
spec:
group: longhorn.io
names:
kind: RecurringJob
listKind: RecurringJobList
plural: recurringjobs
shortNames:
- lhrj
singular: recurringjob
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
metadata:
type: object
properties:
name:
type: string
spec:
type: object
properties:
groups:
type: array
items:
type: string
task:
type: string
pattern: "^snapshot|backup$"
cron:
type: string
retain:
type: integer
concurrency:
type: integer
labels:
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: Groups
type: string
description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume.
jsonPath: .spec.groups
- name: Task
type: string
description: Should be one of "backup" or "snapshot".
jsonPath: .spec.task
- name: Cron
type: string
description: The cron expression represents recurring job scheduling.
jsonPath: .spec.cron
- name: Retain
type: integer
description: The number of snapshots/backups to keep for the volume.
jsonPath: .spec.retain
- name: Concurrency
type: integer
description: The concurrent job to run by each cron job.
jsonPath: .spec.concurrency
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
- name: Labels
type: string
description: Specify the labels
jsonPath: .spec.labels
---
---
apiVersion: v1
kind: ConfigMap
metadata:
name: longhorn-default-setting
namespace: longhorn-system
data:
default-setting.yaml: |-
backup-target:
backup-target-credential-secret:
allow-recurring-job-while-volume-detached:
create-default-disk-labeled-nodes:
default-data-path:
replica-soft-anti-affinity:
replica-auto-balance:
storage-over-provisioning-percentage:
storage-minimal-available-percentage:
upgrade-checker:
default-replica-count:
default-data-locality:
default-longhorn-static-storage-class:
backupstore-poll-interval:
taint-toleration:
system-managed-components-node-selector:
priority-class:
auto-salvage:
auto-delete-pod-when-volume-detached-unexpectedly:
disable-scheduling-on-cordoned-node:
replica-zone-soft-anti-affinity:
node-down-pod-deletion-policy:
allow-node-drain-with-last-healthy-replica:
mkfs-ext4-parameters:
disable-replica-rebuild:
replica-replenishment-wait-interval:
concurrent-replica-rebuild-per-node-limit:
disable-revision-counter:
system-managed-pods-image-pull-policy:
allow-volume-creation-with-degraded-availability:
auto-cleanup-system-generated-snapshot:
concurrent-automatic-engine-upgrade-per-node-limit:
backing-image-cleanup-wait-interval:
backing-image-recovery-wait-interval:
guaranteed-engine-manager-cpu:
guaranteed-replica-manager-cpu:
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: longhorn-psp
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities:
- NET_RAW
allowedCapabilities:
- SYS_ADMIN
hostNetwork: false
hostIPC: false
hostPID: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
- hostPath
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: longhorn-psp-role
namespace: longhorn-system
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- longhorn-psp
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: longhorn-psp-binding
namespace: longhorn-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: longhorn-psp-role
subjects:
- kind: ServiceAccount
name: longhorn-service-account
namespace: longhorn-system
- kind: ServiceAccount
name: default
namespace: longhorn-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: longhorn-storageclass
namespace: longhorn-system
data:
storageclass.yaml: |
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: longhorn
provisioner: driver.longhorn.io
allowVolumeExpansion: true
reclaimPolicy: Delete
volumeBindingMode: Immediate
parameters:
fsType: "ext4"
numberOfReplicas: "3"
staleReplicaTimeout: "2880"
fromBackup: ""
# backingImage: "bi-test"
# backingImageDataSourceType: "download"
# backingImageDataSourceParameters: '{"url": "https://backing-image-example.s3-region.amazonaws.com/test-backing-image"}'
# backingImageChecksum: "SHA512 checksum of the backing image"
# diskSelector: "ssd,fast"
# nodeSelector: "storage,fast"
# recurringJobSelector: '[{"name":"snap-group", "isGroup":true},
# {"name":"backup", "isGroup":false}]'
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: longhorn-manager
name: longhorn-manager
namespace: longhorn-system
spec:
selector:
matchLabels:
app: longhorn-manager
template:
metadata:
labels:
app: longhorn-manager
spec:
containers:
- name: longhorn-manager
image: 172.16.10.21:5000/jettechtools/k3s/longhornio/longhorn-manager:v1.2.3
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
command:
- longhorn-manager
- -d
- daemon
- --engine-image
- 172.16.10.21:5000/jettechtools/k3s/longhornio/longhorn-engine:v1.2.3
- --instance-manager-image
- 172.16.10.21:5000/jettechtools/k3s/longhornio/longhorn-instance-manager:v1_20211210
- --share-manager-image
- 172.16.10.21:5000/jettechtools/k3s/longhornio/longhorn-share-manager:v1_20211020
- --backing-image-manager-image
- 172.16.10.21:5000/jettechtools/k3s/longhornio/backing-image-manager:v2_20210820
- --manager-image
- 172.16.10.21:5000/jettechtools/k3s/longhornio/longhorn-manager:v1.2.3
- --service-account
- longhorn-service-account
ports:
- containerPort: 9500
name: manager
readinessProbe:
tcpSocket:
port: 9500
volumeMounts:
- name: dev
mountPath: /host/dev/
- name: proc
mountPath: /host/proc/
- name: longhorn
mountPath: /var/lib/longhorn/
mountPropagation: Bidirectional
- name: longhorn-default-setting
mountPath: /var/lib/longhorn-setting/
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Should be: mount path of the volume longhorn-default-setting + the key of the configmap data in 04-default-setting.yaml
- name: DEFAULT_SETTING_PATH
value: /var/lib/longhorn-setting/default-setting.yaml
volumes:
- name: dev
hostPath:
path: /dev/
- name: proc
hostPath:
path: /proc/
- name: longhorn
hostPath:
path: /var/lib/longhorn/
- name: longhorn-default-setting
configMap:
name: longhorn-default-setting
# imagePullSecrets:
# - name: ""
# priorityClassName:
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
# nodeSelector:
# label-key1: "label-value1"
# label-key2: "label-value2"
serviceAccountName: longhorn-service-account
updateStrategy:
rollingUpdate:
maxUnavailable: "100%"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: longhorn-manager
name: longhorn-backend
namespace: longhorn-system
spec:
type: ClusterIP
sessionAffinity: ClientIP
selector:
app: longhorn-manager
ports:
- name: manager
port: 9500
targetPort: manager
---
apiVersion: v1
kind: Service
metadata:
name: longhorn-engine-manager
namespace: longhorn-system
spec:
clusterIP: None
selector:
longhorn.io/component: instance-manager
longhorn.io/instance-manager-type: engine
---
apiVersion: v1
kind: Service
metadata:
name: longhorn-replica-manager
namespace: longhorn-system
spec:
clusterIP: None
selector:
longhorn.io/component: instance-manager
longhorn.io/instance-manager-type: replica
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: longhorn-ui
name: longhorn-ui
namespace: longhorn-system
spec:
replicas: 1
selector:
matchLabels:
app: longhorn-ui
template:
metadata:
labels:
app: longhorn-ui
spec:
containers:
- name: longhorn-ui
image: 172.16.10.21:5000/jettechtools/k3s/longhornio/longhorn-ui:v1.2.3
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 0
ports:
- containerPort: 8000
name: http
env:
- name: LONGHORN_MANAGER_IP
value: "http://longhorn-backend:9500"
# imagePullSecrets:
# - name: ""
# priorityClassName:
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
# nodeSelector:
# label-key1: "label-value1"
# label-key2: "label-value2"
---
kind: Service
apiVersion: v1
metadata:
labels:
app: longhorn-ui
name: longhorn-frontend
namespace: longhorn-system
spec:
type: ClusterIP
selector:
app: longhorn-ui
ports:
- name: http
port: 80
targetPort: http
nodePort: null
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: longhorn-driver-deployer
namespace: longhorn-system
spec:
replicas: 1
selector:
matchLabels:
app: longhorn-driver-deployer
template:
metadata:
labels:
app: longhorn-driver-deployer
spec:
initContainers:
- name: wait-longhorn-manager
image: 172.16.10.21:5000/jettechtools/k3s/longhornio/longhorn-manager:v1.2.3
command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
containers:
- name: longhorn-driver-deployer
image: 172.16.10.21:5000/jettechtools/k3s/longhornio/longhorn-manager:v1.2.3
imagePullPolicy: IfNotPresent
command:
- longhorn-manager
- -d
- deploy-driver
- --manager-image
- longhornio/longhorn-manager:v1.2.3
- --manager-url
- http://longhorn-backend:9500/v1
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
# Manually set root directory for csi
#- name: KUBELET_ROOT_DIR
# value: /var/lib/rancher/k3s/agent/kubelet
# For AirGap Installation
# Replace PREFIX with your private registry
- name: CSI_ATTACHER_IMAGE
#value: PREFIX/csi-attacher:v3.2.1
value: 172.16.10.21:5000/jettechtools/k3s/longhornio/csi-attacher:v3.2.1
- name: CSI_PROVISIONER_IMAGE
value: 172.16.10.21:5000/jettechtools/k3s/longhornio/csi-provisioner:v2.1.2
- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
value: 172.16.10.21:5000/jettechtools/k3s/longhornio/csi-node-driver-registrar:v2.3.0
- name: CSI_RESIZER_IMAGE
value: 172.16.10.21:5000/jettechtools/k3s/longhornio/csi-resizer:v1.2.0
- name: CSI_SNAPSHOTTER_IMAGE
value: 172.16.10.21:5000/jettechtools/k3s/longhornio/csi-snapshotter:v3.0.3
# Manually specify number of CSI attacher replicas
- name: CSI_ATTACHER_REPLICA_COUNT
value: "3"
# Manually specify number of CSI provisioner replicas
- name: CSI_PROVISIONER_REPLICA_COUNT
value: "3"
- name: CSI_RESIZER_REPLICA_COUNT
value: "3"
- name: CSI_SNAPSHOTTER_REPLICA_COUNT
value: "3"
# imagePullSecrets:
# - name: ""
# priorityClassName:
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
# nodeSelector:
# label-key1: "label-value1"
# label-key2: "label-value2"
serviceAccountName: longhorn-service-account
securityContext:
runAsUser: 0
---
[root@jettoloader templates]# kubectl proxy --port=8081[root@jettoloader templates]# kubectl get ns longhorn-system -o json > tmp.json
删除文件中剩下
"spec": {
"finalizers": [
]
}
[root@jettoloader templates]# curl -k -H "Content-Type: application/json" -X PUT --data-binary @tmp.json 127.0.0.1:8081/api/v1/namespaces/longhorn-system/finalize[root@localhost ~]# kubectl get pod,svc -n longhorn-system
NAME READY STATUS RESTARTS AGE
pod/longhorn-ui-9fdb94f9-6gsgh 1/1 Running 0 16m
pod/instance-manager-r-ebac9d9e 1/1 Running 0 16m
pod/instance-manager-e-e0f2dcf6 1/1 Running 0 16m
pod/longhorn-manager-x6gnt 1/1 Running 0 16m
pod/instance-manager-r-82543544 1/1 Running 0 16m
pod/instance-manager-e-bd6c09e1 1/1 Running 0 16m
pod/engine-image-ei-39018db3-x4lzt 1/1 Running 0 16m
pod/longhorn-driver-deployer-58cd7995d7-chrsl 1/1 Running 0 16m
pod/instance-manager-e-f4f61183 1/1 Running 0 16m
pod/instance-manager-r-f145de14 1/1 Running 0 16m
pod/engine-image-ei-39018db3-4mj7s 1/1 Running 0 16m
pod/engine-image-ei-39018db3-6znzn 1/1 Running 0 16m
pod/csi-attacher-5f46994f7-78vhn 1/1 Running 0 16m
pod/csi-attacher-5f46994f7-sv6cx 1/1 Running 0 16m
pod/csi-provisioner-6ccbfbf86f-wjjsg 1/1 Running 0 16m
pod/csi-attacher-5f46994f7-dcxjw 1/1 Running 0 16m
pod/csi-resizer-6dd8bd4c97-9gs79 1/1 Running 0 16m
pod/longhorn-manager-c4xxm 1/1 Running 1 (16m ago) 16m
pod/csi-provisioner-6ccbfbf86f-62vbl 1/1 Running 0 16m
pod/csi-provisioner-6ccbfbf86f-4mlds 1/1 Running 0 16m
pod/csi-resizer-6dd8bd4c97-z9289 1/1 Running 0 16m
pod/longhorn-manager-7ljlt 1/1 Running 1 (16m ago) 16m
pod/csi-resizer-6dd8bd4c97-qqcl4 1/1 Running 0 16m
pod/csi-snapshotter-86f65d8bc-dbfdb 1/1 Running 0 16m
pod/csi-snapshotter-86f65d8bc-qtnd6 1/1 Running 0 16m
pod/csi-snapshotter-86f65d8bc-mj28t 1/1 Running 0 16m
pod/longhorn-csi-plugin-z9bvg 2/2 Running 0 16m
pod/longhorn-csi-plugin-vtfjh 2/2 Running 0 16m
pod/longhorn-csi-plugin-xb2kl 2/2 Running 0 16m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/longhorn-backend NodePort 10.43.109.94 <none> 9500:9400/TCP 16m
service/longhorn-engine-manager ClusterIP None <none> <none> 16m
service/longhorn-replica-manager ClusterIP None <none> <none> 16m
service/longhorn-frontend NodePort 10.43.176.130 <none> 80:9999/TCP 16m
service/csi-attacher ClusterIP 10.43.129.91 <none> 12345/TCP 16m
service/csi-provisioner ClusterIP 10.43.18.75 <none> 12345/TCP 16m
service/csi-resizer ClusterIP 10.43.67.133 <none> 12345/TCP 16m
service/csi-snapshotter ClusterIP 10.43.143.27 <none> 12345/TCP 16m
379
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
