Skip to content

Instantly share code, notes, and snippets.

@taking
Last active Dec 2, 2022
Embed
What would you like to do?

Longhorn Installation with Helm

Prerequisites

  • Kubernetes 1.19+
  • Helm 3.2.0+
  • nfs-common (apt install nfs-common -y)
  • iscsi (apt install open-iscsi -y)
  • mkdir -p /data/longhorn

helm update

helm repo add longhorn https://charts.longhorn.io
helm repo update

Install

helm install longhorn longhorn/longhorn \
    --create-namespace \
    --namespace longhorn-system \
    --set defaultSettings.defaultDataPath="/data/longhorn" \
    --set defaultSettings.defaultDataLocality="best-effort"

Default set StorageClass

kubectl patch storageclass longhorn -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

(Option) Longhorn Minio-Backupstore

secrets

username=$(echo -n taking | base64)
password=$(echo -n yourp@ss | base64)
endpoint=$(echo -n http://minio.minio-system:9000 | base64)
accesskey_encoded=$(echo -n longhorn-taking-access-key | base64)
secretkey_encoded=$(echo -n longhorn-taking-secret-key | base64)
cat << EOF | kubectl apply -f -
# minio-secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: minio-secret
  namespace: longhorn-system
type: Opaque
data:
  AWS_ACCESS_KEY_ID: ${accesskey_encoded}
  AWS_SECRET_ACCESS_KEY: ${secretkey_encoded}
  AWS_ENDPOINTS: ${endpoint}
---
apiVersion: v1
kind: Namespace
metadata:
  name: minio-system
---
apiVersion: v1
kind: Secret
metadata:
  name: minio-secret
  namespace: minio-system
type: Opaque
data:
  rootUser: ${username}
  rootPassword: ${password}
  accessKey: ${accesskey_encoded}
  secretKey: ${secretkey_encoded}
EOF
  • 참고) standalone 모드로 설정함
accesskey=longhorn-taking-access-key
secretkey=longhorn-taking-secret-key

helm repo add minio https://charts.min.io/
helm repo update

helm install minio minio/minio \
    --create-namespace \
    --namespace minio-system \
    --set existingSecret=minio-secret \
    --set mode=standalone \
    --set replicas=2 \
    --set persistence.size=10Gi \
    --set MINIO_REGION=us-east-1 \
    --set buckets[0].name=minio-bucket \
    --set buckets[0].policy=none \
    --set buckets[0].purge=false \
    --set users[0].accessKey=${accesskey} \
    --set users[0].secretKey=${secretkey} \
    --set users[0].policy=readwrite \
    --set resources.requests.memory=10Gi

custom policy 설정 시

    --set policies[0].name=mypolicy \
    --set policies[0].statements[0].resources[0]='arn:aws:s3:::minio-bucket' \
    --set policies[0].statements[0].resources[0]='arn:aws:s3:::minio-bucket/*' \
    --set policies[0].statements[0].actions[0]='s3:PutBucketPolicy' \
    --set policies[0].statements[0].actions[1]='s3:GetBucketPolicy' \
    --set policies[0].statements[0].actions[2]='s3:DeleteBucketPolicy' \
    --set policies[0].statements[0].actions[3]='s3:ListAllMyBuckets' \
    --set policies[0].statements[0].actions[4]='s3:ListBucket' \
    --set users[0].accessKey=${accesskey} \
    --set users[0].secretKey=${secretkey} \
    --set users[0].policy=mypolicy

minio region 설정 image

longhorn backup target url 설정 image

backup image

minio image

@taking
Copy link
Author

taking commented Jun 22, 2022

(Option) traefik IngressRoute

cat <<'EOF' | kubectl apply -f -
# minio-dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: minio-dashboard
  namespace: minio-system
spec:
  entryPoints:
  - web
  - websecure
  routes:
  - match: Host(`dashboard.minio.dev-t.xyz`)
    kind: Rule
    services:
    - name: minio-console
      port: 9001
    middlewares:
      - name: redirect-https
        namespace: traefik
  tls:
    certResolver: dns-cloudflare
EOF

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment