diff --git a/clusters/atlas/flux-system/platform/kustomization.yaml b/clusters/atlas/flux-system/platform/kustomization.yaml index 03d9d43..8ee08d7 100644 --- a/clusters/atlas/flux-system/platform/kustomization.yaml +++ b/clusters/atlas/flux-system/platform/kustomization.yaml @@ -12,6 +12,8 @@ resources: - monitoring/kustomization.yaml - logging/kustomization.yaml - maintenance/kustomization.yaml + - longhorn-adopt/kustomization.yaml + - longhorn/kustomization.yaml - longhorn-ui/kustomization.yaml - postgres/kustomization.yaml - ../platform/vault-csi/kustomization.yaml diff --git a/clusters/atlas/flux-system/platform/longhorn-adopt/kustomization.yaml b/clusters/atlas/flux-system/platform/longhorn-adopt/kustomization.yaml new file mode 100644 index 0000000..f568a5e --- /dev/null +++ b/clusters/atlas/flux-system/platform/longhorn-adopt/kustomization.yaml @@ -0,0 +1,17 @@ +# clusters/atlas/flux-system/platform/longhorn-adopt/kustomization.yaml +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: longhorn-adopt + namespace: flux-system +spec: + interval: 30m + path: ./infrastructure/longhorn/adopt + prune: true + force: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: longhorn-system + wait: true diff --git a/clusters/atlas/flux-system/platform/longhorn-ui/kustomization.yaml b/clusters/atlas/flux-system/platform/longhorn-ui/kustomization.yaml index fc6bd1f..4517728 100644 --- a/clusters/atlas/flux-system/platform/longhorn-ui/kustomization.yaml +++ b/clusters/atlas/flux-system/platform/longhorn-ui/kustomization.yaml @@ -15,4 +15,5 @@ spec: namespace: flux-system dependsOn: - name: core + - name: longhorn wait: true diff --git a/clusters/atlas/flux-system/platform/longhorn/kustomization.yaml b/clusters/atlas/flux-system/platform/longhorn/kustomization.yaml new file mode 100644 index 0000000..8805b5a --- /dev/null +++ b/clusters/atlas/flux-system/platform/longhorn/kustomization.yaml @@ -0,0 +1,20 @@ +# clusters/atlas/flux-system/platform/longhorn/kustomization.yaml +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: longhorn + namespace: flux-system +spec: + interval: 30m + path: ./infrastructure/longhorn/core + prune: true + force: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: longhorn-system + dependsOn: + - name: helm + - name: longhorn-adopt + wait: true diff --git a/infrastructure/longhorn/adopt/kustomization.yaml b/infrastructure/longhorn/adopt/kustomization.yaml new file mode 100644 index 0000000..f70b223 --- /dev/null +++ b/infrastructure/longhorn/adopt/kustomization.yaml @@ -0,0 +1,15 @@ +# infrastructure/longhorn/adopt/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - longhorn-adopt-rbac.yaml + - longhorn-helm-adopt-job.yaml + +configMapGenerator: + - name: longhorn-helm-adopt-script + namespace: longhorn-system + files: + - longhorn_helm_adopt.sh=scripts/longhorn_helm_adopt.sh + options: + disableNameSuffixHash: true diff --git a/infrastructure/longhorn/adopt/longhorn-adopt-rbac.yaml b/infrastructure/longhorn/adopt/longhorn-adopt-rbac.yaml new file mode 100644 index 0000000..31ea73b --- /dev/null +++ b/infrastructure/longhorn/adopt/longhorn-adopt-rbac.yaml @@ -0,0 +1,56 @@ +# infrastructure/longhorn/adopt/longhorn-adopt-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-helm-adopt + namespace: longhorn-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-helm-adopt +rules: + - apiGroups: [""] + resources: + - configmaps + - services + - serviceaccounts + - secrets + verbs: ["get", "list", "watch", "patch", "update"] + - apiGroups: ["apps"] + resources: + - deployments + - daemonsets + verbs: ["get", "list", "watch", "patch", "update"] + - apiGroups: ["batch"] + resources: + - jobs + verbs: ["get", "list", "watch", "patch", "update"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: ["get", "list", "watch", "patch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: + - customresourcedefinitions + verbs: ["get", "list", "watch", "patch", "update"] + - apiGroups: ["scheduling.k8s.io"] + resources: + - priorityclasses + verbs: ["get", "list", "watch", "patch", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-helm-adopt +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-helm-adopt +subjects: + - kind: ServiceAccount + name: longhorn-helm-adopt + namespace: longhorn-system diff --git a/infrastructure/longhorn/adopt/longhorn-helm-adopt-job.yaml b/infrastructure/longhorn/adopt/longhorn-helm-adopt-job.yaml new file mode 100644 index 0000000..7484e47 --- /dev/null +++ b/infrastructure/longhorn/adopt/longhorn-helm-adopt-job.yaml @@ -0,0 +1,26 @@ +# infrastructure/longhorn/adopt/longhorn-helm-adopt-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: longhorn-helm-adopt + namespace: longhorn-system +spec: + backoffLimit: 1 + template: + spec: + serviceAccountName: longhorn-helm-adopt + restartPolicy: Never + containers: + - name: adopt + image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131 + command: ["/usr/bin/env", "bash"] + args: ["/scripts/longhorn_helm_adopt.sh"] + volumeMounts: + - name: script + mountPath: /scripts + readOnly: true + volumes: + - name: script + configMap: + name: longhorn-helm-adopt-script + defaultMode: 0555 diff --git a/infrastructure/longhorn/adopt/namespace.yaml b/infrastructure/longhorn/adopt/namespace.yaml new file mode 100644 index 0000000..8db20de --- /dev/null +++ b/infrastructure/longhorn/adopt/namespace.yaml @@ -0,0 +1,5 @@ +# infrastructure/longhorn/adopt/namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + name: longhorn-system diff --git a/infrastructure/longhorn/adopt/scripts/longhorn_helm_adopt.sh b/infrastructure/longhorn/adopt/scripts/longhorn_helm_adopt.sh new file mode 100644 index 0000000..343ade8 --- /dev/null +++ b/infrastructure/longhorn/adopt/scripts/longhorn_helm_adopt.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash +set -euo pipefail + +release_name="longhorn" +release_namespace="longhorn-system" +selector="app.kubernetes.io/instance=${release_name}" + +annotate_and_label() { + local scope="$1" + local kind="$2" + if [ "${scope}" = "namespaced" ]; then + kubectl -n "${release_namespace}" annotate "${kind}" -l "${selector}" \ + meta.helm.sh/release-name="${release_name}" \ + meta.helm.sh/release-namespace="${release_namespace}" \ + --overwrite >/dev/null 2>&1 || true + kubectl -n "${release_namespace}" label "${kind}" -l "${selector}" \ + app.kubernetes.io/managed-by=Helm --overwrite >/dev/null 2>&1 || true + else + kubectl annotate "${kind}" -l "${selector}" \ + meta.helm.sh/release-name="${release_name}" \ + meta.helm.sh/release-namespace="${release_namespace}" \ + --overwrite >/dev/null 2>&1 || true + kubectl label "${kind}" -l "${selector}" \ + app.kubernetes.io/managed-by=Helm --overwrite >/dev/null 2>&1 || true + fi +} + +namespaced_kinds=( + configmap + service + serviceaccount + deployment + daemonset + job + role + rolebinding +) + +cluster_kinds=( + clusterrole + clusterrolebinding + customresourcedefinition + priorityclass +) + +for kind in "${namespaced_kinds[@]}"; do + annotate_and_label "namespaced" "${kind}" +done + +for kind in "${cluster_kinds[@]}"; do + annotate_and_label "cluster" "${kind}" +done diff --git a/infrastructure/longhorn/core/helmrelease.yaml b/infrastructure/longhorn/core/helmrelease.yaml new file mode 100644 index 0000000..521df04 --- /dev/null +++ b/infrastructure/longhorn/core/helmrelease.yaml @@ -0,0 +1,32 @@ +# infrastructure/longhorn/core/helmrelease.yaml +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: longhorn + namespace: longhorn-system +spec: + interval: 30m + chart: + spec: + chart: longhorn + version: 1.8.2 + sourceRef: + kind: HelmRepository + name: longhorn + namespace: flux-system + install: + crds: Skip + remediation: { retries: 3 } + timeout: 15m + upgrade: + crds: Skip + remediation: + retries: 3 + remediateLastFailure: true + cleanupOnFail: true + timeout: 15m + values: + service: + ui: + type: NodePort + nodePort: 30824 diff --git a/infrastructure/longhorn/core/kustomization.yaml b/infrastructure/longhorn/core/kustomization.yaml new file mode 100644 index 0000000..47153c7 --- /dev/null +++ b/infrastructure/longhorn/core/kustomization.yaml @@ -0,0 +1,6 @@ +# infrastructure/longhorn/core/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - helmrelease.yaml diff --git a/infrastructure/longhorn/core/namespace.yaml b/infrastructure/longhorn/core/namespace.yaml new file mode 100644 index 0000000..6b794fd --- /dev/null +++ b/infrastructure/longhorn/core/namespace.yaml @@ -0,0 +1,5 @@ +# infrastructure/longhorn/core/namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + name: longhorn-system diff --git a/infrastructure/sources/helm/kustomization.yaml b/infrastructure/sources/helm/kustomization.yaml index 74ff668..e45f58f 100644 --- a/infrastructure/sources/helm/kustomization.yaml +++ b/infrastructure/sources/helm/kustomization.yaml @@ -13,6 +13,7 @@ resources: - opentelemetry.yaml - opensearch.yaml - harbor.yaml + - longhorn.yaml - prometheus.yaml - victoria-metrics.yaml - secrets-store-csi.yaml diff --git a/infrastructure/sources/helm/longhorn.yaml b/infrastructure/sources/helm/longhorn.yaml new file mode 100644 index 0000000..3a2d728 --- /dev/null +++ b/infrastructure/sources/helm/longhorn.yaml @@ -0,0 +1,9 @@ +# infrastructure/sources/helm/longhorn.yaml +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: longhorn + namespace: flux-system +spec: + interval: 30m + url: https://charts.longhorn.io