Skip to content

Instantly share code, notes, and snippets.

@taking

taking/Longhorn-helm.md

Last active July 21, 2023 06:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save taking/95c6f9ba807e827ff62724b58464fd84 to your computer and use it in GitHub Desktop.
Save taking/95c6f9ba807e827ff62724b58464fd84 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Longhorn-helm.md

Longhorn Installation with Helm

Prerequisites

  • Kubernetes 1.19+
  • Helm 3.2.0+
  • (All Nodes) mkdir -p /data/longhorn

helm update

helm repo add longhorn https://charts.longhorn.io
helm repo update longhorn

Install

mkdir -p /data/longhorn
helm install longhorn longhorn/longhorn \
    --create-namespace \
    --namespace longhorn-system \
    --set defaultSettings.defaultDataPath="/data/longhorn" \
    --set defaultSettings.defaultDataLocality="best-effort"

Default set StorageClass

kubectl patch storageclass longhorn -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

(Option) Longhorn Minio-Backupstore

secrets

endpoint=$(echo -n http://minio.minio-system:9000 | base64)
accesskey_encoded=$(echo -n longhorn-taking-access-key | base64)
secretkey_encoded=$(echo -n longhorn-taking-secret-key | base64)

cat << EOF | kubectl apply -f -
# minio-secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: minio-secret
  namespace: longhorn-system
type: Opaque
data:
  AWS_ACCESS_KEY_ID: ${accesskey_encoded}
  AWS_SECRET_ACCESS_KEY: ${secretkey_encoded}
  AWS_ENDPOINTS: ${endpoint}
---
apiVersion: v1
kind: Namespace
metadata:
  name: minio-system
EOF
  • 참고) standalone 모드로 설정함
    • 단일 노드 : standalone, 클러스터 : distributed (최소 4대 노드 필요)
accesskey=longhorn-taking-access-key
secretkey=longhorn-taking-secret-key

helm repo add minio https://charts.min.io/
helm repo update

helm install minio minio/minio \
    --create-namespace \
    --namespace minio-system \
    --set existingSecret=minio-secret \
    --set mode=standalone \
    --set replicas=2 \
    --set persistence.size=10Gi \
    --set MINIO_REGION=us-east-1 \
    --set buckets[0].name=minio-bucket \
    --set buckets[0].policy=none \
    --set buckets[0].purge=false \
    --set users[0].accessKey=${accesskey} \
    --set users[0].secretKey=${secretkey} \
    --set users[0].policy=readwrite \
    --set resources.requests.memory=10Gi

custom policy 설정 시

    --set policies[0].name=mypolicy \
    --set policies[0].statements[0].resources[0]='arn:aws:s3:::minio-bucket' \
    --set policies[0].statements[0].resources[0]='arn:aws:s3:::minio-bucket/*' \
    --set policies[0].statements[0].actions[0]='s3:PutBucketPolicy' \
    --set policies[0].statements[0].actions[1]='s3:GetBucketPolicy' \
    --set policies[0].statements[0].actions[2]='s3:DeleteBucketPolicy' \
    --set policies[0].statements[0].actions[3]='s3:ListAllMyBuckets' \
    --set policies[0].statements[0].actions[4]='s3:ListBucket' \
    --set users[0].accessKey=${accesskey} \
    --set users[0].secretKey=${secretkey} \
    --set users[0].policy=mypolicy

minio region 설정 image

longhorn backup target url 설정 image

NFS 도 가능 image

backup image

minio image

@taking
Copy link
Author

taking commented Jun 22, 2022
edited

(Option) traefik IngressRoute

Longhorn

cat <<'EOF' | kubectl apply -f -
# longhorn-dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: longhorn-dashboard
  namespace: longhorn-system
spec:
  entryPoints:
  - websecure
  routes:
  - match: Host(`dashboard.longhorn.dev-t.xyz`)
    kind: Rule
    services:
    - name: longhorn-frontend
      port: 80
  tls:
    certResolver: dns-cloudflare
EOF

Mino

cat <<'EOF' | kubectl apply -f -
# minio-dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: minio-dashboard
  namespace: minio-system
spec:
  entryPoints:
  - websecure
  routes:
  - match: Host(`dashboard.minio.dev-t.xyz`)
    kind: Rule
    services:
    - name: minio-console
      port: 9001
  tls:
    certResolver: dns-cloudflare
EOF

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment