From 8125217f0a12ab9c8e0eb538efc1e636959367db Mon Sep 17 00:00:00 2001 From: nicholasSSUSE Date: Wed, 25 Sep 2024 12:31:45 -0300 Subject: [PATCH 1/2] forward-port longhorn 102.5.0+up1.7.1 --- assets/longhorn/longhorn-102.5.0+up1.7.1.tgz | Bin 0 -> 31913 bytes charts/longhorn/102.5.0+up1.7.1/.helmignore | 21 + charts/longhorn/102.5.0+up1.7.1/Chart.yaml | 40 + charts/longhorn/102.5.0+up1.7.1/README.md | 50 + charts/longhorn/102.5.0+up1.7.1/app-readme.md | 27 + .../longhorn/102.5.0+up1.7.1/questions.yaml | 986 ++++++++++++++++++ .../102.5.0+up1.7.1/templates/NOTES.txt | 5 + .../102.5.0+up1.7.1/templates/_helpers.tpl | 66 ++ .../templates/clusterrole.yaml | 77 ++ .../templates/clusterrolebinding.yaml | 49 + .../templates/daemonset-sa.yaml | 175 ++++ .../templates/default-setting.yaml | 244 +++++ .../templates/deployment-driver.yaml | 132 +++ .../templates/deployment-ui.yaml | 182 ++++ .../102.5.0+up1.7.1/templates/ingress.yaml | 37 + ...king-image-data-source-network-policy.yaml | 27 + .../backing-image-manager-network-policy.yaml | 27 + .../instance-manager-networking.yaml | 27 + .../manager-network-policy.yaml | 35 + .../recovery-backend-network-policy.yaml | 17 + .../ui-frontend-network-policy.yaml | 46 + .../webhook-network-policy.yaml | 33 + .../templates/postupgrade-job.yaml | 56 + .../templates/preupgrade-job.yaml | 64 ++ .../templates/priorityclass.yaml | 9 + .../102.5.0+up1.7.1/templates/psp.yaml | 66 ++ .../templates/registry-secret.yaml | 13 + .../templates/serviceaccount.yaml | 40 + .../templates/servicemonitor.yaml | 40 + .../102.5.0+up1.7.1/templates/services.yaml | 47 + .../templates/storageclass.yaml | 56 + .../templates/tls-secrets.yaml | 16 + .../templates/uninstall-job.yaml | 57 + .../102.5.0+up1.7.1/templates/userroles.yaml | 53 + .../templates/validate-install-crd.yaml | 35 + .../templates/validate-psp-install.yaml | 7 + charts/longhorn/102.5.0+up1.7.1/values.yaml | 524 ++++++++++ index.yaml | 44 + release.yaml | 1 + 39 files changed, 3431 insertions(+) create mode 100644 assets/longhorn/longhorn-102.5.0+up1.7.1.tgz create mode 100644 charts/longhorn/102.5.0+up1.7.1/.helmignore create mode 100644 charts/longhorn/102.5.0+up1.7.1/Chart.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/README.md create mode 100644 charts/longhorn/102.5.0+up1.7.1/app-readme.md create mode 100644 charts/longhorn/102.5.0+up1.7.1/questions.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/NOTES.txt create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/_helpers.tpl create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/clusterrole.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/clusterrolebinding.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/daemonset-sa.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/default-setting.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/deployment-driver.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/deployment-ui.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/ingress.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/network-policies/backing-image-data-source-network-policy.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/network-policies/backing-image-manager-network-policy.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/network-policies/instance-manager-networking.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/network-policies/manager-network-policy.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/network-policies/recovery-backend-network-policy.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/network-policies/ui-frontend-network-policy.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/network-policies/webhook-network-policy.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/postupgrade-job.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/preupgrade-job.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/priorityclass.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/psp.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/registry-secret.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/serviceaccount.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/servicemonitor.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/services.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/storageclass.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/tls-secrets.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/uninstall-job.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/userroles.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/validate-install-crd.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/templates/validate-psp-install.yaml create mode 100644 charts/longhorn/102.5.0+up1.7.1/values.yaml diff --git a/assets/longhorn/longhorn-102.5.0+up1.7.1.tgz b/assets/longhorn/longhorn-102.5.0+up1.7.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..391e9b54586a1b70d1ea1b0b7ed9f3eb18540c86 GIT binary patch literal 31913 zcmV)JK)b&miwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%b{jXcFgkw^p8}iC?ARVPb+tX4`}1B$k>o@Z+v3tCIkS^l zHrNf4h?zk_9vo631~LS#}9R z9=)Do8BS^|g@j8wq9p1gj+1agcx|zWiZsUaAi-18M{f=6+M?IlkOVWr1!YMeef?jr z(Qa>Vx3?4Qd|g{!ffOkYiHEb83rVK6#Z$tkREmI!K8k6Q-EQ5`Bw{zBzBFeu8W9nU zXFP|mzRY%qMB?4rT80wEUhMT=sZOB(h4y-XZSD>yF~NcuO2vyPCFd#WqcF~dBs`Fe z#kIwZUT4Boe65AG~qTnRkk5A~8(}hla=$ z)3}ekxBs`tUmb*sbHy*%DKUp&84n3SZAIXA#R8IyX+qkT2Fa0xB$(m^j|p#EPfRdh zxzdWoGupPKBtnWMg@-u2rpY*FN-JQqv{~?|y=$MRf7E7cV03@`NIGrcxazcd`?tedg_cjRx-DF}-IA z!suM9H|R$V%W5D!1B@h!Iifxq;aCvAh0^H1RqB_aGBg_Eq=v>0hn(29DSs%WJ@oV}HFB$a zy)U|3sLQX(p80>b`%FnUFbd#vrvn;_>bjNlnk}?qSD5_gBxQn1#x)`eFW0{lD2@P_ z9Ubn`W5%+h|;^@i&6_jvcUi-m)IlwpQ*! zMq6Wlb$Um{GrAP#avNoIt#1ErMarL=dK(&oiixqTUyIu>_Yy3TRl9hhDs8BLMN?>5 z=N7bF?wPSzPF0zf9sEXDK~SgE3i@$E5|kw(B_TL}JRK(!Myy4?wz(=v>P@T$irf#X z74FE=lyUh@mP9f6p33$dqAMa@^KPtSkO+nVE4Zd|Ih(X-UiWpUx6?b=Qwpar;t5NM z6)wyAdUSE>%03v6gn|aP(IzTv6fsSugWgNS5#StDHh((;4f5g-N+S==MP%9}dX`c< zhEhtS)wYf?NN_8Pf%<4{BvQG^ z4l_AHP}JfCzBXY@QJki+vNKr{&y`_$mXhQ`H3TjLu`0P7o&n=@Op^dGRm;Hbyoq{u zMG;*9b?4~pXs~_u{V_7$aCFeyMU0~uOTraQ0)GmLgal*TmZL%yeNiC2dSR_-t=pwp z99w%?8}J4%$&~H9+{Loh#!aW?eaTgKb*gYv2!Kmr-bbgS_e>5r5hRhFjv#zSLzqU^ zxHJ9+cn@~D_78aweS_Y(z54UUx^!_{x&ehXl|=(8LTz@2;J)aPFyR-EOCoD$W&>Bzn-7IhTZ)AilK8b#%Sccobs+)7=z+-+d%` z=DbO7XiSXT7pTWZD?xlCE`g}zRvuW8)9aByDdu=eB;jIJkngTXVxVdZ<7BpCFs30! zAeDF<{6EPNGJ_34G)x6C>dnU z3>P?_;W1P&AIhtI$`t?!i>%?!&Vo1Dq)!tQvXzXs>NBqmUK$s z7kt0L0!>*2;^i4kbr3A3?|K^Ojj~LT2-w09nv;;th~Bs{Bs(|6I?}Z2qpq6$U60D> z{hJFk)zd1?IjxrU;mi4t|Bq=?ZoowswTf1VPx= z)A|>p$y${ArU0bGb|EKNt8+=DOi0Oq#)df-HK}J=!iq?03ga23u|j66xX39%ts_(P zQl%R8mKmT!uA*U>rwU`hvO*BE1ViA<|9D%WrR@B=Ic&S(V z23i%@`!y-{cb37x*E2_=cp#dn9ni`_jGPDpqy zvgz7nAO_-*0i>I=x&#&1YYWwgitD2AYo$ar%7)`L;FUNX>_3HAfz#=voLr@2jw1pSP1}>L;#N|^M~qLEsu^S&gqig{H6;wg zcoH0R1QQ6YetUzcejf5MLr2GmaRh2H`j*PGR3O1(*yIN``h^WoY&d{#zqLiyB5M63 z8ewBP2#LA03qob%`52QaOO&QKV3F&iF7CT@V!?7n{bPl`y}Sz_Jw{eK>vT$zNT6#% z(h68J+KL9I4<;HGz#3w7%nlQfOS{64Oq(>L0 z=+JBrtSxyxYTo$!S8dvJZr`bS&zD|C zp;HWt%Hx1ek|<>~k$RC=7NrU7F$!9iDk)0}Lhb#V3nj&lPWAtXKf-_C9)Zj5@V~Fl zPe8Eg>X(?0iBE?2c!sa7$RBgq@*^7LNskPul@JOJFLf_Rc+{^2Z5{$qxYgn7}lN z*2dM@29^^*M}l>gCFP|x#zPXLu6o<^k8WrnfdLUH5U;_?Mo;NT897?4Yc&V7@@IxU z3zCis=Nzih+AAm`qNuE0DypwkARI-S_dMG|kx;`p&Q-{_swX5;Dv0oCXX8LqEGGrc z0Zapk)toRPwcouscc?(!?HT6VF&*ZS?cH9{4K~1XQqx}K``~)$u;M|QU{NfDsM4vg(p-~=?BTU@kY1Q-`=Bo7lw4@V=KEJCfo?3@g>+h63kz~sY8ZgguZX$-)dq}N_k z;V_fT>>YS*4hRoPB9)25M(*H_3sxNxpiv0Ih?5vgIs?mmf_bEOM^K1U9Kz_=^VaUp z4lt7eel{cAt#vdR=NL4iHKhriW>c@HFp=_x&5R^9C2b)@ZbL#M%|en%9M=@u%8jj| zQf`P)%aG;{D3~RZ#%Rj8($;YZ9h@rVEQh5gUnWQsHTGWk#CWIh#qpu7-GUg}6okg@ zEJ&F2hRFz#dYMCR@)-)!FvsPb2*PJ1%A0$`xF>l$jEs7SjDBcb--J^ZS?R2mREVAT z+cZk7bt7T;>h1h_9we;#MMpH${%M@11al`A3Y%8tDQGlLZwBT%sI?iYvdruru~9z9 zau2OAqB!zoP63BEg;Q=QWXXt*Gwr9|(q3Wh2l}YnIU5-TMSMgfO5(_RmWqZ{Js0i! z;<-WBI$ms#TGJ7JDutvA^cRAT6U{|~9|ULsgCCBJk4~-amJB8!8H9DgG_rEBrU4~V zz}T>^NUT;zSe&jYn0H;fW`4?A_<@2xV8&Znq-ocyP&K<*hIw? zW}ntsInj>BMtpMDL!=BgBME%eG{A4P%6s{?Y0cDrY*-@;Dkk-L2sD@l2ZY&^$g;sNY?bqjqclZ_-s$AxX46Ke(7JF@*78GL6Ed%&y zcRq)0K@v5S7EP#t2$ZH4bno;U;=uWPK^Lx;>cV##+*>-Oa$$E258P8%D$tj9;|K2MuJRf$YPcRf~1(k+7g@2f4t6yB$Tl} zdGry9c_Q(xw~25~=DV)};BH@^-1<-TZco44Gw;ANP&vHxKh4Me+I6Ybp`=`kpb61Ma~TSyp6O~+9PJvYNIh(vQD^C+y3c7e44JE>2wkJ`26 zz3HQWH!T(@s}zlMGV<2zkW-iu3!UN3eg+*+K%5$=&8|4kl|*eSAi!mgo~ofWJ6Bt} zH0(i`qhujV5)#@)j;ckLXQ?F7GtaZ?9Sgge&~TEsrT4M5$6m)F2+U&bX??~L5YKw(5WMJC@6h(2hn8B)F_*dH!4cg92a!EQV^EEhu?~Nj_?|l>cU&YuZyqtF+Rk6W)yGzze5~ z$jBXz#ae3SY=p0!IQB$>kXd-G`+$+M$jB&*F9>KZ`gA=^Of{KdQsiz}tt8o#_s8re z8L;Tshz1*FcQ-VlG0!V4WSPE&NuVSgcZ#MyI)iBym%5Slttus2OdQ4(Cz+Dd_PkV7 zTG*Tu(FzM~=c=;rOjWZ@7HPpH)I_jiU|oBc6Ri$9uFKulPSw}sp^1&5Y`&k9G$siZAfJE4RMr@}RejxYzwa6iS)x>bl1S~M&1ftO?tSp!yF%v{ z0aY*>5Uym^ax=t^&w`f0;Eakp3s%3@hD)RE;2E!eW5wEKdpvJm^MJO@&ov$m9sA=& zg?4MgLc3ooE_CrBjCMZC*0H74BNjFGO3EVd5JmZX^_EF3V8R3S5sIUWQ*$D&hmIyV z8SC>JE;_EzBm@*18wC2PBOYMwsbXSPwTfXjV3C0S47>vy3nixsjIkSxNmSVvwNAwe zo>?Ar0>Y{`s+Qhtpn5^q;)>-vqk8Tfnb$v3IXN~`%j^fx7JF9xl$bz*{aV7o2h9$gw zZ=04$HKm zxX=b0HEjmAVVzz{$B5WXqU_OpVJjht$CxI$#V#b4nKnw|*hc6od?64Hg}MCdY8|Dk zRLpLcTqo=%>6UwPZX|g_SBjf_-X^8q*8_|HXmI7c>7o=zVBC^=3lGFKe6)Eo?9nUG zdtDcQ*wvB1Hr0w#+#C0D_n=?n40D`FLZZ`RI*_BmRg)0Vn|Z_+0}~@5jeoPaq3>Bc z=G+%jEG$AC>(GeYf->Lp&o18Xjy{Y8F`iCv0{W*3m$u7193&7aOCqPQ7X1!F;yCxn zJnNyeGAtNFqu(-)4CmNnW8gh2O9Yr}YJpD`2{d+x)}v5#Ynpv1=Xp}d(Il|MmK={p zG;9}bK4Qs;@+p*2 z@O+Onof5SS+oO82CVh~0z*wXG!iA@6p0+i+f9*oa?*2~K%95rz@Yk-+@T9;SmEIuI zPOq>5w@GBRv3$v!U@@_$GJvIMBFR{LPj#HC7vrX;?y3F0r0vK>etH`ld2>3J)V{Ww ziozBmDwKLlrzsA>yfHz*CO%co{zj}$r&AJ9EcLECINR)sZ1tW-6T#TjAgppHw~i|S zjnR>YjV!V9KID?R2Zs};nUMNe$%LS*gx;c%D+zj=aw3G;%a~%>*p(yBl3&)|~0H#v7~8CP&lD+ zWN6bi_EymW9~>!U&I-u9Wn&bR8Ho)RG>K@aEGkfL>@hGwX2ee7n2kX*te)Mj zm&B*Zh;<8LxdWWgu)Br2Z?MF%`s0Li2504e#2gOLLM1pzJIu!Fk4uh2eV{gGSXK@MNTVBrbJGd7glkUe|ra?78)dK83j|96C8P-pQ76*OL9HWczL|`Y{}&g zrqx?B9;ciYyts$vmfIcHDe9yO@N8GT(7#s)x95Y~GW%&%pdl98W#+|PDJ|TtY3Nw7 z0!zVL{5_TE>BZpq`)8ULi%@l{T&3bra)U+$%ZwZDp0F&A%r=BOM3!7(I@Bs0oc zGPS$Cv%OXOY6H!bimyj@l8p&UApyHuxS!Gly`$eebJMU-ag5A z$^`MxwFx*0WT4qYsm4|DlZ_ZX*CrF;|9HA6uex!31l$&XW>!#d0+&w~8?)KrGsuQ9 z4beLyISmCm#$qyLm`BL9Jk_8469Hy^SJ1T!xYM+>0Mvc-9P{=FiQO19T7uX@GzsGj zR@Ku1!cnAF1Fe9;03B(%(PV5paHU4UVBa*hl1x*^F{iQTDaUb)uvDKUFc8E6Ss#*9 z4gC#W^KPID)+`md3INA;w62qH{aLS;5q87etlCq}@4eXZbn18bwj8M1O1OdMY&8ly z)=DDV;5{8PfS!spy8a-?@|i8PSlqo`Y0a-ujPU+T-Px+6rzbL*tLw|zuv9m%G~j}wyUpa|`@ z^^N?DL$dLhjcKUHAR#E!spn@ta#MC*NQp-(VWEnT`VQ zq@2#MBrZYv3VQ>{)OCs1%^9xz=uYKC*46o2y+v8By4tz7nuPE6?IZ!ZvKIitd1V<@Y&fg-$8fP3Pqvdk5R!fHT7Pi8=L2 zSxE(>Cyh;RpkD+_%pq{?%;+Qd)*OOZmu;&QW%qnRlwHGJ4i%K$sjAWq3JoETHPf3eapSP?_7Y<?tb{Q6aUWVhlx|z`0>l0#B!!K!XfG)8 z!QF(MXiMHNDKOj&xH|3Erza@q#>{=OqL21k%ovj>baS)i>h!^9%GK$=+T^%8U1ehE zG2FzYSU|}yIuFd1GOd&7*svUX7Y)Ry@u+4+ygK#Q+R~jkF4jy#(bLE6vKOPTZA+y? zwYf_L#?cF$KFuqbP=0;bg?f!a5)QbLiKMYUPEAU82-(|q^vRWc8Fijqf_Y3y;oz^y z-wCs?+#Klsrr+N&A$^qJVkIeGAviK&PWuDa6DDLI2@%t@M_H%6`}^|kg%TH~VFIZT zi}Elm2Pa6FaeuGM1tQf9IGRzc^XMKN>}yR+)mGL$Nuo;Y3RU0ib0hEDTGwQ*k7(+P zX7yfDF>3Pi?Zr|9P_^ZSs5er`nrqHG2stYP8H-N&h_wZfVmax#TzFm@8J|MKIT|s0 zyA!x^z^e5?piiIFpnv}SmrtM6@6VrM9f1rS+vSO)Ye3dNbjjS^px}DB!Carx!jkG} z!mXO*Ik1(cB#II-z~5RtnnTVCzD^)mU#Q~?!>?T|7hK*OlQGjeO;?K z-()NT9IAO@6J_IZ7 z$?f(qWVDlc@Cxo&&ZZ9Evy(Rc2>^_$X}?ZgpR@0lq$N} zhN>sBJn+6XVpb1G7{*3ws%Qa^QcQK;_|m1%Ps-QG6=Yo>0Tt@XmBuKSA2qWV!(>}9 ze|zXkklgE1Tu(DW^d*w)Ch;o?z1V^@GFY3ltQtvLCXt&_sK_C^KF!RJ9kxGQx<7nq;j6$ z6Zmv+F%ZwZYA^|CObQ2mA#PpqG6b$Kj_@~OcS32WN$EV}Zg1}e(A20SI@mtX9hT8p z1~fqf7O8ovamCS;3Ulnjop*F8`}7}!i-B9IH9d^p%w~jhHA?Qvb(`_mNG!)uf{e1* zB*jr^$1WB{Adw9N7+DtsWt68JtmQ6HlS`Mnf9!Q!xif>1PRQTd6_h7Pgqs^H=h$>w zZ5;PHxa1%tb&w9V=fXc-PGm}SaM#dLk63GD5Y)JNV&(u4X(B&ylVG?k)e|gIqGIkIkrI~fS)sS&z$Q5s% zTR3&tHNw(tBYPl4$Z={mS8#DO-JZ?3 z2r((9O>@aK1XB}2$!@2K@)tV|GQ53Hu@z1b9{$(RU;UHYR@M04kPi7uTdPx5<- ztPB&K!c|4B?0X$asg`M2LEQa5H8yn)HJdPbfxw^3luJdq6qip_Lr(?A38%(7#z{!m}5H@m2uj?|< z*khqb7pEw4UQe-Q$NB#-&!o3m>zW$uO7yJ9*c==^9e60)UMRGm z+OVj)PWGNvuvNmkzrFouVLhMy|9G*p)AfL^kF@qrby2CwPd|5YCMV+OZXbR6x%+4P zhkB|0)UQ5&{@is0FU17*yx2PQG$(u?2*0e3Abe>d9T10pL&KK`Bnh9nzmV5s&GiA= ze%{F)TH5@!YNfDemy-zd2z^K5skQt%&$s;%%498`5SW;1p3Wwzjgo8McofDcvS>Us)t}W*I+HL+xsJHE7`-( z#VQ7un)2q{ypQ-{np#X3a~^o4KA1WD!H#Oquyo{DU>vg{j(Z`NGA2D;^Vp{HHQ|KS zIlkRp3jm2lE-|{*2~?7(d5>%tK4d(u?Z%=hvJm|?6+N_F++{P7d*#8Y^lJNg$M#G| zZs$q5iVnxRNn#3paD{5=QSn8(Ld#1OMybH5+6%g9)K*{rYxF;(@pEO^&hhl_I^Yuh z@8!XZS0(-L<^I9$qyG004^HV1R@Ct!4tr`LWSsu0&+=XWRZGL&&NWRUckS*ui%G|N z6Z;)h+F1z{?{rM4iBK{$KvmViE;Bv!8%k&rkwl^cHG9El*Y5-frxY$$1TQ%JB)5_z zI%~W}O&>PYDHL?6FcXqZ?Ms-q;9M3Rgl2>fO|kCtZlMMAQ@8t%0yOkfH)WB4%c|fs zjrz;o?<>tYgSwY+7pv%QHGJ6C=|ogb2si=|oZZg1^Pemd+cASfsb-r|{|QT+#>uz| z;fIcfnc~zhW_A|@^hG{QFDE$A(qz${NkTL02x%}`Lsj-jCX`tueYH^+E-%TP4) z#}uz%>JFz>Uxh4@#U7Nu*lsLC*7FiIBIvc^QOD$8^8WNb+R#w{Z|}2p$oqf0&*rLo z`xxl@piADG{#_?X;1BPEReX)@R{PFxyrjvvJ%gSNlKT945sKR*nt-2=Vs8e|3Lk6AS>rmlE zrJ%h6qWY#0nU#g4Zo8JwQl(ZpB3s-j7Ul`e&44>dQgKt{dM!ef<%o*IK| zF`77~PGc!R2e4bnta4TOHXfx_E7MHES;HGLoG^A>2n^N(h+`TpDAL$*P$~$P1hfFV zBI{`FD%Oqaa}{N!AL|*$Vlt$VH%u?Ix$V{Px@Oedi0mK;I`^aNvoHKzjzgKYUAXLOy5LI7X2npwpHTqpnrGI)qxuWHGAhBA8ZZQ0G&C#YbF1b9pmS>j5ajKd}3 z!0U187gR24)_>=)3k2TC2EgL=fA`>JjsO3}WBkX1JihS5X)1C#=i=cD;%!aI1+my^ z>P=+hN2$*6;)fMxl1NFY!{yE4Tpb~+%r+BNZp{5AMC=sk+t6CqYxS(&^S}BotfofQ zqd-D{tzE19<6I6#>C{$URkFY1Y24Iw$(?4Yq#koPi*N_9d`6~(DAE~sO56X%?O`<* zpFX*+K!sj8grvtw$^?Zw96x{VFE20g*rz5f-{Me#kh+h4J!>K!X%n&UIe_v-&>cCn zRGLn466IxsX7U6mhzesvM~M8>p;o@vE@tDN4(&D>dwg626#P9Equ}I)~o@XokJYvkHUnE-wcc?u*{;cn6UKKH;r#H1lAv7zP+^X-@p^E|PYa-5}jZ0;5KhDMa@Q%E>&Y$_P@G&Bc->)MpD2;gMS zcGH|FAJ{3b*SfVa3*e|v5K-RHkY8kb(exn6tU5-6v*Qo%58s`5z###^8_uRhwtYxiI|WS(L~=++Wm(CX|~(T){`$Jm4pKZ@J$Up%ROOPD=HUM^+jf* zz+6zjNqV+s$A!XdLBsX@i6CiBA02~`W_*6e^B8@7$))=_gl2KvqWr4rvB^e>o! zEd!oS&JBmBn>rVHJ`x{)kB{4etk9x_+QPfj^IB;+=Uf4q#Xx>T|IC;q%W-179H{Om zmuqUQu1qn`{e~tHyRnyjRYQ~fRCi@ji<4+IsI3b7IO|Y#>y=rx_HW4ea9;YNt7h%r z7>zZ)?#$8Mfc<7W-m)Li>g-df?&$v4b@^v?LNDZ? z)xlMHXmMXEFNz6S-Y?s$%F+l+av?dEWIWen&RHDOWPAmmEE`Pm?Nx&HjjS>0qwem` z&Y!!LT}0_N|M$rU~5OV^TWj$~b};F_*7ZwoMPqz`gL%#d1-wN??lMam|W zbncFMYSyIU7C;l(oNpnh@f)N?_kxbV)MmV2tVFOfN{X!^yM!4*`+H$O%9ZYOi?DA0 zPfz2(geKp83vluN-~Ou?FDvmsyE{9N`+pDd)QT;gPUjs?7ezLd*km1Pv!*Dt2-Pua zAN>~i6Ek5FJypFr6{t%S2nEfL9~uZIPmAd3xZO*b>(A`;(=P)p0SXg$QT3Y1yAiaG zIDz|wurVp>(F{UYEHIW(Tg1x^Y_cPe1INFa`^O25iN1^Fm_WvX$aM$`2QCIZ_=OFF z8&y6qm+?oY#=@?(X>yZY)B(fh2<|Zz*Rc0YqW3H!!u3s;a&su6;yQ?R!2qJM7xrmk z8=LHm`F)HfR`$F@-{FlV4zy*z0NoOlO(JMc*IclXJWM1#9BBuQL)3f^1RKc!Cz1x( z6j_LI1K4}O{4kU38=c{~f;7$~3rzawHt2e=Hi@Y@$aOX&e8Aa^s>OmPN^$Yqn)kOnm0j$`s=BDnUU+3ob#k`R>jC(Sp z(mQ)yqt~fm#CSnSwdv)uhBw*Qtgr#;x@5N*L;Zds)B&({Zqx9)1f8uhZEc`oLWX5gFcf&qMyK~Bn17ON({qpI;aT+-|H#Ud|U zVdzIN(Zz#UU+TNCS4-Qwm+t+I4d3D0b0U=)!jhUkDN|sIZv$@2wChI+@Vy}a23WYo zxR{x-?wHiKvr#?54|dYc)pn^Au4VewzDrBmS==SY(bLtsB{5B8eyh^6XXxoF4t>{c zfD`0fAJE6IOr_&OqnE`dQUA5Rx&k)8zlvIw4ayrN_p=jGM5atE4-1V)yZ*l3aNB;$ zqXJFt#tGHlEgqWJZ6Pm3{i|{XJL>J|y97^QvtJlZQ1?H(=qX$R6Us`XdH**x)%2-* z?e&k2Tt-;`j`X#spN1XSWN>-DS@53(BEO-lX;%7ZES!?H1;5OEY(dcy7q{vBdh>HN zTsAak+pyHKdEC(VHJVyJv6DL9X)z>=P;Q#fNi7jJp$ZhjKim|wZ(A5qwLvHw@hE4K zUEp};yKBI2CiKh2zTv#`rg73Ym=9R=_DvRTiX5)toklHoX>A4)ASwD=H8lGusn zdDv7LrHDb50Gm2SdI>Gc?BrhJYHQi}Jxq;rlEx&V0#ZEvh^egj-t7F~e#zhlQ`yc7 zx2&O!?n1I8%s3~B^%tL$VMgO44?dQSAt80-OfyB>B~<>tHIR9Le8Q4e#Yek5Oy9h&Lrk>qgq)Yc$RzP6W+U-$HaFV4LK<;l%y7}nBB>O8WwV^I+F6s+xa{4H+xdE4I zvWr{0r@r}Kd_B1rcdzK2HiBiBVW(zyBsDVv(B)?a}_|X)@ix9_zpOk!>dC|Zn&vJzWcj4ZGPAzY2 zlU>uvUk|Ob!QZRXpMu=2v22sB3hN$XV%`&Z!+16HCDHHOM7J0ao3*)Ahm$dc-I^PV z-^6(AnOM3&5PBtoQH;k+%&B^~o5WqO07m0Cmz6ra&GKN43Tf{$U4U~Pyp1w~Sx=9# z#HVn(rLUjauR79&+V6|`q7LG{qkKA@l89odcouL5de=s2kW?yGe= zi_=e6?|lp8?wvqK`Zj>2L@>7otlmk}z-C<$Q#K=(RN^>;jeZ&vtvg?GI`zB}s;nC= z5k#2|D{#dF$?0^7M`CGvn~f0?CEq}K0aPU_K8QB!UL)vx@DwQmUCfj4J1Ntnn36=6 z<(}<<8jC>8lQ5V_nFb*gZY2hnHMPlZ#Vi?rdp}c&~A%=eajpDUehu2T|38bRXV*&GB#B_;pHC{w{8wwr$^sLGljY7EgV+F`44q7DqnH zaPDhN-j)@t68+ohTXhic5#u*89*ad7k5qwGFb0SlHF!87zmnXbdc$~S6G4~p&9)Ka z?KTb;fWNN|9|Qi!2}yK(k=~`K-x7h1e-qQBwZ+z3Jq_(_RK2{p)eFxXEaV$ZV>a{l zQu)oT-KPVibYu!F)-LNnR#E=aXa4=CHvfaYk}=Si{@pbL#IpSF2Rl3E{0|5Fdyn}a z9^zS$|J|{{!YmNLA%W(Zb+Wdvodv?Cg|Qbb_R;R@$=|E!KVTC0YU9Q9>@=bBsFI>R zPgesQca5pYe>b_>{k)4`i^9HZa{ zb^rWnB4zp^WD)t?h5Wbu?d@{5qyB%q*xA{h?LI^Q_8N8fc6PexAODFWh9JA6A{9-> z|7j9A?x`;c`P$}jtR}**NikSAT)#6yubZi}CdvK6H20-M_mGPo$YO|8EZC4%^!Jey zyNF@NStG-kw~3I6phP{7_7*>k{jFjI|8x zr@H%VYYqu%2362Z$ZUa`7nG_@d)twti_;H>mzRe}-<_O)IDL2cZOy>99(>Nc6qsR5;fr3M5ZdncOz9yXT;s)u$WlIq6^9O z_VkC7_a_$@N}PRjvSErfqTEEYI>g&j&0kmT(ovV?rb+|1)}5aW-ku&EerQlRD$93m zGnK5?t03;l@^-lUtI(?GH#K&r9vJD+4tp!hR>i!okvn1SP1bgp`(kEQ?3)@}y9bM| zdsuSe!?G(Mnl5r#dJjpPn@9@1>(qAb50D{Ws|$BakY5Yqp7P_HwjR^t-(PzC8WOLa z9lr+F7fOzAFnP?4f6uw`>*&0GYWzBA51knwExI$4XUUFJ6vf*Mw8 zAtRVzr6GyPI6+jR8yd$b69mZ#K^mbh)a&|?K#UO-vLw+L0V2tuhHhd;F~Yib;Vut& zv8!2LIFC1wa zZ1olW=JbezgMCX5|7McL+Q8y@^}o9Mi*8EED2%DMT6%x3960d18}VuYL5+QPb!yLI zh&qBT4KUC%=iy=s3^Vy*1PfKZj5cU}F71zNC}okK*Qa=QIvEkpNu-Yu<%yY2#|d+< zPi{$=fz&8?BW?&CPoxgt@IbQ2wsc8&WycW6Qnf_v1LJaXYtK`NYKZ_{lR2<%|-=0C2jv+TbA)6sh-2b>7vT~NL3vgp;tqkYWnoY^p@`Td-j zj|;5@aLh{tIEobCz3#8uo&p6v-iYwmu4du0dt08qua{44dlk2koZ#te7vm7(STSP% zuRGqI+N!9G1*~+hw}}k5Wh}OhD^C603%RV6z9#ef!q;S8C>%0&O^I1TUtgRYou6Db zbrkd0pSrme?{`~B`R-PC%vqLp`?*M^th?3aM6iql7;}G6cdI)ieAw-Gby?9i$}YCrn{RakfH{WkZyF4fPL)>r$k zJjaMWn8f?&Q_iUxl`2EFDem*$!tzBn`{V7TT%F!+7o}4Fo_0{KP9Jwq?s4~|MBcS` zPD*gT(5}hV>En*ceeal*X}tb!Ng2`|c1nUED0!|*Zms)sYdAWRf4Ux8HjjCMnZn_em>Mvc+=xX;Z*OV{voL@i5 z;ZNfBIRx|F^TZyHmdZ`NhHh?&JR7Lp-IaWXIl9WBj$x zMR)ioEL6*Ryf@Qh$p_T)HJwtE^#q4y2H(T23MZ0y(Ks;kRdt6Ma$ zy80(qk`#S)P3BwZE3mdv|8)fcT)u4|!L=^e1iUryx2{_gm*;Gif>5y<(5F3V1#)dJ> z4y~rMAzQGF+`jLmrl^cX?iHxt3jESC?D1LusagMxkk|RvDG}SnyupxWL;KEyLeY7X z#;|1l-`#svI{&}-YIpC|t&*1$r zd0cZg{;V$l?NRx5vj0zQ3iz|Noe$jr_0V zT=b@Y8zxXyzC3u8{}1szxcsjXPY*BpYmj)9`j1lo|G=k>{9j$;FFwoU z|BIKU^Iv=WFJHcRl>ZO$Jh=R?5rOw8|C^-lA4S^NhKSq+L?~#G#@U!AcNF3Fmd@e4 zp`&QYF^m9x(nl}~Hz)SIHnzNT7$>(>NP#{t#d=w5ejk2e!$4wjy;eiZC|yn$`TJbX z+Q@%*Q=r-MT6G~hfU*1R*?ou+k2xPwl{7Jot7?(e;MjU%@oTc%{cM#GhjwdK zq!^Y|NEY0;xCL-Z#R;dC^qf-MlV{IELI)Pdg(T3`8rEM?k4=4@ChT3%W=qQMxtQsV zlU98+H=TcR!m6GIt5Ub2(n=)0-WPuy3Tvp6V=|)GF8Hi^1W*S~#80;ap0?KVKLu~U_z-}dB z&L*geqbU_%hNzXMm!P$IlJ5Opr0O5%sgeIF6EaK397hB^a(6xlvPAwLyxiX{-~Y7p zYX4FGKg8q9pP`!Hxy<<+8x|x@<-kODLgHypOt#g8?)H&loWO8SwSc_|PEY%8AHhqJ zg&`pkiMEDh#5f7yt-X4_D&It*_}QO*V{B* zZqw#AA5N5blD6Y#$s0`LjQfd9|5%wK%!R9WOBYcOWO>erHIm=1l?TD%_n2$q{&G#! z(Rl5I6LrA8P}T{H%46z@drm!3OX&6UPt=0DLlTMy(*Nr8e@-^4{x8%2U+nJemGeKp zeEITG|9^<5MjE7?TUyBtm3H^}RpC zIaK}L#R1u#6OOVZA{^Ex1m_4cPP!c}VUM-k?V}Nn1?i-mkSQQ(bg zNwjw@v+w-A1ZLg*7wP75|NW^&{O^lbrSreL2kO=1{C|L__QJlw#h@JVqunaov)v() z*hvKzT^QSUd1Oi|(z|;_YV2to$LwZc-=ByO$L4A(Q-G6yW|WiYn6vZG;r#GN3y4J3A{T$Z_;7gq?(}^}TcIWx#|i@d@^o-id@(pZ&QWkTC4wr&vzYYJ zxq5k+%pqIqTbg9I4PQs%Th6kyscx3qG6+M6$YcSpq#UqEa8@bt1@@U{kWpb z&g3Z!5Kd`M$iT2ZFp@r*?A}M#^J7CL6_p7engW?1UM*$Nn-7IKu_p1pp-DuO@iH0? zO|b_gBa4Y~16e{Y=v2qvK6kDMyNL}%HdLGk<5S4Zedrt_$uf`0iXB##DH^4xp;*Urnma{k{}yStD1{~qL7;tz$L5>iY6x{~{};X+7QQL3VAMK|h0 z?aAoe^Tl%m5eu&g*URWHf+Zc>lV15tX=6jrs;Vr=|9r^tubKZwa2mOJ|NFmt`}<}4 z|JBap`M-yG7G2nCSG)x(#+?`0JLn~$tmTbhrdYz{y117d*+uy#iWmFpyD&M4;Ocm|)|4b6QOnU3^LZbA{i&;l zzT5Af9cFTJZc3iplHILt&MDn~ceV?c4cf1LR~;^o?ry<_hTiRjK}NfuKYv|E(#lqFO${s8O$-a$qG-`Ri6|M4J?k*;nwPKo3+ zbhGlEVFD|-gOW;bn1m+dUdT9M0{ z$g>6t;wYj@h~ZeDpet^xHp{b`b)Z#qn_JJV?{&qS&uj8~)f^{uUNLi1MT^lTNt800 zNbh)HANes;ZD~XkN%#!M$ld9pe``Cmmi+C3i;&}#T+%6FS$@}s|8gVEa00AMldi~aSEjqBIvRTL^8)clm?`( zP$6ePc|5!dUurlSa^u}g_PkXFW7W)grJ<-PQ%H+f9tkM#3V&%)`7im@t^bm7JSH0p z|67{>;nj=E`LDV)@^&MWNa zN!I;~V|Mccg!r7?rZ^FP2$V7k!x+=44OQ$mU{NTBK7ZC%m+HtN6LIp6MWl~Tr&AJ9 zEH(5Lb37%|JNKn;tvnl@lQgCw7R^oi9XF+qSe8iFx}q^P2T-!0BC)P20h>5!SX=`>Y@((WBGA z|BVf;qp&hSb%pxq>t<FB90uUfKE-B#R}%F%{R1 z-Hp7DONBxKlE}{t-9b#f_l^rykSiSET83N!(jAfGWXfjbBEhMcFe#2RHNm1>Q@viy4fVfTYYLKhf z|7!Gq84DBow;>ncviQFjuPWz%_VyqBe-H9}T6+KgCwEbO&CU3VN!APV%NNe}mcv)8 zSPow;b+gpQ^~qQ`8$-sT7jm;v6A~`zh=y1a^cxz!JRnJk?6vDXxLZUOyC(C(=O74v z&)25c%>OKb9MW;Tq4X~;@;{c(|Ga$h;?e$pkZ05RS#%bb>gP&&mgamcE@w+k5S?Ys zf3bute!tLzrei6${D)7*vRY!5YWD*a1S7`7B{?A9p1uF}yR-B6UnmjedopwV_#LM- zc}xQNm}ccM&B|k%mB%zIzt<#?b^5;`oU?dy0YFRi|5rN)ugd!W&hBIWj|X{HJb7&9 zXv694ZXq%w>6Suqo8jZ}n3FMfZ1hvt9Chz* zA^YdHkXUB$h9qN}5dTl_BRBh1{@>nbL8PR~xbV08TvF={bkMWB*7R==rV6hSn7Gm_b|csZ=>jYY{HJUWj&< z>L3%ZvUyQy%VVU%i%LQN&&I~xe#9?qXgJJ!;lX4)o#4d()8|3!m@fQiW(0lKM<4ak zbqa5M$l%}hI#hU3DX44`#!1baMr1Vku#`BQOi3cWDeAqn)&Jr0DX1y`Tut;fvL&>Y zStO!zO_8OlK1!@diS;P49wpWTN~{?rH)~2PRrOI~JxZ)ciS;P4Jc%_XQk9OWfd6l> z3@2*te`z!I@wum`#{VrI3NB5JeXgNSe8Vn{~AR!l->tHr2Xh?7&f)! z_BXY$j$NHwaZNbJFMBs2tJdDz)-lOu~bbYoCA;wq}QQ<<;w* z8m(>Zv3}2@HOBZ1bcfYjJNIH!*QpI^^Xe5Zv_ic`MWx!VN!z_`8%()IO|3|M1B%od z)j?-kZxY$s=UU@hy}F)1hfe8Qo$5_9&;;c9xoUfdgHvN<3a=y`p$Qh>leul@sbm*Y zF&^qYGv)rT5-Nov%0%?wktAyTrLp?z!xs9A+)^Qh68{Ef0i&nnpRNdWt$>M5*o(U7 z_OGM!V}URy2##hZ;~pA7m=7{K3MBLn8RtZ#434R&Dkz*_E={PBEvmlB2^IQd4_2?G z-SdBZ=_Pxk&m#RV6{*z$?^FNVdGVsO|F^fZv-g<)`$3-j(EmOy$SMBBOXv2qQGWHl z!vb}SImfpv*~Yui9K;c(G3s7Uh&exuLX97a7!lBzyD^{w1|1GgoomYp786>J1{VW? zXyS2-@zqWSMHJ=~SY&Hvtn#8Wy>7$=)pVf1Y8DvZmOx@c;uwu%Hq^)#VVx)Fh)t&~K|dT_pontO>5Zw}hJQ8so!;vEj^@<-GR z-26X3IXr%M(wjz`Z(~{f&wl0n&))v4-N*U=5YLnRVx1$kxOF=Jg`Ph@ovI0r6Z!mk zzfRM3b@YM=%OgP_^DtVln?B|-`iLd*yr+Txh$SjsAW3&T3XQp7gCHl2Kh7M zY>KeH>4zheDo05xjAC|^zcS$8Gf5QeD?!kAB%Y#uEzdmlA14vg*J-L>7KxrNzK5tl zKP3!;f(f@Mk?0>!CsL-OzrAe_HVk7nh9ALRFeD+H5)ovHtFZm7*XcZYg0u$<9kGaX zIfs1Zm|12{w{9m@6$rix~SMWD!v{M9K+{5DqyL0%3E^9mf@dXK_sUw%K+=F&onm*?x_woMb~t;ppT-9v%U}I(r^`>vBQH zFQ8khG-CJDP)tW8oQE+n>H3sS+^%s8!iDhfduV`b!pGtLn+rc@0+JIf5xGs7AR@13 zwwVwX=$zo_M@}Vqhm*Pe&})Yp?D;vo4tmJ=`w;lQe6;Kb*gk{xrj{a$+cjHo0RVB$ zzVOK5wdme49!`jmI;?rio+%ON=;G8Qlt3fK{VTCr_1!lA(rfw{HrLHLAien|C=34e$IWa4l-?XCki@$U_7ZP&`lOm~n-a!C zu4E9~AxlD%O0jM4=GjhJ6xbi;{Mq(1Z4UxT^>Ob=uQMeI9S%-=oz9^WwVa47mRsog zb7TKyi@NswIeN-C3;-H&A|`JARLoGNgdK}#TPPERYiF0cx=u2s3y&C|BCL2INMp6A znk%98$U5^B=EO&5b$zm4)qf$<0O1F*YuAt-@`RFaD{pZg+|AkIR zXwEX%=$vKTnb~!NYwcv9uObte(ld$?MjzFxX+eENPsvR2wr*gGlMKi49ECB#3Chwu z?&O&wKUH0fV-yo>(!;uK4*qHS4mrD4%c{gu3kjp5SbRkmPV}-c%D7Z|1;AjbJNW@k zBut_k#;?&+gRng=re=Pj3r4K;6r~)kxE>LK#zZ0^v+&w^5&*L;)8D!APO!YoP`l7C zdnCVem9hkxz?i}~OQxNvTe_=;8RFP*INXOgxESQ*L=j12HYbtdQz{ihOmIBPXMz(D zVE0i0FYUnyi-KA>Jcp{AF2JL(#H$i&@XHhW&}Q1Z%ZzsE`nI1TF=1I8p&?O|D004> zkR@vF7FAaT8!($HCXI;1G!}{w6Lteb0ZFiwB+f_D4Te)}!E6Q=foZ2&NXQMU? z_x$-*k-Ax-59k**)T}tdH144bC1@NN$6Mc09aRog4A7%XOL7+(grlp| zEtKFH9V>w=89Gc;0mER}i739$EyRzC9!c?C5c24w8nsi$!2m_#VXp&WlmjaX3Hm9f z$#pI^7Acp{@>xz3wT5a&`XhR4Hvc$k;WQ1D-Zmv0_W>=-|FBy*|FwT`@aX@2kSF*5 z6kQV-#dJK8H$?plPF)JyA!-F9Sin8YncgOmoDMUkr4C~jUfX1d$jH^AS=mEp%671N zhgEi!JdeqYKt-3}NILNb#=NpghV$HA;~}iCsZ&@-B!Uzzk;5bRdH^m2hZ6%AIwR&u zIN>bO8nAI$C|F8h+j837GR3CpJ7gQ!f2h6%Scez`RX7mP~AC0^+tr8 zLK5db>RyRl=;p?UK67S|HR_GrV^azs3wLY9kTJEebdVB|Hy=bcwCH`HqrP4=ItY#R zCG_2V4+Gu^F7aa-HN_0B=tz=gKSyY)#67+7x6(Vw~ss()7YZs#|&* zBc0q;Q$RqRuD+;4ldDom??av!v2GvXBdZN+CC+6f%2aCK$AFi~b;r@ammY73GlX{%>27RM z4Bc6cCyGHwE0L#I^**?vK%zUc!iGD#Ato4BPj{}x3-#ettyrNx&P(Hoew>g5Wr;{h zNJo@JTi%AIAVq%zY&W*0X??5r!9;Z=UXPc4f0WvkDDn>{eoy6EELgmZKe(oHRZ(O- z=o*bRr)m+#_f+1GU@8-=%1}GKo!-G-Yw2{KeZL!*go5^T!i_a$Qz&R)0kmU@ql;5y zYux+%QjHzj#@aE9s&cHuO>+}`3FWFBa?pFZROEbVN;I<03MBACnAheX4@P?y8hEkO z4?#P>y^S-HPsKW3+G)j0U!EkJ;HZQ}L>D!=-0}LHrCpx^AqnaU?-m9bv+c6!V7^WPO^Ho;#p zosonHG2m>t<~D(WkSYl6`O8*AQ13wq`PMcGo!vZp6=_+!CLXj}6MrwXxhsRQlq6z8 zN3zFoCMN^VZs%+9m;)3rPRBF}0G=`eZs+Y-?(8s=69gDodg?R(CME`_X-tWL&^{y? zI!j4%p<2{|UyCW37xtT3$X|Jtl?hm3tb^X}izQrj$L{yg1#sOQogEFf&%Qr)v5N=2 zUBozwv689lQ>n~pRr2`6X}Y)RipTl(`al;#_9MDFe_P$DKYxqZ2w@A-m0oSSnV4W# zx$AAtTRbeb1@B6UR(W7SyAGS1D4YANgU}%SsnT~ZG|&`-(7R%UZJNcg30<(!t5s4p zvl5(8x7Xk)N|!6!FgZj8GMDk_qcGDA+5S*_~A%5VD2-6sJ^CJO|d5Cru{|nB#qNi7=^QmJ2O$Mk*a#g z+*Af}fq=OZfFzML#6V66->YH91{vfJZaeG;ScscwA^xc}-Tob>c1wk}`~2(Ov2QF5+&b*vP2PRqJ8klC9=Xc`H4Ze9MTXpmpKz~{ zHp!>>wvTq}lw1Q6>1k~a?fV|)H3)>B{@mUFx%4@o7@p>RKx@;w%tp_akGe(nvuWY9huIxjBr zJ``zkl0+$^R=bc)X&cJ;RlPJv#w6pUhn}9LdQm_>ci+Fc__@1J@16b)6#bdZu_NlWdBWmKVo!vq_7veR&M(^+~on}*%mnag;ez(Ak_yKL$kVGFQ)xsn{2Q(z| zhL8m9DU$BJ*jcCZR$PL7+{@+T-iw_gLG+77#Lz=#8at-q`mG`aiQcma;`Pg>mPJby zMJz$4ILgc4g{hpuXhm_Pn}Ph2CLNNSk${-K8K~#y;MPC_10ql$UW4h1ofKTvpsr>7u6;2iLIz|sVqA7h1L2olM1Irb3pSF6 ziKK_45lu=%U{yKTxqeG#Bu1(@Qssj}h2oIth0h$8H~G^%VF6TCuO|e@ax(wl?0x%l z8#j{w_vic-C{}$p)}F}FcCtyiE>~sCFYWrlvgG*gR$CWn1|$&;0WL73hqL+Luh89i z%?w`>t=+3ieu=5UV1P!W(Jy>D-sC6h1EIapes<%Beux*5?s?17;GQFa#3r<@El*aksfeJm(mvcQW#M(t{A`MvVzV)(0)-as|0Vc*?w4$ zuE)K<6eie!Qq3m96hhT_=PjxLg#O@Kv$Q#DwQo7Z!b8VZ9zp_kYr&N}`Q7P<5ElVz zxz=pXO^HyBtl&#tfH3J5rw_;D+vuH{ve42G9*#HZ2Q-nlQpp9co_c0jPdaMNLi6>c zJH}nOaBnq>gyZ07^;BWvx)7p7Nyv-3;T2nEL|^eD-adyv5!kCU1W{N(>qgbG!fV%v ze<3ZK8X-#7EOUAA=(|0w0GYELb#1%V_#mt>m!gbReW^{N!}YC+etL%u*PsORxL7Cx`%$P5;u@RzMvUG2eW6(rKBV>kr*CUCSx>;WeOi z32uTqkzDy|g|uR9ik$~;-`}z4<3?L3XC41gOF8q$-wLyA;M-;R%6PUp!g^dH)Z)uT ziOPucGKbXl$O{C*yU?Ya-XMf4e&_v^#$|tIQz@#_hwW0(wiQwxyi9jy@5D*=sLkEm zQQm*^q;@JoI`F=Ah&lMsJew$chtb$oYm>a2Qs-=7li#k7vjOn8wQ{CVU`&2O*rUl$ zN0v-VBf@He@vWk|*HXw=e8Qd1yt3MZbU0<3<9rX9)l7oAz0}qMaxvj&@&0MJ$LCU& zj0fyLuyT`8O@0EcR5vvRj-6_jvRl@lKL14&s|>8OSW?)+I^2$vdhM%L&)az_!K*mY zRduXtVJ>;q_0mBT=Gw5VQOiFU_OBI%Rwb==n9dbPbQlQYf#mcXIT=WhrS!MeJ8(Qc z8w4MKNFR;Q28V2^F+`ZS1oo|oJ>IB^O}VT@N#y}g-=vg%36FvsR4#x`-^k0pZ5T)Oju4fNtK%g{*U5p;o`>a~4|zF&VXI@rAasnJ6Vu!<_3Yw&3c9+1MYE zM4RY=bzhvr7u-wH<7xyz$(N(>{Zt|KPkkIeaP|I;t!;^n+j$!T)5hP1xWQu`RU_Kr zkp+pU0I!%(6;HL4kX;!t7&{3-^uOut9T^;}dWEj;>ixbgjsL9A-}37Zq819kniJxB zLWPHnM5a4VGV##E!d)u&MnhTzy#uH1V#}wOIFWT$F<4f;)3e!Kw=Z#o2aco~>!5(4 zz{}zC61Zt(Gr*f3BiJ+mDF#C2uB~NbW?*Tq_~LzUY&W_SUR}1lB~Qb7X_JSWlj~N8 zPpF?@=72koS5-8E&;i0=d^hX?0IOc}#nM@iSAJ6~QA1`^p_LMaKggxi)=aakMR|~* znwFv#W+4@PP8RbVCbh8veHMVDeXQMz+%QZ0*xQ(5M3+wTH`?JxD+Nef=JzQ3ZI`slT4xA8EQ6((L*j4doW^8r%(WrbV$OEjKgwT5Wrjdh)7_r zvN!OU|17kVKDY z=aMfIg5V)#n=b@@klStu%6BrNmrAX^cKWC@yU}BCgD-=wdM;Q^P7dDvfa{}{-rE`| zZUp72Q>6UoS}%2_XE&o9)AX}e;>Ul7kEtXr#x3}N{Omv0;so+bKb+7_1$^Jg*L!#J^%Zl2(Zsq6afa>A4M>FvVtP+;r&ts zuEXmqHPPjBI+C&ca!L-T&G@H`sxyO)_>Sryx*qz1rq~onQi>^Pkrdu@Jw=U%Uj%hF zQ8f_UnywopWl$KzwS0vXP!ix=i`hA77~F=EtE1U^sB}G-Y8FD*sCR(})s4)GdbreO z`*9gY+V}Ka*Ym6guFBq5lCXF-l8uXNxa?U{LJ#25FX+CO4;CRw;<9yHRN{@bM58pf zwvzi-3-bypU0e*O+6={|gaHrMJsisE(AUiyx={~lw4JxMXb9WiHKa#FX@|Df%cW0- zpjKD>#txxzdyO}LYJJSdX~S;`@}8~`lqkBa+qhoM%ws>0@#)|4HxEh@c@}qk_U2{@ zm^zJJcO(iu8o$R;DqA)!a*?z_RlR42=+a1SWPQ^KkWJ_Ti%(j6CVdlg>fmza(3@c~ z)le^%S~>l_rFR!xvAL+0-RffTm9)?purL^8r7*a$Cq`J?7?GAI!8@LzHe_SL3L`xJ zq~`}OMzbU%lCbxZzaY5GVH#6Cpqef42|v?LpP}Gv=u;$sw1-L6Q!0Gm6kn3);3x9R zGTzaI&|8}3Z-#yIiM9**fQ=VzzqfKz-~l+i1i$}jkQ!f++M~WKabd_ zryt%OzkBtBJ%7*My+36~ub;kq^@5$gK0aY5FHTR7-@Rg=j!$2+r>Cb+k6yoc&VG9T z=HuHJC;JcQ6-I(vU`s99X~{xK3#RiYF6+L?o>!%_#>}-|7vnpf3v?=7a;Q(@BYlZS zX|Au}5?~Veb1Tei2B~5Y26T&TL}T%yUr@hehH7v`;~))(^xt~U6#7X0>}=ru9IcUJ@SloyfP*1TW*mhMpUde~ zz*Irv8ByJkQRWxX`eHw&s5spIuiV_dU&&JnCs9HrMT!N*KjqorK~F&=*ko+)Wl-QP zdm-Jy9*5kGo{Z7U<#i1ZmU-&%RPeenf?a{1;7Xf|5qs8<*uz+tdjM{6XDGl+hL!0JR8=VN;BC3;ret428aZZ1xsh9t^G3OdhL-#aw^P zAo3yFHPP`Tc$zzqn<78DSElUm%aPe zi1V8shb4y94MD>4s$y40)*`K$1m(rNLj~xMaS$ZzC6(38ulp^H>!6mgy!P1uTMp-f zm&5Dp>ycc{&IVZS{XsBQ;HQ zUqqANzsfrA?hGoT%FZ1`pI0~MmtI=Ll8;nM(Y*z$1zT261A5E-2NjRpyUh}J!z-Z# zl#ujS5Ld?%={>)V!ka96^)7+rQ1&fh>sk0r$PGc(Zz&a|Eja_L67@bU^Bw7$W_+Q3 zusvz>OSGh2d?E6BYDNM>B({^5^NT*eUs^`>ClCpXy-+gy7V25daiB6WJ`esD8X8LO zB<~mKj8=Z8sf7ZSsiKCw+6jcp5PI%SYa-<>x;C`H1g3mJ{TKZ;K0i_&3h;RkLwfv# zYN&hG^fsB3X@LM@_*IsDj>YeH$0o~uQ;KPxz3V!4-=O_KqazZbKIPU$=_t%8C<&nw zOf!KuZgtGAH_dk-hvj{w}=4e3#G5r9_}veoC!T^xZ$c6qCC#4=NwHwrUZW#+I1`2 z_@?VF@qw10YhL+VOJMyRO+F?COY@80l+{Pqr9#>2wqFw>Qeh2#dWd(9eetaXC~if* z`ol+OgBAXjpP<#4Ed*CK7QqEf6c{+*K#_acE=A!c+BZHM{S`-ASy>9>I|_FpqHJ~| zuD2H~jO)wYk^`8;{(fE{PWkk0u{&niyfpL+k{)Zf5h4#I}+UhoHauVPUW%Nqb8#bnB`V zwq7wgt6TfO;3`)rbVasD3$O#yp0HeOWC!Bo5qnDJteXJ5orLJ>-r=CM@b0dPHwpqZ z^<1b?;_s7|%_@D)t62x;O<8@K-V;rm~8=keQi%Ic#H zGPcq)$cahi=^H&`@sD{{jC)qOXLLMCh4uVVh~6xzXuq>bWexe^m7algXscwaz$A{< zR1Z?bqQQhKSqu)@;3cnl<^J))7;W4?K5?Vm|KX)WHh3=1o0XHiGJP?h%MF_8MRm}wc$oqiQ9}raKt^TEux#6kPaLZ(eF7{IyFLk7B8Jb z0pj+hHrrZK_^J(_HImn~^#Oly$xSW6!9Xeyj~0~-9tQaJor#upWXHuK{6>T1UU1w zYFqP!ya%H=(oA8cfT%W%l=zlP)8ni_EQI?YJl)WJhj$RZ>fji}2RXUBaDE^grHv!PEHhemj#fZHT{F3le&MU4i{5{_mH~N>U&z|j(UxL9)XsCFQ3nJ#ZIBDHV zptpyNI~^~k;db*gC~?7SX;no#$Oi))Z$V9e1dhgdX)A(W8;B!77E!JzHOtZ++g?|u zT!?lW&aSM`0ij;Y1DN}-W=C30rCES`_GJYS>LC{iTd=eVqc%BXxIebi;dxO&)-tbH zqX?-tMCLNQ-n()8Hirc|gh;5K%7xHP0(ee;2&i#nBRYvduXN_yex>dy@Qk*A&p`Ls z_nfpX|K{1?hqD2+JsUh8pAEbNVx?XB19<~>pc*Qykzzlrrb8Eh-dqZgJ=O_`LL=2$#_Byfac*qn$}{yjX}*@*1&9 zzzp&<@qw5~td#lMB?t!<*Y|Q@n&G+n&?2qe-h8m$KihT|@ z#-b5%YUJXpBmvDe4kWY;o3q%S(F>d9KukS|FV{vcLJCetcUy3Ck$OsEd`y*0y7NXA zko{rZ;qFyku!n2Cv_2r2K#4*MrW@0uscN~b1S{sUDvh|WQ)$X=E7z=JxxD1In_d=M zZB~ZeH&QDiO*M<=3G!&OSjCd;8Jc|{wS)79))bv?P-?@9oXSJT@x#dR;fnFu01p7~ z=yt;#!YFn>-EO4;6A>Kmp4_P7bzLuyDk)UGQajL7_WJa6!myc}gkKle33I)$6JahP zRi~9xq4HC`D>59>p!b4$r;k!_3ln187r^Vivvt;103MImb7rO0?A3?Kk(>Mblo;+? zZ1!Pt#3G$`i==qIBv&p)ut_cKiE?K+2}Okmu)(K`q ziy%w7fDM7$geLbhe_+caT~(rRfAHV=X!%UM6}6Ft{i>CP6k8{$aTY)-!wb9lZF0~) z?4EI@)y+aT?&N|Ps#B*Nk1UNYo1%8AsL_`K@1r$lsjWM^qH!;rIHKMJ85bmB|LSul zKA`hQn7=)k*Y(mq`R1FMtmn=7sL+dugG`~Uq4CWRNHiZ3LW4|HK5{X&oeh)bypn~d z5qr+<{9JQWvhd{vK1z|d5AX=-43|D1lP8dWaE?j3tuIy(ZWQB*V-KlL76i{HjF+Vo zKD(=m*^g zb8azpI)O!WVkww`&&8#v^b$76Uu4Z5oJ^kog*Ynj6+i*OnIpwj(8}R3Mt2(_I{`aM z<+q?atc1FhMymx}s_Odgc8<`sylS_1r+wAB8PJ_EjFama+SXh!N~4S2?>+X6?4 z^P|$D9v~mmM>eQ|tp$ECA$ER=?0m2aEK7z)C#3Pr(`$WXFJKs zA$Kads3c;3_ZRnxTwUXRf|uOZFS)EVIy1cC^XWhReFJby`4*c3=ckQP0Fa|+vY@;y zROd?u9!1x&Ptf{%Ba4ezi3Y-`jak7ccbxxH7%OcpR3SV-v%gT@&EekJkWX>f`_Y&O zUv(g#z0&5#(V24AAe%Uy=4B{anNwob#EmE_E*IfGP%9FQ-}wL-it*A=8>|(&@RxTe z45%+90yWv%pk`=u{UimT!03UjEyJ!ruYokWGOwS8Bf&Chxc#V3+TAJDFTmj&B#-gq zxj^;}Rx;MA8-MFoe%&p=|Lb=Edu{;!)9(MJoaJ}{`3fY(7i25oB`;UtM^aulmpj{t zs}`L97KIz{CYCz&0d}BKuVX5fos9YEn`YiBFx3LV&u(>ZHR+5Me5@1MA*qc+OtF6J zwn|&=Or2gilvm+t*X!97)@}*>aAV5@YK_qFy`?`QLm!T)T9|RXn#Xn^OkN12&5h|T zGC!lun!p`Om2aZvFZ%qAw0-!{A9g1dd*Li(0$}-jqif+&Ujbpo5C8(`j--3|{+HbF zg{Xyb{QUwG*q*ST|N84d@r4*X8K9myIAjB9U%BNNJaO~??QcI*^6m<4ppW7#OnHZe zU01hrlLSbxX#cSdD}S?#ROv{E7+>?N;xHE&a{$MC z=gMgkR^|Oo`ErTPb!=WQPV+p&Cc4%KIol_f6{-hXL z=4?npjo~s-Q~`Q!v_bB51bfK8HCm$qU?zr*6NafJ>2&SzzQ_ z?4*^TMZuxuAqv7Dkow_gS2DCgjM^6tx7eGLaMtu(IZStGawy$qpZ=F_;P{FubALX0 z|IX)TLyrr-%uL>|e?1#CraBuuIUD%o8v5!GzB;7)T_gK=Xv9ovHR22YSu1{JA@ipe zwjO4$oDF{a`sagt-FeRhE4UHUCPX~RAprYga2q~sE!r1WK(|Xc-_=Bl_{JfW1|Q;; zFM`rZGhgR$NnL?-eI7l5lpcaVqLXm5PjLIx`TckcY1HH_q+t)bp2P&R%)gPYoK!R8 z_)jDW=bc;0`C`4eUTO>AZFF$G;Wxst@7Wv8OJ7Ufu%Yj}FJ$Lwa3aj5ECeR2B<~aE zy0=)j`r;id0#AjxwykPlgKN1QNj>Nhcdxar(?TD9P*50%YQmdQx{c=a2K=cLONbfR zz4Uw?U+x?FlGpRr(7)*$wdY=XkGc1vyyZnm;Ykn>+4&8dYPT)Do-%C!`XP3~e*M+W z?zi9m?bl!3@85nKtq>rq=Y355O>io!W|`=R0Y1RVbqG$oS>ioBthL%frg38hb;Uad zeAk&w==D;@@*6)e*nx1Ub)>YjxW`6~9Mwp= zNVpGN6?0*R6Qi$h`eNYlY9v?+isYN8kVH`_W3Y6lfR` zQ=m2cjKpnmi&d9jt@krjpK3bw7fe z5)j0PkjYW96F*j7E~KSYflvX?!(%1eB6}(1f~-2d--8Jk6_%9p2>UZCcwJXwbR|`( zuRM;&F51SXYXqiI2v1KtoqfVjh3c2d?AlFeIJcZ3VHZq@4YEn?##SC#A#fCC^W#c| zGg;@n1bNroIQDn~nZtf|AnIamUg#NoNY3`4EbpY`900(wqOrAJcvJ`~NCOxC&IRLT z*~(9A(p{aPP^e=In-0Ngvo6NO8{#SevBp#iJefp2In6WLj@)dVNodiT>3y{d% zt30#>R2aWkW4L&1@n|y_;!*h5!=M{P>9>M!esrh$AO6rjcw!PsOS_0& z#= 1.21.0-0' + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 1.7.1 +apiVersion: v1 +appVersion: v1.7.1 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +- nfs +kubeVersion: '>=1.21.0-0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-share-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +- https://github.com/longhorn/backing-image-manager +version: 102.5.0+up1.7.1 diff --git a/charts/longhorn/102.5.0+up1.7.1/README.md b/charts/longhorn/102.5.0+up1.7.1/README.md new file mode 100644 index 0000000000..adb190be3b --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/README.md @@ -0,0 +1,50 @@ +# Longhorn Chart + +> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +> **Note**: Use Helm 3 when installing and upgrading Longhorn. Helm 2 is [no longer supported](https://helm.sh/blog/helm-2-becomes-unsupported/). + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager +4. Backing Image Manager -- Backing image file lifecycle management. https://github.com/longhorn/backing-image-manager +5. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +6. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.) +2. Kubernetes >= v1.21 +3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `enablePSP` set to `false` if it has been previously set to `true`. + +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, you may have to clean up your Helm release secrets. +Upon setting `enablePSP` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. + +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Longhorn docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. + +## Uninstallation + +To prevent Longhorn from being accidentally uninstalled (which leads to data lost), we introduce a new setting, deleting-confirmation-flag. If this flag is **false**, the Longhorn uninstallation job will fail. Set this flag to **true** to allow Longhorn uninstallation. You can set this flag using setting page in Longhorn UI or `kubectl -n longhorn-system patch -p '{"value": "true"}' --type=merge lhs deleting-confirmation-flag` + +To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab. + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/charts/longhorn/102.5.0+up1.7.1/app-readme.md b/charts/longhorn/102.5.0+up1.7.1/app-readme.md new file mode 100644 index 0000000000..321e5193c4 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/app-readme.md @@ -0,0 +1,27 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) + + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `enablePSP` set to `false` if it has been previously set to `true`. + +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. + +Upon setting `enablePSP` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. + +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. \ No newline at end of file diff --git a/charts/longhorn/102.5.0+up1.7.1/questions.yaml b/charts/longhorn/102.5.0+up1.7.1/questions.yaml new file mode 100644 index 0000000000..bc31510d88 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/questions.yaml @@ -0,0 +1,986 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: rancher/mirrored-longhornio-longhorn-manager + description: "Repository for the Longhorn Manager image." + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.7.1 + description: "Tag for the Longhorn Manager image." + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: rancher/mirrored-longhornio-longhorn-engine + description: "Repository for the Longhorn Engine image." + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.7.1 + description: "Tag for the Longhorn Engine image." + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: rancher/mirrored-longhornio-longhorn-ui + description: "Repository for the Longhorn UI image." + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.7.1 + description: "Tag for the Longhorn UI image." + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: rancher/mirrored-longhornio-longhorn-instance-manager + description: "Repository for the Longhorn Instance Manager image." + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1.7.1 + description: "Tag for the Longhorn Instance Manager image." + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.repository + default: rancher/mirrored-longhornio-longhorn-share-manager + description: "Repository for the Longhorn Share Manager image." + type: string + label: Longhorn Share Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.tag + default: v1.7.1 + description: "Tag for the Longhorn Share Manager image." + type: string + label: Longhorn Share Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.backingImageManager.repository + default: rancher/mirrored-longhornio-backing-image-manager + description: "Repository for the Backing Image Manager image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn Backing Image Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.backingImageManager.tag + default: v1.7.1 + description: "Tag for the Backing Image Manager image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn Backing Image Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.supportBundleKit.repository + default: rancher/mirrored-longhornio-support-bundle-kit + description: "Repository for the Longhorn Support Bundle Manager image." + type: string + label: Longhorn Support Bundle Kit Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.supportBundleKit.tag + default: v0.0.42 + description: "Tag for the Longhorn Support Bundle Manager image." + type: string + label: Longhorn Support Bundle Kit Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: rancher/mirrored-longhornio-csi-attacher + description: "Repository for the CSI attacher image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v4.6.1 + description: "Tag for the CSI attacher image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: rancher/mirrored-longhornio-csi-provisioner + description: "Repository for the CSI Provisioner image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v4.0.1 + description: "Tag for the CSI Provisioner image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: rancher/mirrored-longhornio-csi-node-driver-registrar + description: "Repository for the CSI Node Driver Registrar image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v2.12.0 + description: "Tag for the CSI Node Driver Registrar image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: rancher/mirrored-longhornio-csi-resizer + description: "Repository for the CSI Resizer image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v1.11.1 + description: "Tag for the CSI Resizer image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.repository + default: rancher/mirrored-longhornio-csi-snapshotter + description: "Repository for the CSI Snapshotter image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Driver Snapshotter Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.tag + default: v7.0.2 + description: "Tag for the CSI Snapshotter image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Driver Snapshotter Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.livenessProbe.repository + default: rancher/mirrored-longhornio-livenessprobe + description: "Repository for the CSI liveness probe image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Liveness Probe Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.livenessProbe.tag + default: v2.14.0 + description: "Tag for the CSI liveness probe image. When unspecified, Longhorn uses the default value." + type: string + label: Longhorn CSI Liveness Probe Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.openshift.oauthProxy.repository + default: rancher/mirrored-longhornio-openshift-origin-oauth-proxy + description: "Repository for the OAuth Proxy image. This setting applies only to OpenShift users" + type: string + label: OpenShift OAuth Proxy Image Repository + group: "OpenShift Images" + - variable: image.openshift.oauthProxy.tag + default: 4.15 + description: "Tag for the OAuth Proxy image. This setting applies only to OpenShift users. Specify OCP/OKD version 4.1 or later." + type: string + label: OpenShift OAuth Proxy Image Tag + group: "OpenShift Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of a private registry. When unspecified, Longhorn uses the default system registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registrySecret + label: Private registry secret name + description: "Kubernetes secret that allows you to pull images from a private registry. This setting applies only when creation of private registry secrets is enabled. You must include the private registry name in the secret name." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.createSecret + default: "true" + description: "Setting that allows you to create a private registry secret." + type: boolean + group: "Private Registry Settings" + label: Create Secret for Private Registry Settings + show_subquestion_if: true + subquestions: + - variable: privateRegistry.registryUser + label: Private registry user + description: "User account used for authenticating with a private registry." + type: string + default: "" + - variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password for authenticating with a private registry." + type: password + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: csi.kubeletRootDir + default: + description: "kubelet root directory. When unspecified, Longhorn uses the default value." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Replica count of the CSI Attacher. When unspecified, Longhorn uses the default value (\"3\")." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Replica count of the CSI Provisioner. When unspecified, Longhorn uses the default value (\"3\")." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.resizerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Replica count of the CSI Resizer. When unspecified, Longhorn uses the default value (\"3\")." + label: Longhorn CSI Resizer replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.snapshotterReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Replica count of the CSI Snapshotter. When unspecified, Longhorn uses the default value (\"3\")." + label: Longhorn CSI Snapshotter replica count + group: "Longhorn CSI Driver Settings" + - variable: defaultSettings.backupTarget + label: Backup Target + description: "Endpoint used to access the backupstore. (Options: \"NFS\", \"CIFS\", \"AWS\", \"GCP\", \"AZURE\")" + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "Name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.allowRecurringJobWhileVolumeDetached + label: Allow Recurring Job While Volume Is Detached + description: 'Setting that allows Longhorn to automatically attach a volume and create snapshots or backups when recurring jobs are run.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.snapshotMaxCount + label: Snapshot Maximum Count + description: 'Maximum snapshot count for a volume. The value should be between 2 to 250.' + group: "Longhorn Default Settings" + type: int + min: 2 + max: 250 + default: 250 + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Setting that allows Longhorn to automatically create a default disk only on nodes with the label "node.longhorn.io/create-default-disk=true" (if no other disks exist). When this setting is disabled, Longhorn creates a default disk on each node that is added to the cluster.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path for storing data on a host. The default value is "/var/lib/longhorn/".' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.defaultDataLocality + label: Default Data Locality + description: 'Default data locality. A Longhorn volume has data locality if a local replica of the volume exists on the same node as the pod that is using the volume.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default, false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.replicaAutoBalance + label: Replica Auto Balance + description: 'Enable this setting automatically re-balances replicas when discovered an available node.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "least-effort" + - "best-effort" + default: "disabled" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "Percentage of storage that can be allocated relative to hard drive capacity. The default value is 100." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 100 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default, 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.storageReservedPercentageForDefaultDisk + label: Storage Reserved Percentage For Default Disk + description: "The reserved percentage specifies the percentage of disk space that will not be allocated to the default disk on each new Longhorn node." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 30 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker that periodically checks for new Longhorn versions. When a new version is available, a notification appears on the Longhorn UI. This setting is enabled by default.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "Default number of replicas for volumes created using the Longhorn UI. For Kubernetes configuration, modify the `numberOfReplicas` field in the StorageClass. The default value is \"3\"." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "Default Longhorn StorageClass. \"storageClassName\" is assigned to PVs and PVCs that are created for an existing Longhorn volume. \"storageClassName\" can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. The default value is \"longhorn-static\"." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "Number of seconds that Longhorn waits before checking the backupstore for new backups. The default value is \"300\". When the value is \"0\", polling is disabled." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.failedBackupTTL + label: Failed Backup Time to Live + description: "Number of minutes that Longhorn keeps a failed backup resource. When the value is \"0\", automatic deletion is disabled." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1440 + - variable: defaultSettings.restoreVolumeRecurringJobs + label: Restore Volume Recurring Jobs + description: "Restore recurring jobs from the backup volume on the backup target and create recurring jobs if not exist during a backup restoration." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.recurringSuccessfulJobsHistoryLimit + label: Cronjob Successful Jobs History Limit + description: "This setting specifies how many successful backup or snapshot job histories should be retained. History will not be retained if the value is 0." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1 + - variable: defaultSettings.recurringFailedJobsHistoryLimit + label: Cronjob Failed Jobs History Limit + description: 'Maximum number of failed recurring backup and snapshot jobs to be retained. When the value is "0", a history of failed recurring jobs is not retained.' + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1 + - variable: defaultSettings.recurringJobMaxRetention + label: Maximum Retention Number for Recurring Job + description: "Maximum number of snapshots or backups to be retained." + group: "Longhorn Default Settings" + type: int + default: 100 + - variable: defaultSettings.supportBundleFailedHistoryLimit + label: SupportBundle Failed History Limit + description: "This setting specifies how many failed support bundles can exist in the cluster. Set this value to **0** to have Longhorn automatically purge all failed support bundles." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1 + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "Setting that allows Longhorn to automatically salvage volumes when all replicas become faulty (for example, when the network connection is interrupted). Longhorn determines which replicas are usable and then uses these replicas for the volume. This setting is enabled by default." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly + label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly + description: 'Setting that allows Longhorn to automatically delete a workload pod that is managed by a controller (for example, daemonset) whenever a Longhorn volume is detached unexpectedly (for example, during Kubernetes upgrades). After deletion, the controller restarts the pod and then Kubernetes handles volume reattachment and remounting.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Setting that prevents Longhorn Manager from scheduling replicas on a cordoned Kubernetes node. This setting is enabled by default." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. Notice that Longhorn relies on label `topology.kubernetes.io/zone=` in the Kubernetes node object to identify the zone. By, default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaDiskSoftAntiAffinity + label: Replica Disk Level Soft Anti-Affinity + description: 'Allow scheduling on disks with existing healthy replicas of the same volume. By default, true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.allowEmptyNodeSelectorVolume + label: Allow Empty Node Selector Volume + description: "Setting that allows scheduling of empty node selector volumes to any node." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.allowEmptyDiskSelectorVolume + label: Allow Empty Disk Selector Volume + description: "Setting that allows scheduling of empty disk selector volumes to any disk." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.nodeDownPodDeletionPolicy + label: Pod Deletion Policy When Node is Down + description: "Policy that defines the action Longhorn takes when a volume is stuck with a StatefulSet or Deployment pod on a node that failed." + group: "Longhorn Default Settings" + type: enum + options: + - "do-nothing" + - "delete-statefulset-pod" + - "delete-deployment-pod" + - "delete-both-statefulset-and-deployment-pod" + default: "do-nothing" + - variable: defaultSettings.nodeDrainPolicy + label: Node Drain Policy + description: "Policy that defines the action Longhorn takes when a node with the last healthy replica of a volume is drained." + group: "Longhorn Default Settings" + type: enum + options: + - "block-for-eviction" + - "block-for-eviction-if-contains-last-replica" + - "block-if-contains-last-replica" + - "allow-if-replica-is-stopped" + - "always-allow" + default: "block-if-contains-last-replica" + - variable: defaultSettings.detachManuallyAttachedVolumesWhenCordoned + label: Detach Manually Attached Volumes When Cordoned + description: "Setting that allows automatic detaching of manually-attached volumes when a node is cordoned." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.priorityClass + label: Priority Class + description: "PriorityClass for system-managed Longhorn components. This setting can help prevent Longhorn components from being evicted under Node Pressure. Longhorn system contains user deployed components (E.g, Longhorn manager, Longhorn driver, Longhorn UI) and system managed components (E.g, instance manager, engine image, CSI driver, etc.) Note that this will be applied to Longhorn user-deployed components by default if there are no priority class values set yet, such as `longhornManager.priorityClass`. WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: string + default: "longhorn-critical" + - variable: defaultSettings.replicaReplenishmentWaitInterval + label: Replica Replenishment Wait Interval + description: "The interval in seconds determines how long Longhorn will at least wait to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 600 + - variable: defaultSettings.concurrentReplicaRebuildPerNodeLimit + label: Concurrent Replica Rebuild Per Node Limit + description: "Maximum number of replicas that can be concurrently rebuilt on each node. + WARNING: + - The old setting \"Disable Replica Rebuild\" is replaced by this setting. + - Different from relying on replica starting delay to limit the concurrent rebuilding, if the rebuilding is disabled, replica object replenishment will be directly skipped. + - When the value is 0, the eviction and data locality feature won't work. But this shouldn't have any impact to any current replica rebuild and backup restore." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 5 + - variable: defaultSettings.concurrentVolumeBackupRestorePerNodeLimit + label: Concurrent Volume Backup Restore Per Node Limit + description: "Maximum number of volumes that can be concurrently restored on each node using a backup. When the value is \"0\", restoration of volumes using a backup is disabled." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 5 + - variable: defaultSettings.disableRevisionCounter + label: Disable Revision Counter + description: "Setting that disables the revision counter and thereby prevents Longhorn from tracking all write operations to a volume. When salvaging a volume, Longhorn uses properties of the \"volume-head-xxx.img\" file (the last file size and the last time the file was modified) to select the replica to be used for volume recovery. This setting applies only to volumes created using the Longhorn UI." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.systemManagedPodsImagePullPolicy + label: System Managed Pod Image Pull Policy + description: "Image pull policy for system-managed pods, such as Instance Manager, engine images, and CSI Driver. Changes to the image pull policy are applied only after the system-managed pods restart." + group: "Longhorn Default Settings" + type: enum + options: + - "if-not-present" + - "always" + - "never" + default: "if-not-present" + - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability + label: Allow Volume Creation with Degraded Availability + description: "Setting that allows you to create and attach a volume without having all replicas scheduled at the time of creation." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot + label: Automatically Cleanup System Generated Snapshot + description: "Setting that allows Longhorn to automatically clean up the system-generated snapshot after replica rebuilding is completed." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoCleanupRecurringJobBackupSnapshot + label: Automatically Cleanup Recurring Job Backup Snapshot + description: "Setting that allows Longhorn to automatically clean up the snapshot generated by a recurring backup job." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit + label: Concurrent Automatic Engine Upgrade Per Node Limit + description: "Maximum number of engines that are allowed to concurrently upgrade on each node after Longhorn Manager is upgraded. When the value is \"0\", Longhorn does not automatically upgrade volume engines to the new default engine image version." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 0 + - variable: defaultSettings.backingImageCleanupWaitInterval + label: Backing Image Cleanup Wait Interval + description: "Number of minutes that Longhorn waits before cleaning up the backing image file when no replicas in the disk are using it." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 60 + - variable: defaultSettings.backingImageRecoveryWaitInterval + label: Backing Image Recovery Wait Interval + description: "Number of seconds that Longhorn waits before downloading a backing image file again when the status of all image disk files changes to \"failed\" or \"unknown\"." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.guaranteedInstanceManagerCPU + label: Guaranteed Instance Manager CPU + description: "Percentage of the total allocatable CPU resources on each node to be reserved for each instance manager pod when the V1 Data Engine is enabled. The default value is \"12\". + WARNING: + - Value 0 means removing the CPU requests from spec of instance manager pods. + - Considering the possible number of new instance manager pods in a further system upgrade, this integer value ranges from 0 to 40. + - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then. + - This global setting will be ignored for a node if the field \"InstanceManagerCPURequest\" on the node is set. + - After this setting is changed, all instance manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 40 + default: 12 + - variable: defaultSettings.logLevel + label: Log Level + description: 'Log levels that indicate the type and severity of logs in Longhorn Manager. The default value is "Info". (Options: "Panic", "Fatal", "Error", "Warn", "Info", "Debug", "Trace")' + group: "Longhorn Default Settings" + type: string + default: "Info" + - variable: defaultSettings.disableSnapshotPurge + label: Disable Snapshot Purge + description: "Setting that temporarily prevents all attempts to purge volume snapshots." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.freezeFilesystemForSnapshot + description: "Setting that freezes the filesystem on the root partition before a snapshot is created." + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.kubernetesClusterAutoscalerEnabled + label: Kubernetes Cluster Autoscaler Enabled (Experimental) + description: "Setting that notifies Longhorn that the cluster is using the Kubernetes Cluster Autoscaler. + WARNING: + - Replica rebuilding could be expensive because nodes with reusable replicas could get removed by the Kubernetes Cluster Autoscaler." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.orphanAutoDeletion + label: Orphaned Data Cleanup + description: "Setting that allows Longhorn to automatically delete an orphaned resource and the corresponding data (for example, stale replicas). Orphaned resources on failed or unknown nodes are not automatically cleaned up." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.storageNetwork + label: Storage Network + description: "Longhorn uses the storage network for in-cluster data traffic. Leave this blank to use the Kubernetes cluster network. + WARNING: + - This setting should change after detaching all Longhorn volumes, as some of the Longhorn system component pods will get recreated to apply the setting. Longhorn will try to block this setting update when there are attached volumes." + group: "Longhorn Default Settings" + type: string + default: +- variable: defaultSettings.deletingConfirmationFlag + label: Deleting Confirmation Flag + description: "Flag that prevents accidental uninstallation of Longhorn." + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.engineReplicaTimeout + label: Timeout between Engine and Replica + description: "Timeout between the Longhorn Engine and replicas. Specify a value between \"8\" and \"30\" seconds. The default value is \"8\"." + group: "Longhorn Default Settings" + type: int + default: "8" +- variable: defaultSettings.snapshotDataIntegrity + label: Snapshot Data Integrity + description: "This setting allows users to enable or disable snapshot hashing and data integrity checking." + group: "Longhorn Default Settings" + type: string + default: "disabled" +- variable: defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation + label: Immediate Snapshot Data Integrity Check After Creating a Snapshot + description: "Hashing snapshot disk files impacts the performance of the system. The immediate snapshot hashing and checking can be disabled to minimize the impact after creating a snapshot." + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.snapshotDataIntegrityCronjob + label: Snapshot Data Integrity Check CronJob + description: "Unix-cron string format. The setting specifies when Longhorn checks the data integrity of snapshot disk files." + group: "Longhorn Default Settings" + type: string + default: "0 0 */7 * *" +- variable: defaultSettings.removeSnapshotsDuringFilesystemTrim + label: Remove Snapshots During Filesystem Trim + description: "This setting allows Longhorn filesystem trim feature to automatically mark the latest snapshot and its ancestors as removed and stops at the snapshot containing multiple children." + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.fastReplicaRebuildEnabled + label: Fast Replica Rebuild Enabled + description: "Setting that allows fast rebuilding of replicas using the checksum of snapshot disk files. Before enabling this setting, you must set the snapshot-data-integrity value to \"enable\" or \"fast-check\"." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.replicaFileSyncHttpClientTimeout + label: Timeout of HTTP Client to Replica File Sync Server + description: "In seconds. The setting specifies the HTTP client timeout to the file sync server." + group: "Longhorn Default Settings" + type: int + default: "30" +- variable: defaultSettings.longGRPCTimeOut + label: Long gRPC Timeout + description: "Number of seconds that Longhorn allows for the completion of replica rebuilding and snapshot cloning operations." + group: "Longhorn Default Settings" + type: int + default: "86400" +- variable: defaultSettings.backupCompressionMethod + label: Backup Compression Method + description: "Setting that allows you to specify a backup compression method." + group: "Longhorn Default Settings" + type: string + default: "lz4" +- variable: defaultSettings.backupConcurrentLimit + label: Backup Concurrent Limit Per Backup + description: "Maximum number of worker threads that can concurrently run for each backup." + group: "Longhorn Default Settings" + type: int + min: 1 + default: 2 +- variable: defaultSettings.restoreConcurrentLimit + label: Restore Concurrent Limit Per Backup + description: "This setting controls how many worker threads per restore concurrently." + group: "Longhorn Default Settings" + type: int + min: 1 + default: 2 +- variable: defaultSettings.allowCollectingLonghornUsageMetrics + label: Allow Collecting Longhorn Usage Metrics + description: "Setting that allows Longhorn to periodically collect anonymous usage data for product improvement purposes. Longhorn sends collected data to the [Upgrade Responder](https://github.com/longhorn/upgrade-responder) server, which is the data source of the Longhorn Public Metrics Dashboard (https://metrics.longhorn.io). The Upgrade Responder server does not store data that can be used to identify clients, including IP addresses." + group: "Longhorn Default Settings" + type: boolean + default: true +- variable: defaultSettings.v1DataEngine + label: V1 Data Engine + description: "Setting that allows you to enable the V1 Data Engine." + group: "Longhorn V1 Data Engine Settings" + type: boolean + default: true +- variable: defaultSettings.v2DataEngine + label: V2 Data Engine + description: "Setting that allows you to enable the V2 Data Engine, which is based on the Storage Performance Development Kit (SPDK). The V2 Data Engine is a preview feature and should not be used in production environments. + WARNING: + - DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES. Longhorn will block this setting update when there are attached volumes. + - When the V2 Data Engine is enabled, each instance-manager pod utilizes 1 CPU core. This high CPU usage is attributed to the spdk_tgt process running within each instance-manager pod. The spdk_tgt process is responsible for handling input/output (IO) operations and requires intensive polling. As a result, it consumes 100% of a dedicated CPU core to efficiently manage and process the IO requests, ensuring optimal performance and responsiveness for storage operations." + group: "Longhorn V2 Data Engine (Preview Feature) Settings" + type: boolean + default: false +- variable: defaultSettings.v2DataEngineHugepageLimit + label: V2 Data Engine + description: "This allows users to configure maximum huge page size (in MiB) for the V2 Data Engine." + group: "Longhorn V2 Data Engine (Preview Feature) Settings" + type: int + default: "2048" +- variable: defaultSettings.v2DataEngineLogLevel + label: V2 Data Engine + description: "Setting that allows you to configure the log level of the SPDK target daemon (spdk_tgt) of the V2 Data Engine." + group: "Longhorn V2 Data Engine (Preview Feature) Settings" + type: enum + options: + - "Disabled" + - "Error" + - "Warn" + - "Notice" + - "Info" + - "Debug" + default: "Notice" +- variable: defaultSettings.v2DataEngineLogFlags + label: V2 Data Engine + description: "Setting that allows you to configure the log flags of the SPDK target daemon (spdk_tgt) of the V2 Data Engine." + group: "Longhorn V2 Data Engine (Preview Feature) Settings" + type: string + default: +- variable: defaultSettings.autoCleanupSnapshotWhenDeleteBackup + label: Auto Cleanup Snapshot When Delete Backup + description: "Setting that automatically cleans up the snapshot when the backup is deleted." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.rwxVolumeFastFailover + label: RWX Volume Fast Failover (Experimental) + description: "Turn on logic to detect and move RWX volumes quickly on node failure." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: persistence.defaultClass + default: "true" + description: "Setting that allows you to specify the default Longhorn StorageClass." + label: Default Storage Class + group: "Longhorn Storage Class Settings" + required: true + type: boolean +- variable: persistence.reclaimPolicy + label: Storage Class Retain Policy + description: "Reclaim policy that provides instructions for handling of a volume after its claim is released. (Options: \"Retain\", \"Delete\")" + group: "Longhorn Storage Class Settings" + required: true + type: enum + options: + - "Delete" + - "Retain" + default: "Delete" +- variable: persistence.disableRevisionCounter + label: Default Storage Class Disable Revision Counter + description: "Setting that disables the revision counter and thereby prevents Longhorn from tracking all write operations to a volume. When salvaging a volume, Longhorn uses properties of the volume-head-xxx.img file (the last file size and the last time the file was modified) to select the replica to be used for volume recovery. (Options: \"true\", \"false\")" + group: "Longhorn Storage Class Settings" + required: true + type: enum + options: + - "true" + - "false" + default: "true" +- variable: persistence.defaultClassReplicaCount + description: "Replica count of the default Longhorn StorageClass." + label: Default Storage Class Replica Count + group: "Longhorn Storage Class Settings" + type: int + min: 1 + max: 10 + default: 3 +- variable: persistence.defaultDataLocality + description: "Data locality of the default Longhorn StorageClass. (Options: \"disabled\", \"best-effort\")" + label: Default Storage Class Data Locality + group: "Longhorn Storage Class Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" +- variable: persistence.recurringJobSelector.enable + description: "Setting that allows you to enable the recurring job selector for a Longhorn StorageClass." + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Recurring Job Selector + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.recurringJobSelector.jobList + description: 'Recurring job selector for a Longhorn StorageClass. Ensure that quotes are used correctly when specifying job parameters. (Example: `[{"name":"backup", "isGroup":true}]`)' + label: Storage Class Recurring Job Selector List + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: persistence.defaultDiskSelector.enable + description: "Setting that allows you to enable the disk selector for the default Longhorn StorageClass." + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Disk Selector + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.defaultDiskSelector.selector + label: Storage Class Disk Selector + description: 'Disk selector for the default Longhorn StorageClass. Longhorn uses only disks with the specified tags for storing volume data. (Examples: "nvme,sata")' + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: persistence.defaultNodeSelector.enable + description: "Setting that allows you to enable the node selector for the default Longhorn StorageClass." + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Node Selector + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.defaultNodeSelector.selector + label: Storage Class Node Selector + description: 'Node selector for the default Longhorn StorageClass. Longhorn uses only nodes with the specified tags for storing volume data. (Examples: "storage,fast")' + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: persistence.backingImage.enable + description: "Setting that allows you to use a backing image in a Longhorn StorageClass." + group: "Longhorn Storage Class Settings" + label: Default Storage Class Backing Image + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.backingImage.name + description: 'Backing image to be used for creating and restoring volumes in a Longhorn StorageClass. When no backing images are available, specify the data source type and parameters that Longhorn can use to create a backing image.' + label: Storage Class Backing Image Name + group: "Longhorn Storage Class Settings" + type: string + default: + - variable: persistence.backingImage.expectedChecksum + description: 'Expected SHA-512 checksum of a backing image used in a Longhorn StorageClass. + WARNING: + - If the backing image name is not specified, setting this field is meaningless. + - It is not recommended to set this field if the data source type is \"export-from-volume\".' + label: Storage Class Backing Image Expected SHA512 Checksum + group: "Longhorn Storage Class Settings" + type: string + default: + - variable: persistence.backingImage.dataSourceType + description: 'Data source type of a backing image used in a Longhorn StorageClass. If the backing image exists in the cluster, Longhorn uses this setting to verify the image. If the backing image does not exist, Longhorn creates one using the specified data source type. + WARNING: + - If the backing image name is not specified, setting this field is meaningless. + - As for backing image creation with data source type \"upload\", it is recommended to do it via UI rather than StorageClass here. Uploading requires file data sending to the Longhorn backend after the object creation, which is complicated if you want to handle it manually.' + label: Storage Class Backing Image Data Source Type + group: "Longhorn Storage Class Settings" + type: enum + options: + - "" + - "download" + - "upload" + - "export-from-volume" + default: "" + - variable: persistence.backingImage.dataSourceParameters + description: "Data source parameters of a backing image used in a Longhorn StorageClass. You can specify a JSON string of a map. (Example: `'{\"url\":\"https://backing-image-example.s3-region.amazonaws.com/test-backing-image\"}'`) + WARNING: + - If the backing image name is not specified, setting this field is meaningless. + - Be careful of the quotes here." + label: Storage Class Backing Image Data Source Parameters + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: persistence.removeSnapshotsDuringFilesystemTrim + description: "Setting that allows you to enable automatic snapshot removal during filesystem trim for a Longhorn StorageClass. (Options: \"ignored\", \"enabled\", \"disabled\")" + label: Default Storage Class Remove Snapshots During Filesystem Trim + group: "Longhorn Storage Class Settings" + type: enum + options: + - "ignored" + - "enabled" + - "disabled" + default: "ignored" +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "Hostname of the Layer 7 load balancer." + type: hostname + required: true + label: Layer 7 Load Balancer Hostname + - variable: ingress.path + default: "/" + description: "Default ingress path. You can access the Longhorn UI by following the full ingress path {{host}}+{{path}}." + type: string + required: true + label: Ingress Path + - variable: ingress.pathType + default: "ImplementationSpecific" + description: "Path type for the ingress. (Options: \"ImplementationSpecific\", \"Exact\", \"Prefix\")" + type: enum + options: + - "ImplementationSpecific" + - "Exact" + - "Prefix" + required: true + label: Ingress Path Type +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Service type for Longhorn UI. (Options: \"ClusterIP\", \"NodePort\", \"LoadBalancer\", \"Rancher-Proxy\")" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number for Longhorn UI. When unspecified, Longhorn selects a free port between 30000 and 32767." + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "false" + description: "Setting that allows you to enable pod security policies (PSPs) that allow privileged Longhorn pods to start. This setting applies only to clusters running Kubernetes 1.25 and earlier, and with the built-in Pod Security admission controller enabled." + label: Pod Security Policy + type: boolean + group: "Other Settings" +- variable: global.cattle.windowsCluster.enabled + default: "false" + description: "Setting that allows Longhorn to run on a Rancher Windows cluster." + label: Rancher Windows Cluster + type: boolean + group: "Other Settings" +- variable: networkPolicies.enabled + description: "Setting that allows you to enable network policies that control access to Longhorn pods. + Warning: The Rancher Proxy will not work if this feature is enabled and a custom NetworkPolicy must be added." + group: "Other Settings" + label: Network Policies + default: "false" + type: boolean + subquestions: + - variable: networkPolicies.type + label: Network Policies for Ingress + description: "Distribution that determines the policy for allowing access for an ingress. (Options: \"k3s\", \"rke2\", \"rke1\")" + show_if: "networkPolicies.enabled=true&&ingress.enabled=true" + type: enum + default: "rke2" + options: + - "rke1" + - "rke2" + - "k3s" + - variable: defaultSettings.v2DataEngineGuaranteedInstanceManagerCPU + label: Guaranteed Instance Manager CPU for V2 Data Engine + description: 'Number of millicpus on each node to be reserved for each Instance Manager pod when the V2 Data Engine is enabled. The default value is "1250". + WARNING: + - Specifying a value of 0 disables CPU requests for instance manager pods. You must specify an integer between 1000 and 8000. + - This is a global setting. Modifying the value triggers an automatic restart of the instance manager pods. Do not modify the value while volumes are still attached." + group: "Longhorn Default Settings' + type: int + min: 1000 + max: 8000 + default: 1250 diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/NOTES.txt b/charts/longhorn/102.5.0+up1.7.1/templates/NOTES.txt new file mode 100644 index 0000000000..cca7cd77b9 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/_helpers.tpl b/charts/longhorn/102.5.0+up1.7.1/templates/_helpers.tpl new file mode 100644 index 0000000000..3fbc2ac02f --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "registry_url" -}} +{{- if .Values.privateRegistry.registryUrl -}} +{{- printf "%s/" .Values.privateRegistry.registryUrl -}} +{{- else -}} +{{ include "system_default_registry" . }} +{{- end -}} +{{- end -}} + +{{- /* + define the longhorn release namespace +*/ -}} +{{- define "release_namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/clusterrole.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/clusterrole.yaml new file mode 100644 index 0000000000..c065f1726c --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/clusterrole.yaml @@ -0,0 +1,77 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps", "serviceaccounts"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets", "podsecuritypolicies"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", "settings/status", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + {{- if .Values.openshift.enabled }} + "engineimages/finalizers", "nodes/finalizers", "instancemanagers/finalizers", + {{- end }} + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status", + "volumeattachments", "volumeattachments/status", "backupbackingimages", "backupbackingimages/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] +- apiGroups: ["apiregistration.k8s.io"] + resources: ["apiservices"] + verbs: ["list", "watch"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "patch", "delete"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles", "rolebindings", "clusterrolebindings", "clusterroles"] + verbs: ["*"] +{{- if .Values.openshift.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-ocp-privileged-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["anyuid", "privileged"] + verbs: ["use"] +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/clusterrolebinding.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..2e34f014ce --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/clusterrolebinding.yaml @@ -0,0 +1,49 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-support-bundle + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: longhorn-support-bundle + namespace: {{ include "release_namespace" . }} +{{- if .Values.openshift.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-ocp-privileged-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-ocp-privileged-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: longhorn-ui-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: default # supportbundle-agent-support-bundle uses default sa + namespace: {{ include "release_namespace" . }} +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/daemonset-sa.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/daemonset-sa.yaml new file mode 100644 index 0000000000..41800d9503 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/daemonset-sa.yaml @@ -0,0 +1,175 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ include "release_namespace" . }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + privileged: true + command: + - longhorn-manager + - -d + {{- if eq .Values.longhornManager.log.format "json" }} + - -j + {{- end }} + - daemon + - --engine-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --share-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}" + - --backing-image-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.backingImageManager.repository }}:{{ .Values.image.longhorn.backingImageManager.tag }}" + - --support-bundle-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.supportBundleKit.repository }}:{{ .Values.image.longhorn.supportBundleKit.tag }}" + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + {{- if .Values.preUpgradeChecker.upgradeVersionCheck}} + - --upgrade-version-check + {{- end }} + ports: + - containerPort: 9500 + name: manager + - containerPort: 9501 + name: conversion-wh + - containerPort: 9502 + name: admission-wh + - containerPort: 9503 + name: recov-backend + readinessProbe: + httpGet: + path: /v1/healthz + port: 9501 + scheme: HTTPS + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-grpc-tls + mountPath: /tls-files/ + {{- if .Values.enableGoCoverDir }} + - name: go-cover-dir + mountPath: /go-cover-dir/ + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.enableGoCoverDir }} + - name: GOCOVERDIR + value: /go-cover-dir/ + {{- end }} + - name: pre-pull-share-manager-image + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }} + command: ["sh", "-c", "echo share-manager image pulled && sleep infinity"] + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + {{- if .Values.enableGoCoverDir }} + - name: go-cover-dir + hostPath: + path: /go-cover-dir/ + type: DirectoryOrCreate + {{- end }} + - name: longhorn-grpc-tls + secret: + secretName: longhorn-grpc-tls + optional: true + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + {{- if or .Values.global.tolerations .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if or .Values.global.tolerations .Values.longhornManager.tolerations }} +{{ default .Values.global.tolerations .Values.longhornManager.tolerations | toYaml | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornManager.nodeSelector }} +{{ default .Values.global.nodeSelector .Values.longhornManager.nodeSelector | toYaml | indent 8 }} + {{- end }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ include "release_namespace" . }} + {{- if .Values.longhornManager.serviceAnnotations }} + annotations: +{{ toYaml .Values.longhornManager.serviceAnnotations | indent 4 }} + {{- end }} +spec: + type: {{ .Values.service.manager.type }} + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/default-setting.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/default-setting.yaml new file mode 100644 index 0000000000..315cdc6ec9 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/default-setting.yaml @@ -0,0 +1,244 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + {{- if not (kindIs "invalid" .Values.defaultSettings.backupTarget) }} + backup-target: {{ .Values.defaultSettings.backupTarget }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backupTargetCredentialSecret) }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.allowRecurringJobWhileVolumeDetached) }} + allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.createDefaultDiskLabeledNodes) }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.defaultDataPath) }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaSoftAntiAffinity) }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaAutoBalance) }} + replica-auto-balance: {{ .Values.defaultSettings.replicaAutoBalance }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.storageOverProvisioningPercentage) }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.storageMinimalAvailablePercentage) }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.storageReservedPercentageForDefaultDisk) }} + storage-reserved-percentage-for-default-disk: {{ .Values.defaultSettings.storageReservedPercentageForDefaultDisk }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.upgradeChecker) }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.defaultReplicaCount) }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.defaultDataLocality) }} + default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.defaultLonghornStaticStorageClass) }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backupstorePollInterval) }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.failedBackupTTL) }} + failed-backup-ttl: {{ .Values.defaultSettings.failedBackupTTL }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.restoreVolumeRecurringJobs) }} + restore-volume-recurring-jobs: {{ .Values.defaultSettings.restoreVolumeRecurringJobs }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.recurringSuccessfulJobsHistoryLimit) }} + recurring-successful-jobs-history-limit: {{ .Values.defaultSettings.recurringSuccessfulJobsHistoryLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.recurringJobMaxRetention) }} + recurring-job-max-retention: {{ .Values.defaultSettings.recurringJobMaxRetention }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.recurringFailedJobsHistoryLimit) }} + recurring-failed-jobs-history-limit: {{ .Values.defaultSettings.recurringFailedJobsHistoryLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.supportBundleFailedHistoryLimit) }} + support-bundle-failed-history-limit: {{ .Values.defaultSettings.supportBundleFailedHistoryLimit }} + {{- end }} + {{- if or (not (kindIs "invalid" .Values.defaultSettings.taintToleration)) (.Values.global.cattle.windowsCluster.enabled) }} + taint-toleration: {{ $windowsDefaultSettingTaintToleration := list }}{{ $defaultSettingTaintToleration := list -}} + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.defaultSetting.taintToleration -}} + {{- $windowsDefaultSettingTaintToleration = .Values.global.cattle.windowsCluster.defaultSetting.taintToleration -}} + {{- end -}} + {{- if not (kindIs "invalid" .Values.defaultSettings.taintToleration) -}} + {{- $defaultSettingTaintToleration = .Values.defaultSettings.taintToleration -}} + {{- end -}} + {{- $taintToleration := list $windowsDefaultSettingTaintToleration $defaultSettingTaintToleration }}{{ join ";" (compact $taintToleration) -}} + {{- end }} + {{- if or (not (kindIs "invalid" .Values.defaultSettings.systemManagedComponentsNodeSelector)) (.Values.global.cattle.windowsCluster.enabled) }} + system-managed-components-node-selector: {{ $windowsDefaultSettingNodeSelector := list }}{{ $defaultSettingNodeSelector := list -}} + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.defaultSetting.systemManagedComponentsNodeSelector -}} + {{ $windowsDefaultSettingNodeSelector = .Values.global.cattle.windowsCluster.defaultSetting.systemManagedComponentsNodeSelector -}} + {{- end -}} + {{- if not (kindIs "invalid" .Values.defaultSettings.systemManagedComponentsNodeSelector) -}} + {{- $defaultSettingNodeSelector = .Values.defaultSettings.systemManagedComponentsNodeSelector -}} + {{- end -}} + {{- $nodeSelector := list $windowsDefaultSettingNodeSelector $defaultSettingNodeSelector }}{{ join ";" (compact $nodeSelector) -}} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.priorityClass) }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.autoSalvage) }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly) }} + auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.disableSchedulingOnCordonedNode) }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaZoneSoftAntiAffinity) }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaDiskSoftAntiAffinity) }} + replica-disk-soft-anti-affinity: {{ .Values.defaultSettings.replicaDiskSoftAntiAffinity }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.nodeDownPodDeletionPolicy) }} + node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.nodeDrainPolicy) }} + node-drain-policy: {{ .Values.defaultSettings.nodeDrainPolicy }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.detachManuallyAttachedVolumesWhenCordoned) }} + detach-manually-attached-volumes-when-cordoned: {{ .Values.defaultSettings.detachManuallyAttachedVolumesWhenCordoned }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaReplenishmentWaitInterval) }} + replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.concurrentReplicaRebuildPerNodeLimit) }} + concurrent-replica-rebuild-per-node-limit: {{ .Values.defaultSettings.concurrentReplicaRebuildPerNodeLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.concurrentVolumeBackupRestorePerNodeLimit) }} + concurrent-volume-backup-restore-per-node-limit: {{ .Values.defaultSettings.concurrentVolumeBackupRestorePerNodeLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.disableRevisionCounter) }} + disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.systemManagedPodsImagePullPolicy) }} + system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability) }} + allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot) }} + auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.autoCleanupRecurringJobBackupSnapshot) }} + auto-cleanup-recurring-job-backup-snapshot: {{ .Values.defaultSettings.autoCleanupRecurringJobBackupSnapshot }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit) }} + concurrent-automatic-engine-upgrade-per-node-limit: {{ .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backingImageCleanupWaitInterval) }} + backing-image-cleanup-wait-interval: {{ .Values.defaultSettings.backingImageCleanupWaitInterval }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backingImageRecoveryWaitInterval) }} + backing-image-recovery-wait-interval: {{ .Values.defaultSettings.backingImageRecoveryWaitInterval }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.guaranteedInstanceManagerCPU) }} + guaranteed-instance-manager-cpu: {{ .Values.defaultSettings.guaranteedInstanceManagerCPU }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.kubernetesClusterAutoscalerEnabled) }} + kubernetes-cluster-autoscaler-enabled: {{ .Values.defaultSettings.kubernetesClusterAutoscalerEnabled }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.orphanAutoDeletion) }} + orphan-auto-deletion: {{ .Values.defaultSettings.orphanAutoDeletion }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.storageNetwork) }} + storage-network: {{ .Values.defaultSettings.storageNetwork }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.deletingConfirmationFlag) }} + deleting-confirmation-flag: {{ .Values.defaultSettings.deletingConfirmationFlag }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.engineReplicaTimeout) }} + engine-replica-timeout: {{ .Values.defaultSettings.engineReplicaTimeout }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrity) }} + snapshot-data-integrity: {{ .Values.defaultSettings.snapshotDataIntegrity }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation) }} + snapshot-data-integrity-immediate-check-after-snapshot-creation: {{ .Values.defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrityCronjob) }} + snapshot-data-integrity-cronjob: {{ .Values.defaultSettings.snapshotDataIntegrityCronjob }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.removeSnapshotsDuringFilesystemTrim) }} + remove-snapshots-during-filesystem-trim: {{ .Values.defaultSettings.removeSnapshotsDuringFilesystemTrim }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.fastReplicaRebuildEnabled) }} + fast-replica-rebuild-enabled: {{ .Values.defaultSettings.fastReplicaRebuildEnabled }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaFileSyncHttpClientTimeout) }} + replica-file-sync-http-client-timeout: {{ .Values.defaultSettings.replicaFileSyncHttpClientTimeout }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.longGRPCTimeOut) }} + long-grpc-timeout: {{ .Values.defaultSettings.longGRPCTimeOut }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.logLevel) }} + log-level: {{ .Values.defaultSettings.logLevel }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backupCompressionMethod) }} + backup-compression-method: {{ .Values.defaultSettings.backupCompressionMethod }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backupConcurrentLimit) }} + backup-concurrent-limit: {{ .Values.defaultSettings.backupConcurrentLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.restoreConcurrentLimit) }} + restore-concurrent-limit: {{ .Values.defaultSettings.restoreConcurrentLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.v1DataEngine) }} + v1-data-engine: {{ .Values.defaultSettings.v1DataEngine }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.v2DataEngine) }} + v2-data-engine: {{ .Values.defaultSettings.v2DataEngine }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.v2DataEngineHugepageLimit) }} + v2-data-engine-hugepage-limit: {{ .Values.defaultSettings.v2DataEngineHugepageLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.allowEmptyNodeSelectorVolume) }} + allow-empty-node-selector-volume: {{ .Values.defaultSettings.allowEmptyNodeSelectorVolume }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.allowEmptyDiskSelectorVolume) }} + allow-empty-disk-selector-volume: {{ .Values.defaultSettings.allowEmptyDiskSelectorVolume }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.allowCollectingLonghornUsageMetrics) }} + allow-collecting-longhorn-usage-metrics: {{ .Values.defaultSettings.allowCollectingLonghornUsageMetrics }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.disableSnapshotPurge) }} + disable-snapshot-purge: {{ .Values.defaultSettings.disableSnapshotPurge }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.v2DataEngineGuaranteedInstanceManagerCPU) }} + v2-data-engine-guaranteed-instance-manager-cpu: {{ .Values.defaultSettings.v2DataEngineGuaranteedInstanceManagerCPU }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.snapshotMaxCount) }} + snapshot-max-count: {{ .Values.defaultSettings.snapshotMaxCount }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.v2DataEngineLogLevel) }} + v2-data-engine-log-level: {{ .Values.defaultSettings.v2DataEngineLogLevel }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.v2DataEngineLogFlags) }} + v2-data-engine-log-flags: {{ .Values.defaultSettings.v2DataEngineLogFlags }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.freezeFilesystemForSnapshot) }} + freeze-filesystem-for-snapshot: {{ .Values.defaultSettings.freezeFilesystemForSnapshot }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.autoCleanupSnapshotWhenDeleteBackup) }} + auto-cleanup-when-delete-backup: {{ .Values.defaultSettings.autoCleanupSnapshotWhenDeleteBackup }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.rwxVolumeFastFailover) }} + rwx-volume-fast-failover: {{ .Values.defaultSettings.rwxVolumeFastFailover}} + {{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/deployment-driver.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/deployment-driver.yaml new file mode 100644 index 0000000000..3ac582dcbc --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/deployment-driver.yaml @@ -0,0 +1,132 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }} + - name: CSI_SNAPSHOTTER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}" + {{- end }} + {{- if and .Values.image.csi.livenessProbe.repository .Values.image.csi.livenessProbe.tag }} + - name: CSI_LIVENESS_PROBE_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.livenessProbe.repository }}:{{ .Values.image.csi.livenessProbe.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.snapshotterReplicaCount }} + - name: CSI_SNAPSHOTTER_REPLICA_COUNT + value: {{ .Values.csi.snapshotterReplicaCount | quote }} + {{- end }} + {{- if .Values.enableGoCoverDir }} + - name: GOCOVERDIR + value: /go-cover-dir/ + volumeMounts: + - name: go-cover-dir + mountPath: /go-cover-dir/ + {{- end }} + + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornDriver.priorityClass }} + priorityClassName: {{ .Values.longhornDriver.priorityClass | quote }} + {{- end }} + {{- if or .Values.global.tolerations .Values.longhornDriver.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if or .Values.global.tolerations .Values.longhornDriver.tolerations }} +{{ default .Values.global.tolerations .Values.longhornDriver.tolerations | toYaml | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornDriver.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornDriver.nodeSelector }} +{{ default .Values.global.nodeSelector .Values.longhornDriver.nodeSelector | toYaml | indent 8 }} + {{- end }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 + {{- if .Values.enableGoCoverDir }} + volumes: + - name: go-cover-dir + hostPath: + path: /go-cover-dir/ + type: DirectoryOrCreate + {{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/deployment-ui.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/deployment-ui.yaml new file mode 100644 index 0000000000..22c443aeba --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/deployment-ui.yaml @@ -0,0 +1,182 @@ +{{- if .Values.openshift.enabled }} +{{- if .Values.openshift.ui.route }} +# https://github.com/openshift/oauth-proxy/blob/master/contrib/sidecar.yaml +# Create a proxy service account and ensure it will use the route "proxy" +# Create a secure connection to the proxy via a route +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: {{ .Values.openshift.ui.route }} + namespace: {{ include "release_namespace" . }} +spec: + to: + kind: Service + name: longhorn-ui + tls: + termination: reencrypt +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ include "release_namespace" . }} + annotations: + service.alpha.openshift.io/serving-cert-secret-name: longhorn-ui-tls +spec: + ports: + - name: longhorn-ui + port: {{ .Values.openshift.ui.port | default 443 }} + targetPort: {{ .Values.openshift.ui.proxy | default 8443 }} + selector: + app: longhorn-ui +--- +{{- end }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ include "release_namespace" . }} +spec: + replicas: {{ .Values.longhornUI.replicas }} + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + serviceAccountName: longhorn-ui-service-account + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - longhorn-ui + topologyKey: kubernetes.io/hostname + containers: + {{- if .Values.openshift.enabled }} + {{- if .Values.openshift.ui.route }} + - name: oauth-proxy + image: {{ template "registry_url" . }}{{ .Values.image.openshift.oauthProxy.repository }}:{{ .Values.image.openshift.oauthProxy.tag }} + imagePullPolicy: IfNotPresent + ports: + - containerPort: {{ .Values.openshift.ui.proxy | default 8443 }} + name: public + args: + - --https-address=:{{ .Values.openshift.ui.proxy | default 8443 }} + - --provider=openshift + - --openshift-service-account=longhorn-ui-service-account + - --upstream=http://localhost:8000 + - --tls-cert=/etc/tls/private/tls.crt + - --tls-key=/etc/tls/private/tls.key + - --cookie-secret=SECRET + - --openshift-sar={"namespace":"{{ include "release_namespace" . }}","group":"longhorn.io","resource":"setting","verb":"delete"} + volumeMounts: + - mountPath: /etc/tls/private + name: longhorn-ui-tls + {{- end }} + {{- end }} + - name: longhorn-ui + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name : nginx-cache + mountPath: /var/cache/nginx/ + - name : nginx-config + mountPath: /var/config/nginx/ + - name: var-run + mountPath: /var/run/ + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + - name: LONGHORN_UI_PORT + value: "8000" + volumes: + {{- if .Values.openshift.enabled }} + {{- if .Values.openshift.ui.route }} + - name: longhorn-ui-tls + secret: + secretName: longhorn-ui-tls + {{- end }} + {{- end }} + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-config + - emptyDir: {} + name: var-run + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornUI.priorityClass }} + priorityClassName: {{ .Values.longhornUI.priorityClass | quote }} + {{- end }} + {{- if or .Values.global.tolerations .Values.longhornUI.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if or .Values.global.tolerations .Values.longhornUI.tolerations }} +{{ default .Values.global.tolerations .Values.longhornUI.tolerations | toYaml | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornUI.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornUI.nodeSelector }} +{{ default .Values.global.nodeSelector .Values.longhornUI.nodeSelector | toYaml | indent 8 }} + {{- end }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ include "release_namespace" . }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + {{- if and .Values.service.ui.loadBalancerIP (eq .Values.service.ui.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.ui.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.ui.type "LoadBalancer") .Values.service.ui.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.ui.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/ingress.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/ingress.yaml new file mode 100644 index 0000000000..61175e827b --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/ingress.yaml @@ -0,0 +1,37 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.secureBackends }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + pathType: {{ default "ImplementationSpecific" .Values.ingress.pathType }} + backend: + service: + name: longhorn-frontend + port: + number: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/backing-image-data-source-network-policy.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/backing-image-data-source-network-policy.yaml new file mode 100644 index 0000000000..7204d63caa --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/backing-image-data-source-network-policy.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: backing-image-data-source + namespace: {{ include "release_namespace" . }} +spec: + podSelector: + matchLabels: + longhorn.io/component: backing-image-data-source + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: longhorn-manager + - podSelector: + matchLabels: + longhorn.io/component: instance-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-data-source +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/backing-image-manager-network-policy.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/backing-image-manager-network-policy.yaml new file mode 100644 index 0000000000..119ebf08a1 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/backing-image-manager-network-policy.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: backing-image-manager + namespace: {{ include "release_namespace" . }} +spec: + podSelector: + matchLabels: + longhorn.io/component: backing-image-manager + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: longhorn-manager + - podSelector: + matchLabels: + longhorn.io/component: instance-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-data-source +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/instance-manager-networking.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/instance-manager-networking.yaml new file mode 100644 index 0000000000..332aa2c2fe --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/instance-manager-networking.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: instance-manager + namespace: {{ include "release_namespace" . }} +spec: + podSelector: + matchLabels: + longhorn.io/component: instance-manager + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: longhorn-manager + - podSelector: + matchLabels: + longhorn.io/component: instance-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-data-source +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/manager-network-policy.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/manager-network-policy.yaml new file mode 100644 index 0000000000..6f94029a53 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/manager-network-policy.yaml @@ -0,0 +1,35 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-manager + namespace: {{ include "release_namespace" . }} +spec: + podSelector: + matchLabels: + app: longhorn-manager + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: longhorn-manager + - podSelector: + matchLabels: + app: longhorn-ui + - podSelector: + matchLabels: + app: longhorn-csi-plugin + - podSelector: + matchLabels: + longhorn.io/managed-by: longhorn-manager + matchExpressions: + - { key: recurring-job.longhorn.io, operator: Exists } + - podSelector: + matchExpressions: + - { key: longhorn.io/job-task, operator: Exists } + - podSelector: + matchLabels: + app: longhorn-driver-deployer +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/recovery-backend-network-policy.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/recovery-backend-network-policy.yaml new file mode 100644 index 0000000000..37bf5f9bcf --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/recovery-backend-network-policy.yaml @@ -0,0 +1,17 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-recovery-backend + namespace: {{ include "release_namespace" . }} +spec: + podSelector: + matchLabels: + longhorn.io/recovery-backend: longhorn-recovery-backend + policyTypes: + - Ingress + ingress: + - ports: + - protocol: TCP + port: 9503 +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/ui-frontend-network-policy.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/ui-frontend-network-policy.yaml new file mode 100644 index 0000000000..6f37065980 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/ui-frontend-network-policy.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.networkPolicies.enabled .Values.ingress.enabled (not (eq .Values.networkPolicies.type "")) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-ui-frontend + namespace: {{ include "release_namespace" . }} +spec: + podSelector: + matchLabels: + app: longhorn-ui + policyTypes: + - Ingress + ingress: + - from: + {{- if eq .Values.networkPolicies.type "rke1"}} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: ingress-nginx + podSelector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + {{- else if eq .Values.networkPolicies.type "rke2" }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: rke2-ingress-nginx + app.kubernetes.io/name: rke2-ingress-nginx + {{- else if eq .Values.networkPolicies.type "k3s" }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + app.kubernetes.io/name: traefik + ports: + - port: 8000 + protocol: TCP + - port: 80 + protocol: TCP + {{- end }} +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/webhook-network-policy.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/webhook-network-policy.yaml new file mode 100644 index 0000000000..3812e0ffa3 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/network-policies/webhook-network-policy.yaml @@ -0,0 +1,33 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} +spec: + podSelector: + matchLabels: + longhorn.io/conversion-webhook: longhorn-conversion-webhook + policyTypes: + - Ingress + ingress: + - ports: + - protocol: TCP + port: 9501 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-admission-webhook + namespace: {{ include "release_namespace" . }} +spec: + podSelector: + matchLabels: + longhorn.io/admission-webhook: longhorn-admission-webhook + policyTypes: + - Ingress + ingress: + - ports: + - protocol: TCP + port: 9502 +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/postupgrade-job.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/postupgrade-job.yaml new file mode 100644 index 0000000000..56efd38e9b --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/postupgrade-job.yaml @@ -0,0 +1,56 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if or .Values.global.tolerations .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if or .Values.global.tolerations .Values.longhornManager.tolerations }} +{{ default .Values.global.tolerations .Values.longhornManager.tolerations | toYaml | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornManager.nodeSelector }} +{{ default .Values.global.nodeSelector .Values.longhornManager.nodeSelector | toYaml | indent 8 }} + {{- end }} + {{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/preupgrade-job.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/preupgrade-job.yaml new file mode 100644 index 0000000000..9f7a8a6aa6 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/preupgrade-job.yaml @@ -0,0 +1,64 @@ +{{- if and .Values.preUpgradeChecker.jobEnabled .Values.preUpgradeChecker.upgradeVersionCheck}} +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed + name: longhorn-pre-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-pre-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-pre-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + privileged: true + command: + - longhorn-manager + - pre-upgrade + volumeMounts: + - name: proc + mountPath: /host/proc/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumes: + - name: proc + hostPath: + path: /proc/ + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if or .Values.global.tolerations .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if or .Values.global.tolerations .Values.longhornManager.tolerations }} +{{ default .Values.global.tolerations .Values.longhornManager.tolerations | toYaml | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornManager.nodeSelector }} +{{ default .Values.global.nodeSelector .Values.longhornManager.nodeSelector | toYaml | indent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/priorityclass.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/priorityclass.yaml new file mode 100644 index 0000000000..208adc84a2 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/priorityclass.yaml @@ -0,0 +1,9 @@ +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: "longhorn-critical" + labels: {{- include "longhorn.labels" . | nindent 4 }} +description: "Ensure Longhorn pods have the highest priority to prevent any unexpected eviction by the Kubernetes scheduler under node pressure" +globalDefault: false +preemptionPolicy: PreemptLowerPriority +value: 1000000000 diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/psp.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/psp.yaml new file mode 100644 index 0000000000..a2dfc05bef --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: default + namespace: {{ include "release_namespace" . }} +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/registry-secret.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/registry-secret.yaml new file mode 100644 index 0000000000..3c6b1dc510 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/registry-secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.privateRegistry.createSecret }} +{{- if .Values.privateRegistry.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.privateRegistry.registrySecret }} + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/serviceaccount.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/serviceaccount.yaml new file mode 100644 index 0000000000..b0d6dd505b --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/serviceaccount.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-ui-service-account + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.openshift.enabled }} + {{- if .Values.openshift.ui.route }} + {{- if not .Values.serviceAccount.annotations }} + annotations: + {{- end }} + serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"longhorn-ui"}}' + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-support-bundle + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} \ No newline at end of file diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/servicemonitor.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/servicemonitor.yaml new file mode 100644 index 0000000000..3f32961332 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: longhorn-prometheus-servicemonitor + namespace: {{ include "release_namespace" . }} + labels: + {{- include "longhorn.labels" . | nindent 4 }} + name: longhorn-prometheus-servicemonitor + {{- with .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app: longhorn-manager + namespaceSelector: + matchNames: + - {{ include "release_namespace" . }} + endpoints: + - port: manager + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/services.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/services.yaml new file mode 100644 index 0000000000..4c8c6bc687 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/services.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-conversion-webhook + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} +spec: + type: ClusterIP + selector: + longhorn.io/conversion-webhook: longhorn-conversion-webhook + ports: + - name: conversion-webhook + port: 9501 + targetPort: conversion-wh +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-admission-webhook + name: longhorn-admission-webhook + namespace: {{ include "release_namespace" . }} +spec: + type: ClusterIP + selector: + longhorn.io/admission-webhook: longhorn-admission-webhook + ports: + - name: admission-webhook + port: 9502 + targetPort: admission-wh +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-recovery-backend + name: longhorn-recovery-backend + namespace: {{ include "release_namespace" . }} +spec: + type: ClusterIP + selector: + longhorn.io/recovery-backend: longhorn-recovery-backend + ports: + - name: recovery-backend + port: 9503 + targetPort: recov-backend diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/storageclass.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/storageclass.yaml new file mode 100644 index 0000000000..64be249f9b --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/storageclass.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}" + volumeBindingMode: Immediate + parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + {{- if .Values.persistence.defaultFsType }} + fsType: "{{ .Values.persistence.defaultFsType }}" + {{- end }} + {{- if .Values.persistence.defaultMkfsParams }} + mkfsParams: "{{ .Values.persistence.defaultMkfsParams }}" + {{- end }} + {{- if .Values.persistence.migratable }} + migratable: "{{ .Values.persistence.migratable }}" + {{- end }} + {{- if .Values.persistence.nfsOptions }} + nfsOptions: "{{ .Values.persistence.nfsOptions }}" + {{- end }} + {{- if .Values.persistence.backingImage.enable }} + backingImage: {{ .Values.persistence.backingImage.name }} + backingImageDataSourceType: {{ .Values.persistence.backingImage.dataSourceType }} + backingImageDataSourceParameters: {{ .Values.persistence.backingImage.dataSourceParameters }} + backingImageChecksum: {{ .Values.persistence.backingImage.expectedChecksum }} + {{- end }} + {{- if .Values.persistence.recurringJobSelector.enable }} + recurringJobSelector: '{{ .Values.persistence.recurringJobSelector.jobList }}' + {{- end }} + dataLocality: {{ .Values.persistence.defaultDataLocality | quote }} + {{- if .Values.persistence.defaultDiskSelector.enable }} + diskSelector: "{{ .Values.persistence.defaultDiskSelector.selector }}" + {{- end }} + {{- if .Values.persistence.defaultNodeSelector.enable }} + nodeSelector: "{{ .Values.persistence.defaultNodeSelector.selector }}" + {{- end }} + {{- if .Values.persistence.removeSnapshotsDuringFilesystemTrim }} + unmapMarkSnapChainRemoved: "{{ .Values.persistence.removeSnapshotsDuringFilesystemTrim }}" + {{- end }} + {{- if .Values.persistence.disableRevisionCounter }} + disableRevisionCounter: "{{ .Values.persistence.disableRevisionCounter }}" + {{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/tls-secrets.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/tls-secrets.yaml new file mode 100644 index 0000000000..74c43426de --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/tls-secrets.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "release_namespace" $ }} + labels: {{- include "longhorn.labels" $ | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/uninstall-job.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/uninstall-job.yaml new file mode 100644 index 0000000000..1ab46207c3 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/uninstall-job.yaml @@ -0,0 +1,57 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: longhorn-uninstall + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: Never + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if or .Values.global.tolerations .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if or .Values.global.tolerations .Values.longhornManager.tolerations }} +{{ default .Values.global.tolerations .Values.longhornManager.tolerations | toYaml | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if or .Values.global.nodeSelector .Values.longhornManager.nodeSelector }} +{{ default .Values.global.nodeSelector .Values.longhornManager.nodeSelector | toYaml | indent 8 }} + {{- end }} + {{- end }} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/userroles.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/userroles.yaml new file mode 100644 index 0000000000..57a68e130c --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/userroles.yaml @@ -0,0 +1,53 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", "settings/status", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", "backupbackingimages", "backupbackingimages/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status", + "volumeattachments", "volumeattachments/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", "settings/status", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", "backupbackingimages", "backupbackingimages/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status", + "volumeattachments", "volumeattachments/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", "settings/status", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", "backupbackingimages", "backupbackingimages/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status", + "volumeattachments", "volumeattachments/status"] + verbs: [ "get", "list", "watch" ] diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/validate-install-crd.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/validate-install-crd.yaml new file mode 100644 index 0000000000..7bf81816d0 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/validate-install-crd.yaml @@ -0,0 +1,35 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/BackingImageDataSource" false -}} +# {{- set $found "longhorn.io/v1beta1/BackingImageManager" false -}} +# {{- set $found "longhorn.io/v1beta1/BackingImage" false -}} +# {{- set $found "longhorn.io/v1beta2/BackupBackingImage" false -}} +# {{- set $found "longhorn.io/v1beta1/Backup" false -}} +# {{- set $found "longhorn.io/v1beta1/BackupTarget" false -}} +# {{- set $found "longhorn.io/v1beta1/BackupVolume" false -}} +# {{- set $found "longhorn.io/v1beta1/EngineImage" false -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- set $found "longhorn.io/v1beta1/InstanceManager" false -}} +# {{- set $found "longhorn.io/v1beta1/Node" false -}} +# {{- set $found "longhorn.io/v1beta2/Orphan" false -}} +# {{- set $found "longhorn.io/v1beta1/RecurringJob" false -}} +# {{- set $found "longhorn.io/v1beta1/Replica" false -}} +# {{- set $found "longhorn.io/v1beta1/Setting" false -}} +# {{- set $found "longhorn.io/v1beta1/ShareManager" false -}} +# {{- set $found "longhorn.io/v1beta2/Snapshot" false -}} +# {{- set $found "longhorn.io/v1beta2/SupportBundle" false -}} +# {{- set $found "longhorn.io/v1beta2/SystemBackup" false -}} +# {{- set $found "longhorn.io/v1beta2/SystemRestore" false -}} +# {{- set $found "longhorn.io/v1beta2/VolumeAttachment" false -}} +# {{- set $found "longhorn.io/v1beta1/Volume" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/charts/longhorn/102.5.0+up1.7.1/templates/validate-psp-install.yaml b/charts/longhorn/102.5.0+up1.7.1/templates/validate-psp-install.yaml new file mode 100644 index 0000000000..0df98e3657 --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/templates/validate-psp-install.yaml @@ -0,0 +1,7 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +#{{- if .Values.enablePSP }} +#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} +#{{- end }} +#{{- end }} +#{{- end }} \ No newline at end of file diff --git a/charts/longhorn/102.5.0+up1.7.1/values.yaml b/charts/longhorn/102.5.0+up1.7.1/values.yaml new file mode 100644 index 0000000000..6ee0d58b6a --- /dev/null +++ b/charts/longhorn/102.5.0+up1.7.1/values.yaml @@ -0,0 +1,524 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + # -- Toleration for nodes allowed to run user-deployed components such as Longhorn Manager, Longhorn UI, and Longhorn Driver Deployer. + tolerations: [] + # -- Node selector for nodes allowed to run user-deployed components such as Longhorn Manager, Longhorn UI, and Longhorn Driver Deployer. + nodeSelector: {} + cattle: + # -- Default system registry. + systemDefaultRegistry: "" + windowsCluster: + # -- Setting that allows Longhorn to run on a Rancher Windows cluster. + enabled: false + # -- Toleration for Linux nodes that can run user-deployed Longhorn components. + tolerations: + - key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + # -- Node selector for Linux nodes that can run user-deployed Longhorn components. + nodeSelector: + kubernetes.io/os: "linux" + defaultSetting: + # -- Toleration for system-managed Longhorn components. + taintToleration: cattle.io/os=linux:NoSchedule + # -- Node selector for system-managed Longhorn components. + systemManagedComponentsNodeSelector: kubernetes.io/os:linux + +networkPolicies: + # -- Setting that allows you to enable network policies that control access to Longhorn pods. + enabled: false + # -- Distribution that determines the policy for allowing access for an ingress. (Options: "k3s", "rke2", "rke1") + type: "k3s" + +image: + longhorn: + engine: + # -- Repository for the Longhorn Engine image. + repository: rancher/mirrored-longhornio-longhorn-engine + # -- Tag for the Longhorn Engine image. + tag: v1.7.1 + manager: + # -- Repository for the Longhorn Manager image. + repository: rancher/mirrored-longhornio-longhorn-manager + # -- Tag for the Longhorn Manager image. + tag: v1.7.1 + ui: + # -- Repository for the Longhorn UI image. + repository: rancher/mirrored-longhornio-longhorn-ui + # -- Tag for the Longhorn UI image. + tag: v1.7.1 + instanceManager: + # -- Repository for the Longhorn Instance Manager image. + repository: rancher/mirrored-longhornio-longhorn-instance-manager + # -- Tag for the Longhorn Instance Manager image. + tag: v1.7.1 + shareManager: + # -- Repository for the Longhorn Share Manager image. + repository: rancher/mirrored-longhornio-longhorn-share-manager + # -- Tag for the Longhorn Share Manager image. + tag: v1.7.1 + backingImageManager: + # -- Repository for the Backing Image Manager image. When unspecified, Longhorn uses the default value. + repository: rancher/mirrored-longhornio-backing-image-manager + # -- Tag for the Backing Image Manager image. When unspecified, Longhorn uses the default value. + tag: v1.7.1 + supportBundleKit: + # -- Repository for the Longhorn Support Bundle Manager image. + repository: rancher/mirrored-longhornio-support-bundle-kit + # -- Tag for the Longhorn Support Bundle Manager image. + tag: v0.0.42 + csi: + attacher: + # -- Repository for the CSI attacher image. When unspecified, Longhorn uses the default value. + repository: rancher/mirrored-longhornio-csi-attacher + # -- Tag for the CSI attacher image. When unspecified, Longhorn uses the default value. + tag: v4.6.1 + provisioner: + # -- Repository for the CSI Provisioner image. When unspecified, Longhorn uses the default value. + repository: rancher/mirrored-longhornio-csi-provisioner + # -- Tag for the CSI Provisioner image. When unspecified, Longhorn uses the default value. + tag: v4.0.1 + nodeDriverRegistrar: + # -- Repository for the CSI Node Driver Registrar image. When unspecified, Longhorn uses the default value. + repository: rancher/mirrored-longhornio-csi-node-driver-registrar + # -- Tag for the CSI Node Driver Registrar image. When unspecified, Longhorn uses the default value. + tag: v2.12.0 + resizer: + # -- Repository for the CSI Resizer image. When unspecified, Longhorn uses the default value. + repository: rancher/mirrored-longhornio-csi-resizer + # -- Tag for the CSI Resizer image. When unspecified, Longhorn uses the default value. + tag: v1.11.1 + snapshotter: + # -- Repository for the CSI Snapshotter image. When unspecified, Longhorn uses the default value. + repository: rancher/mirrored-longhornio-csi-snapshotter + # -- Tag for the CSI Snapshotter image. When unspecified, Longhorn uses the default value. + tag: v7.0.2 + livenessProbe: + # -- Repository for the CSI liveness probe image. When unspecified, Longhorn uses the default value. + repository: rancher/mirrored-longhornio-livenessprobe + # -- Tag for the CSI liveness probe image. When unspecified, Longhorn uses the default value. + tag: v2.14.0 + openshift: + oauthProxy: + # -- Repository for the OAuth Proxy image. This setting applies only to OpenShift users. + repository: rancher/mirrored-longhornio-openshift-origin-oauth-proxy + # -- Tag for the OAuth Proxy image. This setting applies only to OpenShift users. Specify OCP/OKD version 4.1 or later. The latest stable version is 4.15. + tag: 4.15 + # -- Image pull policy that applies to all user-deployed Longhorn components, such as Longhorn Manager, Longhorn driver, and Longhorn UI. + pullPolicy: IfNotPresent + +service: + ui: + # -- Service type for Longhorn UI. (Options: "ClusterIP", "NodePort", "LoadBalancer", "Rancher-Proxy") + type: ClusterIP + # -- NodePort port number for Longhorn UI. When unspecified, Longhorn selects a free port between 30000 and 32767. + nodePort: null + manager: + # -- Service type for Longhorn Manager. + type: ClusterIP + # -- NodePort port number for Longhorn Manager. When unspecified, Longhorn selects a free port between 30000 and 32767. + nodePort: "" + +persistence: + # -- Setting that allows you to specify the default Longhorn StorageClass. + defaultClass: true + # -- Filesystem type of the default Longhorn StorageClass. + defaultFsType: ext4 + # -- mkfs parameters of the default Longhorn StorageClass. + defaultMkfsParams: "" + # -- Replica count of the default Longhorn StorageClass. + defaultClassReplicaCount: 3 + # -- Data locality of the default Longhorn StorageClass. (Options: "disabled", "best-effort") + defaultDataLocality: disabled + # -- Reclaim policy that provides instructions for handling of a volume after its claim is released. (Options: "Retain", "Delete") + reclaimPolicy: Delete + # -- Setting that allows you to enable live migration of a Longhorn volume from one node to another. + migratable: false + # -- Setting that disables the revision counter and thereby prevents Longhorn from tracking all write operations to a volume. When salvaging a volume, Longhorn uses properties of the volume-head-xxx.img file (the last file size and the last time the file was modified) to select the replica to be used for volume recovery. + disableRevisionCounter: "true" + # -- Set NFS mount options for Longhorn StorageClass for RWX volumes + nfsOptions: "" + recurringJobSelector: + # -- Setting that allows you to enable the recurring job selector for a Longhorn StorageClass. + enable: false + # -- Recurring job selector for a Longhorn StorageClass. Ensure that quotes are used correctly when specifying job parameters. (Example: `[{"name":"backup", "isGroup":true}]`) + jobList: [] + backingImage: + # -- Setting that allows you to use a backing image in a Longhorn StorageClass. + enable: false + # -- Backing image to be used for creating and restoring volumes in a Longhorn StorageClass. When no backing images are available, specify the data source type and parameters that Longhorn can use to create a backing image. + name: ~ + # -- Data source type of a backing image used in a Longhorn StorageClass. + # If the backing image exists in the cluster, Longhorn uses this setting to verify the image. + # If the backing image does not exist, Longhorn creates one using the specified data source type. + dataSourceType: ~ + # -- Data source parameters of a backing image used in a Longhorn StorageClass. + # You can specify a JSON string of a map. (Example: `'{\"url\":\"https://backing-image-example.s3-region.amazonaws.com/test-backing-image\"}'`) + dataSourceParameters: ~ + # -- Expected SHA-512 checksum of a backing image used in a Longhorn StorageClass. + expectedChecksum: ~ + defaultDiskSelector: + # -- Setting that allows you to enable the disk selector for the default Longhorn StorageClass. + enable: false + # -- Disk selector for the default Longhorn StorageClass. Longhorn uses only disks with the specified tags for storing volume data. (Examples: "nvme,sata") + selector: "" + defaultNodeSelector: + # -- Setting that allows you to enable the node selector for the default Longhorn StorageClass. + enable: false + # -- Node selector for the default Longhorn StorageClass. Longhorn uses only nodes with the specified tags for storing volume data. (Examples: "storage,fast") + selector: "" + # -- Setting that allows you to enable automatic snapshot removal during filesystem trim for a Longhorn StorageClass. (Options: "ignored", "enabled", "disabled") + removeSnapshotsDuringFilesystemTrim: ignored + +preUpgradeChecker: + # -- Setting that allows Longhorn to perform pre-upgrade checks. Disable this setting when installing Longhorn using Argo CD or other GitOps solutions. + jobEnabled: true + # -- Setting that allows Longhorn to perform upgrade version checks after starting the Longhorn Manager DaemonSet Pods. Disabling this setting also disables `preUpgradeChecker.jobEnabled`. Longhorn recommends keeping this setting enabled. + upgradeVersionCheck: true + +csi: + # -- kubelet root directory. When unspecified, Longhorn uses the default value. + kubeletRootDir: ~ + # -- Replica count of the CSI Attacher. When unspecified, Longhorn uses the default value ("3"). + attacherReplicaCount: ~ + # -- Replica count of the CSI Provisioner. When unspecified, Longhorn uses the default value ("3"). + provisionerReplicaCount: ~ + # -- Replica count of the CSI Resizer. When unspecified, Longhorn uses the default value ("3"). + resizerReplicaCount: ~ + # -- Replica count of the CSI Snapshotter. When unspecified, Longhorn uses the default value ("3"). + snapshotterReplicaCount: ~ + +defaultSettings: + # -- Endpoint used to access the backupstore. (Options: "NFS", "CIFS", "AWS", "GCP", "AZURE") + backupTarget: ~ + # -- Name of the Kubernetes secret associated with the backup target. + backupTargetCredentialSecret: ~ + # -- Setting that allows Longhorn to automatically attach a volume and create snapshots or backups when recurring jobs are run. + allowRecurringJobWhileVolumeDetached: ~ + # -- Setting that allows Longhorn to automatically create a default disk only on nodes with the label "node.longhorn.io/create-default-disk=true" (if no other disks exist). When this setting is disabled, Longhorn creates a default disk on each node that is added to the cluster. + createDefaultDiskLabeledNodes: ~ + # -- Default path for storing data on a host. The default value is "/var/lib/longhorn/". + defaultDataPath: ~ + # -- Default data locality. A Longhorn volume has data locality if a local replica of the volume exists on the same node as the pod that is using the volume. + defaultDataLocality: ~ + # -- Setting that allows scheduling on nodes with healthy replicas of the same volume. This setting is disabled by default. + replicaSoftAntiAffinity: ~ + # -- Setting that automatically rebalances replicas when an available node is discovered. + replicaAutoBalance: ~ + # -- Percentage of storage that can be allocated relative to hard drive capacity. The default value is "100". + storageOverProvisioningPercentage: ~ + # -- Percentage of minimum available disk capacity. When the minimum available capacity exceeds the total available capacity, the disk becomes unschedulable until more space is made available for use. The default value is "25". + storageMinimalAvailablePercentage: ~ + # -- Percentage of disk space that is not allocated to the default disk on each new Longhorn node. + storageReservedPercentageForDefaultDisk: ~ + # -- Upgrade Checker that periodically checks for new Longhorn versions. When a new version is available, a notification appears on the Longhorn UI. This setting is enabled by default + upgradeChecker: ~ + # -- Default number of replicas for volumes created using the Longhorn UI. For Kubernetes configuration, modify the `numberOfReplicas` field in the StorageClass. The default value is "3". + defaultReplicaCount: ~ + # -- Default Longhorn StorageClass. "storageClassName" is assigned to PVs and PVCs that are created for an existing Longhorn volume. "storageClassName" can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. The default value is "longhorn-static". + defaultLonghornStaticStorageClass: ~ + # -- Number of seconds that Longhorn waits before checking the backupstore for new backups. The default value is "300". When the value is "0", polling is disabled. + backupstorePollInterval: ~ + # -- Number of minutes that Longhorn keeps a failed backup resource. When the value is "0", automatic deletion is disabled. + failedBackupTTL: ~ + # -- Setting that restores recurring jobs from a backup volume on a backup target and creates recurring jobs if none exist during backup restoration. + restoreVolumeRecurringJobs: ~ + # -- Maximum number of successful recurring backup and snapshot jobs to be retained. When the value is "0", a history of successful recurring jobs is not retained. + recurringSuccessfulJobsHistoryLimit: ~ + # -- Maximum number of failed recurring backup and snapshot jobs to be retained. When the value is "0", a history of failed recurring jobs is not retained. + recurringFailedJobsHistoryLimit: ~ + # -- Maximum number of snapshots or backups to be retained. + recurringJobMaxRetention: ~ + # -- Maximum number of failed support bundles that can exist in the cluster. When the value is "0", Longhorn automatically purges all failed support bundles. + supportBundleFailedHistoryLimit: ~ + # -- Taint or toleration for system-managed Longhorn components. + # Specify values using a semicolon-separated list in `kubectl taint` syntax (Example: key1=value1:effect; key2=value2:effect). + taintToleration: ~ + # -- Node selector for system-managed Longhorn components. + systemManagedComponentsNodeSelector: ~ + # -- PriorityClass for system-managed Longhorn components. + # This setting can help prevent Longhorn components from being evicted under Node Pressure. + # Notice that this will be applied to Longhorn user-deployed components by default if there are no priority class values set yet, such as `longhornManager.priorityClass`. + priorityClass: &defaultPriorityClassNameRef "longhorn-critical" + # -- Setting that allows Longhorn to automatically salvage volumes when all replicas become faulty (for example, when the network connection is interrupted). Longhorn determines which replicas are usable and then uses these replicas for the volume. This setting is enabled by default. + autoSalvage: ~ + # -- Setting that allows Longhorn to automatically delete a workload pod that is managed by a controller (for example, daemonset) whenever a Longhorn volume is detached unexpectedly (for example, during Kubernetes upgrades). After deletion, the controller restarts the pod and then Kubernetes handles volume reattachment and remounting. + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + # -- Setting that prevents Longhorn Manager from scheduling replicas on a cordoned Kubernetes node. This setting is enabled by default. + disableSchedulingOnCordonedNode: ~ + # -- Setting that allows Longhorn to schedule new replicas of a volume to nodes in the same zone as existing healthy replicas. Nodes that do not belong to any zone are treated as existing in the zone that contains healthy replicas. When identifying zones, Longhorn relies on the label "topology.kubernetes.io/zone=" in the Kubernetes node object. + replicaZoneSoftAntiAffinity: ~ + # -- Setting that allows scheduling on disks with existing healthy replicas of the same volume. This setting is enabled by default. + replicaDiskSoftAntiAffinity: ~ + # -- Policy that defines the action Longhorn takes when a volume is stuck with a StatefulSet or Deployment pod on a node that failed. + nodeDownPodDeletionPolicy: ~ + # -- Policy that defines the action Longhorn takes when a node with the last healthy replica of a volume is drained. + nodeDrainPolicy: ~ + # -- Setting that allows automatic detaching of manually-attached volumes when a node is cordoned. + detachManuallyAttachedVolumesWhenCordoned: ~ + # -- Number of seconds that Longhorn waits before reusing existing data on a failed replica instead of creating a new replica of a degraded volume. + replicaReplenishmentWaitInterval: ~ + # -- Maximum number of replicas that can be concurrently rebuilt on each node. + concurrentReplicaRebuildPerNodeLimit: ~ + # -- Maximum number of volumes that can be concurrently restored on each node using a backup. When the value is "0", restoration of volumes using a backup is disabled. + concurrentVolumeBackupRestorePerNodeLimit: ~ + # -- Setting that disables the revision counter and thereby prevents Longhorn from tracking all write operations to a volume. When salvaging a volume, Longhorn uses properties of the "volume-head-xxx.img" file (the last file size and the last time the file was modified) to select the replica to be used for volume recovery. This setting applies only to volumes created using the Longhorn UI. + disableRevisionCounter: "true" + # -- Image pull policy for system-managed pods, such as Instance Manager, engine images, and CSI Driver. Changes to the image pull policy are applied only after the system-managed pods restart. + systemManagedPodsImagePullPolicy: ~ + # -- Setting that allows you to create and attach a volume without having all replicas scheduled at the time of creation. + allowVolumeCreationWithDegradedAvailability: ~ + # -- Setting that allows Longhorn to automatically clean up the system-generated snapshot after replica rebuilding is completed. + autoCleanupSystemGeneratedSnapshot: ~ + # -- Setting that allows Longhorn to automatically clean up the snapshot generated by a recurring backup job. + autoCleanupRecurringJobBackupSnapshot: ~ + # -- Maximum number of engines that are allowed to concurrently upgrade on each node after Longhorn Manager is upgraded. When the value is "0", Longhorn does not automatically upgrade volume engines to the new default engine image version. + concurrentAutomaticEngineUpgradePerNodeLimit: ~ + # -- Number of minutes that Longhorn waits before cleaning up the backing image file when no replicas in the disk are using it. + backingImageCleanupWaitInterval: ~ + # -- Number of seconds that Longhorn waits before downloading a backing image file again when the status of all image disk files changes to "failed" or "unknown". + backingImageRecoveryWaitInterval: ~ + # -- Percentage of the total allocatable CPU resources on each node to be reserved for each instance manager pod when the V1 Data Engine is enabled. The default value is "12". + guaranteedInstanceManagerCPU: ~ + # -- Setting that notifies Longhorn that the cluster is using the Kubernetes Cluster Autoscaler. + kubernetesClusterAutoscalerEnabled: ~ + # -- Setting that allows Longhorn to automatically delete an orphaned resource and the corresponding data (for example, stale replicas). Orphaned resources on failed or unknown nodes are not automatically cleaned up. + orphanAutoDeletion: ~ + # -- Storage network for in-cluster traffic. When unspecified, Longhorn uses the Kubernetes cluster network. + storageNetwork: ~ + # -- Flag that prevents accidental uninstallation of Longhorn. + deletingConfirmationFlag: ~ + # -- Timeout between the Longhorn Engine and replicas. Specify a value between "8" and "30" seconds. The default value is "8". + engineReplicaTimeout: ~ + # -- Setting that allows you to enable and disable snapshot hashing and data integrity checks. + snapshotDataIntegrity: ~ + # -- Setting that allows disabling of snapshot hashing after snapshot creation to minimize impact on system performance. + snapshotDataIntegrityImmediateCheckAfterSnapshotCreation: ~ + # -- Setting that defines when Longhorn checks the integrity of data in snapshot disk files. You must use the Unix cron expression format. + snapshotDataIntegrityCronjob: ~ + # -- Setting that allows Longhorn to automatically mark the latest snapshot and its parent files as removed during a filesystem trim. Longhorn does not remove snapshots containing multiple child files. + removeSnapshotsDuringFilesystemTrim: ~ + # -- Setting that allows fast rebuilding of replicas using the checksum of snapshot disk files. Before enabling this setting, you must set the snapshot-data-integrity value to "enable" or "fast-check". + fastReplicaRebuildEnabled: ~ + # -- Number of seconds that an HTTP client waits for a response from a File Sync server before considering the connection to have failed. + replicaFileSyncHttpClientTimeout: ~ + # -- Number of seconds that Longhorn allows for the completion of replica rebuilding and snapshot cloning operations. + longGRPCTimeOut: ~ + # -- Log levels that indicate the type and severity of logs in Longhorn Manager. The default value is "Info". (Options: "Panic", "Fatal", "Error", "Warn", "Info", "Debug", "Trace") + logLevel: ~ + # -- Setting that allows you to specify a backup compression method. + backupCompressionMethod: ~ + # -- Maximum number of worker threads that can concurrently run for each backup. + backupConcurrentLimit: ~ + # -- Maximum number of worker threads that can concurrently run for each restore operation. + restoreConcurrentLimit: ~ + # -- Setting that allows you to enable the V1 Data Engine. + v1DataEngine: ~ + # -- Setting that allows you to enable the V2 Data Engine, which is based on the Storage Performance Development Kit (SPDK). The V2 Data Engine is a preview feature and should not be used in production environments. + v2DataEngine: ~ + # -- Setting that allows you to configure maximum huge page size (in MiB) for the V2 Data Engine. + v2DataEngineHugepageLimit: ~ + # -- Number of millicpus on each node to be reserved for each Instance Manager pod when the V2 Data Engine is enabled. The default value is "1250". + v2DataEngineGuaranteedInstanceManagerCPU: ~ + # -- Setting that allows scheduling of empty node selector volumes to any node. + allowEmptyNodeSelectorVolume: ~ + # -- Setting that allows scheduling of empty disk selector volumes to any disk. + allowEmptyDiskSelectorVolume: ~ + # -- Setting that allows Longhorn to periodically collect anonymous usage data for product improvement purposes. Longhorn sends collected data to the [Upgrade Responder](https://github.com/longhorn/upgrade-responder) server, which is the data source of the Longhorn Public Metrics Dashboard (https://metrics.longhorn.io). The Upgrade Responder server does not store data that can be used to identify clients, including IP addresses. + allowCollectingLonghornUsageMetrics: ~ + # -- Setting that temporarily prevents all attempts to purge volume snapshots. + disableSnapshotPurge: ~ + # -- Maximum snapshot count for a volume. The value should be between 2 to 250 + snapshotMaxCount: ~ + # -- Setting that allows you to configure the log level of the SPDK target daemon (spdk_tgt) of the V2 Data Engine. + v2DataEngineLogLevel: ~ + # -- Setting that allows you to configure the log flags of the SPDK target daemon (spdk_tgt) of the V2 Data Engine. + v2DataEngineLogFlags: ~ + # -- Setting that freezes the filesystem on the root partition before a snapshot is created. + freezeFilesystemForSnapshot: ~ + # -- Setting that automatically cleans up the snapshot when the backup is deleted. + autoCleanupSnapshotWhenDeleteBackup: ~ + # -- Turn on logic to detect and move RWX volumes quickly on node failure. + rwxVolumeFastFailover: ~ + +privateRegistry: + # -- Setting that allows you to create a private registry secret. + createSecret: ~ + # -- URL of a private registry. When unspecified, Longhorn uses the default system registry. + registryUrl: ~ + # -- User account used for authenticating with a private registry. + registryUser: ~ + # -- Password for authenticating with a private registry. + registryPasswd: ~ + # -- Kubernetes secret that allows you to pull images from a private registry. This setting applies only when creation of private registry secrets is enabled. You must include the private registry name in the secret name. + registrySecret: ~ + +longhornManager: + log: + # -- Format of Longhorn Manager logs. (Options: "plain", "json") + format: plain + # -- PriorityClass for Longhorn Manager. + priorityClass: *defaultPriorityClassNameRef + # -- Toleration for Longhorn Manager on nodes allowed to run Longhorn components. + tolerations: [] + ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + # -- Node selector for Longhorn Manager. Specify the nodes allowed to run Longhorn Manager. + nodeSelector: {} + ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + # -- Annotation for the Longhorn Manager service. + serviceAnnotations: {} + ## If you want to set annotations for the Longhorn Manager service, delete the `{}` in the line above + ## and uncomment this example block + # annotation-key1: "annotation-value1" + # annotation-key2: "annotation-value2" + +longhornDriver: + # -- PriorityClass for Longhorn Driver. + priorityClass: *defaultPriorityClassNameRef + # -- Toleration for Longhorn Driver on nodes allowed to run Longhorn components. + tolerations: [] + ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + # -- Node selector for Longhorn Driver. Specify the nodes allowed to run Longhorn Driver. + nodeSelector: {} + ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +longhornUI: + # -- Replica count for Longhorn UI. + replicas: 2 + # -- PriorityClass for Longhorn UI. + priorityClass: *defaultPriorityClassNameRef + # -- Toleration for Longhorn UI on nodes allowed to run Longhorn components. + tolerations: [] + ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + # -- Node selector for Longhorn UI. Specify the nodes allowed to run Longhorn UI. + nodeSelector: {} + ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +ingress: + # -- Setting that allows Longhorn to generate ingress records for the Longhorn UI service. + enabled: false + + # -- IngressClass resource that contains ingress configuration, including the name of the Ingress controller. + # ingressClassName can replace the kubernetes.io/ingress.class annotation used in earlier Kubernetes releases. + ingressClassName: ~ + + # -- Hostname of the Layer 7 load balancer. + host: sslip.io + + # -- Setting that allows you to enable TLS on ingress records. + tls: false + + # -- Setting that allows you to enable secure connections to the Longhorn UI service via port 443. + secureBackends: false + + # -- TLS secret that contains the private key and certificate to be used for TLS. This setting applies only when TLS is enabled on ingress records. + tlsSecret: longhorn.local-tls + + # -- Default ingress path. You can access the Longhorn UI by following the full ingress path {{host}}+{{path}}. + path: / + + # -- Ingress path type. To maintain backward compatibility, the default value is "ImplementationSpecific". + pathType: ImplementationSpecific + + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + # -- Ingress annotations in the form of key-value pairs. + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + # -- Secret that contains a TLS private key and certificate. Use secrets if you want to use your own certificates to secure ingresses. + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# -- Setting that allows you to enable pod security policies (PSPs) that allow privileged Longhorn pods to start. This setting applies only to clusters running Kubernetes 1.25 and earlier, and with the built-in Pod Security admission controller enabled. +enablePSP: false + +# -- Specify override namespace, specifically this is useful for using longhorn as sub-chart and its release namespace is not the `longhorn-system`. +namespaceOverride: "" + +# -- Annotation for the Longhorn Manager DaemonSet pods. This setting is optional. +annotations: {} + +serviceAccount: + # -- Annotations to add to the service account + annotations: {} + +metrics: + serviceMonitor: + # -- Setting that allows the creation of a Prometheus ServiceMonitor resource for Longhorn Manager components. + enabled: false + # -- Additional labels for the Prometheus ServiceMonitor resource. + additionalLabels: {} + # -- Annotations for the Prometheus ServiceMonitor resource. + annotations: {} + # -- Interval at which Prometheus scrapes the metrics from the target. + interval: "" + # -- Timeout after which Prometheus considers the scrape to be failed. + scrapeTimeout: "" + # -- Configures the relabeling rules to apply the target’s metadata labels. See the [Prometheus Operator + # documentation](https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.Endpoint) for + # formatting details. + relabelings: [] + # -- Configures the relabeling rules to apply to the samples before ingestion. See the [Prometheus Operator + # documentation](https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.Endpoint) for + # formatting details. + metricRelabelings: [] + +## openshift settings +openshift: + # -- Setting that allows Longhorn to integrate with OpenShift. + enabled: false + ui: + # -- Route for connections between Longhorn and the OpenShift web console. + route: "longhorn-ui" + # -- Port for accessing the OpenShift web console. + port: 443 + # -- Port for proxy that provides access to the OpenShift web console. + proxy: 8443 + +# -- Setting that allows Longhorn to generate code coverage profiles. +enableGoCoverDir: false diff --git a/index.yaml b/index.yaml index 4db4ad4218..2f38aab760 100755 --- a/index.yaml +++ b/index.yaml @@ -4124,6 +4124,50 @@ entries: urls: - assets/longhorn/longhorn-103.0.0+up1.3.3.tgz version: 103.0.0+up1.3.3 + - annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/kube-version: '>= 1.21.0-0' + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 1.7.1 + apiVersion: v1 + appVersion: v1.7.1 + created: "2024-09-25T12:31:20.302158433-03:00" + description: Longhorn is a distributed block storage system for Kubernetes. + digest: f88308dd6b2cccbc7991c636e307e44e84fbc133673799b770de40a48d4764c2 + home: https://github.com/longhorn/longhorn + icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png + keywords: + - longhorn + - storage + - distributed + - block + - device + - iscsi + - nfs + kubeVersion: '>=1.21.0-0' + maintainers: + - email: maintainers@longhorn.io + name: Longhorn maintainers + name: longhorn + sources: + - https://github.com/longhorn/longhorn + - https://github.com/longhorn/longhorn-engine + - https://github.com/longhorn/longhorn-instance-manager + - https://github.com/longhorn/longhorn-share-manager + - https://github.com/longhorn/longhorn-manager + - https://github.com/longhorn/longhorn-ui + - https://github.com/longhorn/longhorn-tests + - https://github.com/longhorn/backing-image-manager + urls: + - assets/longhorn/longhorn-102.5.0+up1.7.1.tgz + version: 102.5.0+up1.7.1 - annotations: catalog.cattle.io/auto-install: longhorn-crd=match catalog.cattle.io/certified: rancher diff --git a/release.yaml b/release.yaml index 896eff1d44..7c16fb76a3 100644 --- a/release.yaml +++ b/release.yaml @@ -4,6 +4,7 @@ ui-plugin-operator-crd: - 103.0.3+up0.2.2 longhorn: - 103.4.0+up1.7.1 + - 102.5.0+up1.7.1 longhorn-crd: - 103.4.0+up1.7.1 fleet: From b4650e0898af56a5202eccbf16b0b181818c6e41 Mon Sep 17 00:00:00 2001 From: nicholasSSUSE Date: Wed, 25 Sep 2024 12:32:04 -0300 Subject: [PATCH 2/2] forward-port longhorn-crd 102.5.0+up1.7.1 --- .../longhorn-crd-102.5.0+up1.7.1.tgz | Bin 0 -> 13409 bytes .../longhorn-crd/102.5.0+up1.7.1/Chart.yaml | 11 + charts/longhorn-crd/102.5.0+up1.7.1/README.md | 2 + .../102.5.0+up1.7.1/templates/_helpers.tpl | 66 + .../102.5.0+up1.7.1/templates/crds.yaml | 4400 +++++++++++++++++ index.yaml | 15 + release.yaml | 1 + 7 files changed, 4495 insertions(+) create mode 100644 assets/longhorn-crd/longhorn-crd-102.5.0+up1.7.1.tgz create mode 100644 charts/longhorn-crd/102.5.0+up1.7.1/Chart.yaml create mode 100644 charts/longhorn-crd/102.5.0+up1.7.1/README.md create mode 100644 charts/longhorn-crd/102.5.0+up1.7.1/templates/_helpers.tpl create mode 100644 charts/longhorn-crd/102.5.0+up1.7.1/templates/crds.yaml diff --git a/assets/longhorn-crd/longhorn-crd-102.5.0+up1.7.1.tgz b/assets/longhorn-crd/longhorn-crd-102.5.0+up1.7.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a764e34be310026207d45cc07a8dab7560fd7dc3 GIT binary patch literal 13409 zcmV-nG@i>JiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYObKEwTD4fs!6)5d9Wqa1$k`gC=R#j8G8p*z+UCVJvwo`Ry zQwf?xcOzm09Dr-Zhd(8~HbLkWT$O++)JMa1GKFvXt`HH8c+0h6A+_0CI}pq=SzHi04CLIm?s&SDrWOe^fdhhlN@pR<&SH`7>*J6 zC&*Y%BJjg^@=v_F&gXOd85~Ti&Jc;^-wMDphG2#OEXSDVNpc7Nk;6n%FmawG=+h@Z zA=SJ5J`-bzX>c$@5zILPoURb~pL~WGK^fv|!gGw0m;=ZVNbm}0C~6~R zA0Jr)o>hoHk%;eW!x8KK=so28HU|F$vmag}5+HhuAhLzKR+pvoxmANI9MQp zm>}bFOY#ho7_u1r4J9j}J`vl}JdyQfR^KQD!!(`Vl;@ye<0s(v-$B7GT1R~3o~wq% zwy>P>!-G*BpoCWxP^`|Gy%H$4_oBiBG^;&NI5YLY(F- zLg(T11hL5i5lLicIZk54YE*W8G(G-)dh`Tn1|{h3 z1hmD8f;COSKLNocMkE6-#fcYVm3vvsDJS4SXrhW?2?+y}1zri>0W+wk!KY={m_89A zn*e*kXr5LYp?Iab(UVdL`K#*jLiBhJGk7g~RFGhv{ZGe7Z!yp0hiQ^Cm^h)6-|!`6 z*}H1=2}qVR9P5{uEb;_0R~JtJ;1LzdY)L`lCje-~%N{2H#<5&Vn7kK68nH8))i_+M6#xPm9z!qrHgURnLBc>>tsxLlNAL!AVKMxs_ z&=|FGpyqyylLX8VNEu2YLouMl0g>qC;=BgUI~sdU9rK&b;Sjxi{Mdlxy#AvF8l#(n zSWF|KtYJz%;1%K-T&1->PZ#yc#l=Fa*X!dM%HXj&0nrkz;EDd6rih%rzxedsb?s+R z$B6w@0?fhf5-|kc7BT_PC_~(_fkACU(b;b(%BJPpl+hHi3>U{%JqEoser@+21YdW~2H7>ekE z;4fw0TnqfVB{4UI0kqM$apF2N)7#f}9xrt(64S`1+DE1TdM?6Cl(= zesXxYz*)hCBDz}T1ZQ`LlA+*Po>9gRW3)!eA;*geWYH35D9Un%4q=KXaw0@>qUkFB zH-=1-T0E`2svb$-J(fq1da-$+?n+IuS_ScwK;6~r>kpuSM6Hxslnjb6l8ZQbKUp=2EmF72*tH9Q1l9L-kZ^=a2d`>{da`WIT z&a`nyEg)r^*!W5iAhUW_;vgwo`<4IGsuq)u=RicxD|rxxOgmMFU6`KtN56CZL?nBPc>>)S{Wa<4{$ zgM46+@Ht`(#jdt9N)rT0Z!4=97Yat5MBsmv4d%AaS9Pw0wNV``=Y)do& zF})=Tg-zlpUgfFd1^S#)mQBPNpR9#2+T2{?BZee%vb>2BO4`47Oj?Ma9*f{QS{5;X z$l;RBYR8MtlxSa`uLf-5n}lS5T{y&R3pLd z7c!d3d{|BhCX4sGK9VF)5;#jxOS3fF+D|P0VnN=VvK7qatbTauHDj$|UcBG*xOgbD z)i2$;>|`=|@>O~$^!shOCoWZY3I?lhLVwZem?(f!D`)jetkgTJQ({#DabF&Zl`-v| zYW<2(8$(J=xnwJ{(!uZ8Y6E8*;()T?m+{SPW@stvdX9*HCXuC?b9fA~Q z%O)5(uSk?_aPj}v;Kq;p=Cru1ranNuZyW?UWKiwvJqOi3sP=oH+6Qk%VD^F8?+dfv zjyXRt`@rmrCouc3h}rj1ge@BJ+eD+wz&JBtc>tsJ{kZ}pa=co2+yA#=dM@_E0K4<9 zwggP^B_>t|0(vZvF2>W>&fJA>aDpzO#S%SqFS=)@9xXneIZf*(ypAmmy3F4L+e`6c zY-6`g-0Z-PZS`M|@eu{z$0PK8*qt6q`mdM-<?m;_d|egl0=h zZ{)AH>hA)bO6WYJWR4fr5_6R(Xs&s)1VB01psxR^!x)fHM}bon)}n%ZXd|Km}hXD zQ|tGAGu8(d99VE*!S}gVkHjWF$QWM|g$9aT**H6iqJM)E3GGhprD%<#OscGMQ`y4k zOOgNHd@XdrJjs(v1~bA#WS(1$9qpL7=b7sM#YNrn?34J_apnl7fI;{*ZNpc|NL znu^Kd`PL8@yjDB%TIFfK?`pUcCQo}@G4&6u4w(i-YSnCR8LMBW-ueN(Gs;jjYoepT zeG5-x%xF8UlTjZ^;Z`4QAT~N*q8MbjXYzTf${NR~S!@37ccbCrMi8_G6&nXl3jqS~ zI}-KHSxOr6yT*jywqLXc-kv$He$Iv(^%ODi53PK4daylPUz=of zDPvlYxd$_oqS>;XIGtNT_A&_x%3oRnPc7z_*5HCk2VOb&^cEa=>nEORTQ#Z`~9PLC$-? z4&l)Y4!4=9onxmzwR*n&2Bj;($AnOFiLxc_I~Qlw_kxTsscSP^M?;L+%*L(x$?pm~ zlo0L+$ly)Elzj-E6^zGCsmGguO!0gGmZjLQNcj?GPSk>1$hCH0!No1sIe-S)&r^^= zwm>b>b+^=g)f4#MLI6}>+T%xxoJNTomXlJQupnXdPSjic-u7bcU~zS_63nH%OBujK zNL%uMV<)=<1ExLO_Tn5+qV0cDk}eHT&1~3=T4o{C8xr9J6)fFr-P|VbVa%dv?;6xm z4XEEtYB!^}&*7MoL{{5;zx3opMiCyQy0!^UXOIZR=iuN4IJhA1HS)y&1V2hphGOxb z*J5{zKR&8hxdX2?%~>*bIX_;#^%yFcdv|8;-Q2{hMrxRK9j4q4^R0T*Fy8LQV9N-r`JFoHmdWARhn0kk$k2#w@zRAYk*@9bg4?Tnf572%c z`iJ%l);xhtzn=vW59tYf1a7qmCW+XOq?3X)&Cx( z`d^-Ykmy&7)rd_{uN)BydfC*n*y0rQk!S=eWW{hh$}cO`0zsTLYMS+#X2$HQuXLHH z^8X$dem!Eukl6hgCc0LDWBls7Yx6S&z*+fnG#n{S5@oYqm%TJ$5Z_$XKdF2TYWWAd zR4z!2BbZ5LIa^ArZ4)HS0bD~YRSTht5Nbn?a)Xo~*5EpA{Mrs|@5Rgh#XNi{vDfL2 z(en#lnWnNHyfVQn^Z30oApjyU@4&nt9rNBaiXt%Yz`O@7Phj4A%)Ffkf8%8Fk~Y-d z^?7tl&NwjRq{ego+_w!*=sjSI<@&i!3??{W=z^tIp2sN3d4?Du2*r{-l~Dt?xV$v5 z2267Xk0z?&0bHS*1vls;vW3cfzNe%VPjJ*tM zM2Qlj`&?yLD55Op8aT)W&nDn@d1n{qa#BLt2FO`xb4abg_l(X^SB1bD*l){dfLkQG zp9#@UIbzkkZSEj2q)woKWmw5V2S7D2Kvs5zV#PWsu~vGl0Z9QQREX50r_oa`u?G9! z@)aZ#hF~l=Z4tksH?I&OVw6FgZ~$jCZ`Ut0QD;neH0)|04g&on!T%64ASGyWOIiG) z5*>=|Jg2O_CQsdn-_{Ilq|7k`tCv$fn#N&uI#r(qS?k^CrT6m#69{@EH1HQddpJi= zEVCAYwM^^7U5X0GMWexR@4S$vt)%bfu}DS)$Uej(J%)G}%~ia@UV<}qXU)Uc?y)QJ*fL<1bzDdDR*&yv@Pp{xbxQvEx3nkWIJ4Y`WJH z`?mYrj5jT>nYm_aO)O3`)V#3GX!S%0-pZ(`!vfxDlVV{S+_FpU+EfxW{WmXS*+n6} zw+(*d8ZSlB6t}L7^SLWdU0|%r9B8tl?^qr@U54goLY}U{a8>`YU7^8d?Gsc)3KCxE zmd(zaDF18YR|P>_{4g;)D#+cmP)UT0$TPS~Yh9i$9Gz{)+h!aax5d!JNH7=%gJCcj z?xDf(tM|2?(NzjFJi`gj?!1USCXsI2$hf*_zvxZ63amY_b`RD*-WwQLdtmK@mnX3H zJ!b8$W51Cr&_XNK<90z|`-P7yOx_~05Tx;Vxb@0)b7mW$u^u}UQyV($Mj)$XGi`)* zdA<^S`u^e)6DtV@J#`6H>v2sx(xgH*Q^;lt*-Rj0GwoeAQ{`6JgsPgIjOsz~{x{O6 zITnVhhf&QJI6I@O6}C8cJJ!Y2i(L)vNwuOj z(Cx%c+A*y{iu7Wzzh79 zgsg|W3mzxFe{FuCNbR}kruMrJcM0r0u=j^@hXwW?*n42__p(+G?gR6@bhAbX)zeYn zF3RxQ)95vW(G4Q8Od>jGc#Zll$~za^DU!FyT%j}(N;a6?0V!gDUn}1Ht9QCqk*MZn zKB@+6H*?+cxo&&>CSd)o*RXQcuDz{YG3IcVpf`+?3^geM=vgaN`38Fy>8Y_wz_Lt| z+5S3x>I3@R39}2&GQ})LYs)LlBaSVaJSbFQ6(C!Z68xcc3pRZb-4&SZuuIC~LWzxI}8>H3_%{+vQt=D<(S5>!Ms6~dQU$!2EL<|d!0tAruQ)+u6RU`zs(K>hiK;0gJ)q(85mILDNqPMl zMftysBc%(`Q+ZB2S3 z0+d2QO-DCp%7r(ccG)Wi4jet_hz(kDHw3#PJjEIHSDASRnLn*kL9G|>y@uMROV)}E zk7(SGzhuc@Dy&5M-6n}lwpi9Gqp9(>mDN2tq?4;L_ z-yLZ=WL3H%nybgpj{ydHaKKQ91{i`1&>2|Q?5Jn)q?7lOJ6)`UJ4!Im++MN4-K3Od zuWdPp)nj-Ezia1kHplC7%N7G(XV4a&wyPlv>B~t!tpi&;p}qrmx}m|)CCVUMpzQs9 zFH|+`Jug>RFf`Z-ecO?zt>BnCdMB_<=Mz|_?FlT?-cewgfn_$j2`sby)jqS#z$=|k z;FY!~@Jf3}fma4z+2|(l%Jx?e$18`Gk-DfGUjZa>`CFl0wu?(`z=!=(8AqigGWz-M zbi4t)Xg{KH2ngLlKq#ScxD5OLFT*ZlE2@ZD@lz{IRxXc1za=(SO`-~oC92o^jfcHZ zl`s&vT_TyLmK6~xGMoX%MLhva98M|z{r%~c`10w`e}AgpJ^lHKxlyi+e)=L}tN`U4 zv7)SCe27#ydYKH!qa}*-1e1keQx$R1GqFq{MbQ){3BA28o7Mn6wZ3c1rG2oM!7C9Y z1(>LSn*&O^fNWz~LnLPJ#I^B_8{>~I4)>kjarT&>^8a#UhJc?&&mrI^1pMqlz|U77 zdAl86`=8JLONN~ON)(+n- zUs^(YO_)1OrUK*-9d_4lfaf?t{Ela6<@`ie!XFDATH`2_CL3p!bF-(;qEdpnj)g;u zfmcWih>m`SI1&0y;Tc>wU183OvjZnmd}6B!3Hl7=9WMtgRM!$U3LT!k|EN3iGep}R zq+Jp8R#ZEY+=*TnV#mhCOM2{GZQX|?=NWx1*Ugt6hnmQJ0EL>!p(b*uiM(Gmk%cI< z>(X}p!7)7?enGe=u%bW(&-kv#0 z$~=^QdCjSt8e66`oF@0o$)MOfnOQfLw#=-9R;y=2imjdzblYp%eX%y%qU0Vx4T#6{ zsD5gdbR+z;%lu!(7mT{M(?I>)Xp+!dsTxY4) zvn7h00%*6~C*?iFFpY5}yRqM(01Vv4Fhdg|N4Z7(ZcB%C`d_G5p@b0rw}bFM%F-ny zo0Nh4QTCulDr4EykF97nJ(^ktOFWyhOjq%2wCH;WB^*u3gjRECdz{tF4_htKr25?E z9roLCB_IXMP$Fl?htIJayMH1np*nx_Con3idx?VAW9;mI_zMa>gSmMm4 z32SZsK*t*$c)^-N23IIUYy-Pwr##nMrfNj%42KJZV|`zGAA5VhHs8v@wbchuaBT(G zR&Z_Ymut&ED==v0JJ8G-igG4U{TrQaqMu(C{roqbHMDf|RZCZ|jqlXh*>4S%-E6jf z#r+y(T+JJkMX9Dq41u4Phyae{C1(dQn!`NF4%Els7AFaqRi^;Pv0#$aye>^HmC$<$ zAXMMD_8Xn)-_d6*H9`HgLur?z)g!w9kNH!drQlj=rZXftBb|c-b-&pGpbQ)o#=ir{ z=o#cUbsI(X!w?%q#3%vivrx~Z{#|Km)v`*I@MesC6B5x=4U)6!he6hod^JN%AfUYW z=1^fmF8U2ZY01kv7la9BT?ggL{HbmEwc&*lU4K)~KBIu;1kCOLg3(f8?Kge6ET||N zM|X9Mw0^h2vc*vU=2lBlgy(nK&LOCjV*<68YK*t$Po1Wy@%elvadI1^>iaU-rGi~5 z*roQ*F7?&t^?iMEO)1N~sQ#YJDT~lVUBFj+5hVzcJUw_(&a`?LqXenXwX9VBRqs!V zP*otpBx86LB&i@t?TI8c-l-QPsUS%ON$Ts6q?`wTqx(>5w4wH{(>YR5!L~Hla(TlX*Jd!A?cC0;Im*P|_Hwr=xoE%$b?PdcwFla6E}8rC>D@R2l{~38 z(!f=-+OF-Hc|9l-yH9&j2f%fnrj%vo9KgXmPm+lid?i0y!^G)4cElqJ zd2SHu#fKoGImtX%+v&ZguIoEJi>^=9 zq%2>knK@td!O)oh@B=zF8lcAWHoP8c4BJDWQIrc%&cxvu66R7WXhPjrA%aV|Mqq{z z0U5)K1!8T9ru#fOeR!?m<(J^%T*uh7f@+!}G$l?fXH1+wuh^R4INXWjP}M2g$Y)sH z=VrPK<*yb`p&C%Fgw08)-WWc@qWk;5xxFwy)XsnX{< zeq)LjjWN%$m;I}K#p*CbTM~R~U^MRk^MI&WcX`>O=el2rHg!0RUo4|Py5g8u)vCL! zKk9>E_X&2NVE5TSyU$neL37+m@22ouzluIc7D2MuSIJ@%=TeX?f@BdSi+fzF2lXh) z!|a(fX1gA~qtslK;k7d{++JjE$n9?1y3?)0=r6#)WO3nrp}!dL95WPUl-=3OTJ*Gb zT^r}JFRzbnKeq2>>Kaxqy8o5*N(k_7VlRQx(MU;xj>Q;ufs@`3lC}RjZC};YJG%E; zZde?14sl|y=g{v=d86A3Qq57OLdGCqIU#~V7mR!^v!5tyzSn{`<{+1q-UUOxcJ?Chi zCzipVWlNebmLR2^<5_Yis9A!Zt3*w3T6TGhvt>1;z|<<|l2m?%EBfS63d-{`HF(Tm1DsZH~R zrtzYuh^|t(udM|N1Ps;o7RL!CDM%R-0zZhw&S5mKv}oz47gPWfz^UAejEI3DM||3z z(pPX;5)*}E_kN37i{-rYq}1hUD0_R+>fADZ{e-l^+1i1yj9rsy>LW|RMr|RiR&<5q zI4MUeh_l~$uOmohzV9Mk1viwYH9`Tz)$}sRN@sGbQ@4e7&`m<#+|l#8{e&*wpe$PY^6pXB^i$?5$tWr6wTxf(7NRo9 zMl_O9As6pMsiB9B7}l9jn?wv>t1i@7WyG-lwG}a345(JZ5;3gblo7+c?Ed~EhLy9r z(6xL^_5;CM; zY^0xxe$3c@LrFDWwKY|9e7Cx~YU-;-v)yQ=HD8Au4yGVNLBt;}hWra%^ABRa>|P|)Ua-9gw`4VxRrj*UTR zaW;Bz`tHrOd5oY6mxVG*L&e_82+7zes0QfVg4B*k(~fX~;q}6Ha4TP(hZVHR2YhZ1 zNb!(mMhqK55q4qkDTvE}Sz@Dh__hDb{Ha&`E`;4Ga$QoT2`2Ii@CuY$A&|ivWGnWet6UfYbPb}j z_KQBaF3NN^TrW7PNDho;Hd>KFDGL`$8TqhL!4kU5+$*4EUmxg4UI+QA`LoTj*Nj*$ zivFwY34&Mo3UK^I(jdLYg$-GOyu6E8P$E0*-17#>%SpElj z?qr-f<^Zo&c_tG@>S_44mRFjU57!}F?rn<(H(CKMw)zm|cl2&wqUeU(D$R6d6D)BO zGh|79@!PBRbFj(AGo=u}JO{?8rSwo|_VNyo>v#;TAiL4|hWC)H02y*8UOMtl3u)XB zJVQtxm(l1*p4f7KIY&(DNPg%KCW&2`B-CXavz){U+Q=@UI{K^ZsA-%q-?c3iH4vO; zidogOVW=?M-bXBozMI4VW;Z@U%z2K$$E&vvLx_A|z1HP5#g79AIR!I@(cJv8m?Sp3 zY1KHbKCcaZ-uitnbYgR3cK9J{tKK9*K}QZca?p|YO-D9Q{zi_-HsdQEw?<)t(yagv zB-6dP6Hmc22KbVi?5BDLN!`}rT?JTLgQpD55o5BjVC8Hx+;G}W=TSJurHZ!Mnc2|@ zeYCc%HuT7j*;%2cM;}0;rbnph5o&roNKFrS(T+Jzko{)Nj`3u)$d+vrLqdc;v=qU5 zypYcvbVFO2h@oR%y!RP!crZ+H^+Puk_A-Srx?qS~4qm7E$+I9!uoLaVP9&qU^xgWK zn2BURf32bx3@efGs%<1P$9LL@_^fFkGMeqkJfy>x&UjyeBa=`CMBrA+-3r3XW zJnIPM7oA?qHVydRwqLY>+>!;#*z_F+sM=J6{i)t_us;R+)85&ijB~%4`KifJi^r|h zEC0J{@}4F*vRoW6>~?ZR-HTuZO`cNOrKLr2OF5oT2+byXBObf}2dW^ux>P*YWpdlM ziH|isjW*_(YqY5?$A6iEDW?yhV9E)moM6h?v+}HkLNLVO;Z``>b1G~;LdcjHI?15< zE^u~6S1UXSDkzA4DWVrQN?Hr{Dsswe|s^Hq~<%U&r?V~{+4s)Z?Rs0B_g zL(TB!b(6q|tgzztQ>#5pW;p27FDqIxuSo%3zz)s- z&%yWPyJgU zf*7=CE?F?sAu*ogftvRu8r$xLc4U#Ial|N2RoiO+GROA9dNU7|-X32@F-XW=rSA zS4JPzT^MjxMC^>#EL^Evj=7lyk8zzrmej^I)BtEw$lwZPh&h$Gp__l;fQ>2sn5w>w zVJeukN?V(D=R_Uq66jIrHqXl#U!_K_vDj8-krf>jR_x|Z%GNo7dnhB*qTfE{WOhTs z6$rL%x-ClHWgWEO=n6%Y#Q>5!RR~5`P-J&fOrc<&Cv%)61NXYq{5TAD^$apaTBb7E zAgP`K^Z|GoCp$sxF;RAQ2@C_~07IqM^m>ezmN^YJUG~gL8a9WT|GehZZOpVxX}C$V zXHJH}b0;(FHgZ~K)*-m5XG4RhdPbN%y{6s8F)foGZ3y)Ms+Y_6nnuljYz9*G1VO!l zs;^N{=P<*3ZoSLSGQFY-v0&|jPqf7KOo}F82|1V{)GkWb8nzQ|S7|$!$fur(A-Gsy zcMU#H3=X#Lo!PqW7H(xutjwJ}V=zODyA$venk^~4k-y%mzY9bvE7ln$bG)cFj#w2O z)tG=9zXYxtY;tS#UVSSK)&c?5{259RpIt8vWFD9cX3 ze|&#*T+E{U>I$tfy8UDr$<_Wg?bg-*k3Ag&YJnQ=0EZKx!}PD-G%WuQa+7^6h@z(o z`sTT?jLveN5ybhxA*%+paj%*`4@$(1mMG2>6dQ`cFeob0`S+(~FHe8|`&0G)>Cbhf z6kqtjX4F)70+XW1x1M^>En3>zfO%22Ai2|wOR1-BjHu7wNsCquo;|y}@l%NbdmLwB zj|sPE)q4*9rr>Yd1AkMvu2E={FoOV*1t!CIjQIYw{Jchq&qX)2-v@EFAYgb282|a~ zzoufazx?H?79`*-K~JCmJgr4k22o@0Zto1DMi4cEsBw>L_28i`en}!W*R0#4cb!2J z&nz`ax~zoi^2kdXTg>~2*zW3>0CwBXcNV{Xc8qMbtIl9_gGhWWDBU^3Yh<|*qlUn9 zv5_Nr*})Y`6BsEYx4MJn*GfY9b^6p74ont~Z0Vkcd3r`y;(Q5Wd5N+mwU}C6Xe5-h zE!q>1d}*8CCt&dfr#{eC_!th*`q=j4x4y%^r4dYUX4#0Yfs0Z#mRB>xvk98dDQnxA zClZDznp~ znk6*4iP73NR~~U}qj2k0`}X09a$XFE)KN*cr`Csx8$$74o&3;VI|DBmls9?#og38- zQ}WIc(bqAiD+sWs$^Fq1<*fd3E>1a)pl8`xrdplm8T~6vAhFS0|3lQlG7<#4ct#gT z=|GU4#<`&4be^4(44=-WtFW)?n?{>t0D#kZ1|Z2WfVy>E^PUP)<|Gj+OEO95Z2=G0 z_t{pK2A$L^z20KT$49a>=p)g%dkj(ogW{w;S`7YQO3+9wevtuf_qrLykdG0S(%7QZ zvnv$kOnmg;bhZsDwQW$>SST82@|J&guDkH#RO1W1+p{FKjC2k&cp>ON^OF2W5qLLN z=YsOfYbM9c;Szq9sP*G-M(gnx2D&m(6QmF92fRWw_XI5`E0|tFb|a+dvn9mDd0XSX zERbIk?BIBF?~)LHb`^EW`L-{Ej1ob-9nqxSVcRgv&??Owd$n(1@euSmI~9~0#iyz> zTU9*J9~sA;>e-OSQUm|w$cz}$fjvdLw`E84S}66=2T&;W5lVf8QXl(O>O*@>{f*qZ z;botBqlTNTovLW_^=g}m>Ff1@X@sQ(eNG`!A)&6g=q}N@u$he$yfGi;ps9jP#t93O z_k23LLi3RFltKY!!QFiG{9q2PgxCcBFQ? zVM*8TthZwgYU)~mL5-u)1K(11lTa8tHvs6yB8?A!(p?NhVrNp}kd(rd#_s73nsnJu z*Q7mqDv-Dpu!_z;^khX1=&U!3X+REBR|Zo@|Kebe@ElalZ1kX~;W=6`7~6|*cQkdD zs_JNyA`)Y=7{swEUzS&iD27%-2fI?i5Z<%Wrl$*nWpZU zfoKU?rsQ8tcm|V1sS0OT=N#l*dCJTDq9+eMkMM*iJmCqC-}C~0Db}h Du0Z