From b57522fbf5a9afc25d057a57002db73413b7f89e Mon Sep 17 00:00:00 2001 From: Lucas Machado Date: Wed, 1 May 2024 16:32:45 -0300 Subject: [PATCH] [dev-v2.9] Forward ports longhorn 102.3.3+up1.5.5 (#3851) --- .../longhorn-crd-102.3.3+up1.5.5.tgz | Bin 0 -> 12145 bytes assets/longhorn/longhorn-102.3.3+up1.5.5.tgz | Bin 0 -> 25518 bytes .../longhorn-crd/102.3.3+up1.5.5/Chart.yaml | 11 + charts/longhorn-crd/102.3.3+up1.5.5/README.md | 2 + .../102.3.3+up1.5.5/templates/_helpers.tpl | 66 + .../102.3.3+up1.5.5/templates/crds.yaml | 3718 +++++++++++++++++ charts/longhorn/102.3.3+up1.5.5/.helmignore | 21 + charts/longhorn/102.3.3+up1.5.5/Chart.yaml | 40 + charts/longhorn/102.3.3+up1.5.5/README.md | 50 + charts/longhorn/102.3.3+up1.5.5/app-readme.md | 27 + .../longhorn/102.3.3+up1.5.5/questions.yaml | 904 ++++ .../102.3.3+up1.5.5/templates/NOTES.txt | 5 + .../102.3.3+up1.5.5/templates/_helpers.tpl | 66 + .../templates/clusterrole.yaml | 61 + .../templates/clusterrolebinding.yaml | 27 + .../templates/daemonset-sa.yaml | 150 + .../templates/default-setting.yaml | 199 + .../templates/deployment-driver.yaml | 118 + .../templates/deployment-ui.yaml | 114 + .../102.3.3+up1.5.5/templates/ingress.yaml | 48 + ...king-image-data-source-network-policy.yaml | 27 + .../backing-image-manager-network-policy.yaml | 27 + .../instance-manager-networking.yaml | 27 + .../manager-network-policy.yaml | 35 + .../recovery-backend-network-policy.yaml | 17 + .../ui-frontend-network-policy.yaml | 46 + .../webhook-network-policy.yaml | 33 + .../templates/postupgrade-job.yaml | 56 + .../templates/preupgrade-job.yaml | 58 + .../102.3.3+up1.5.5/templates/psp.yaml | 66 + .../templates/registry-secret.yaml | 13 + .../templates/serviceaccount.yaml | 21 + .../templates/servicemonitor.yaml | 19 + .../102.3.3+up1.5.5/templates/services.yaml | 71 + .../templates/storageclass.yaml | 50 + .../templates/tls-secrets.yaml | 16 + .../templates/uninstall-job.yaml | 57 + .../102.3.3+up1.5.5/templates/userroles.yaml | 53 + .../templates/validate-install-crd.yaml | 34 + .../templates/validate-psp-install.yaml | 7 + charts/longhorn/102.3.3+up1.5.5/values.yaml | 306 ++ index.yaml | 59 + release.yaml | 2 + 43 files changed, 6727 insertions(+) create mode 100644 assets/longhorn-crd/longhorn-crd-102.3.3+up1.5.5.tgz create mode 100644 assets/longhorn/longhorn-102.3.3+up1.5.5.tgz create mode 100644 charts/longhorn-crd/102.3.3+up1.5.5/Chart.yaml create mode 100644 charts/longhorn-crd/102.3.3+up1.5.5/README.md create mode 100644 charts/longhorn-crd/102.3.3+up1.5.5/templates/_helpers.tpl create mode 100644 charts/longhorn-crd/102.3.3+up1.5.5/templates/crds.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/.helmignore create mode 100644 charts/longhorn/102.3.3+up1.5.5/Chart.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/README.md create mode 100644 charts/longhorn/102.3.3+up1.5.5/app-readme.md create mode 100644 charts/longhorn/102.3.3+up1.5.5/questions.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/NOTES.txt create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/_helpers.tpl create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/clusterrole.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/clusterrolebinding.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/daemonset-sa.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/default-setting.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/deployment-driver.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/deployment-ui.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/ingress.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/network-policies/backing-image-data-source-network-policy.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/network-policies/backing-image-manager-network-policy.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/network-policies/instance-manager-networking.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/network-policies/manager-network-policy.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/network-policies/recovery-backend-network-policy.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/network-policies/ui-frontend-network-policy.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/network-policies/webhook-network-policy.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/postupgrade-job.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/preupgrade-job.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/psp.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/registry-secret.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/serviceaccount.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/servicemonitor.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/services.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/storageclass.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/tls-secrets.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/uninstall-job.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/userroles.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/validate-install-crd.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/templates/validate-psp-install.yaml create mode 100644 charts/longhorn/102.3.3+up1.5.5/values.yaml diff --git a/assets/longhorn-crd/longhorn-crd-102.3.3+up1.5.5.tgz b/assets/longhorn-crd/longhorn-crd-102.3.3+up1.5.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..af66fa115d9eff0fb0328b3b6cd857045b401dfd GIT binary patch literal 12145 zcmV-%FOJY3iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMbK5wUFx;R0D^T8dD#>gl+nvk2>#D9@x1Bug-6WH;lXTTH z)71-+kc2h`Z~#({($oL_DO^Z`BtR0B1JG=mwYgr6P&5Wx&4bTN%!mL+J4=~0AOhUXZ?r+`5cEfKR8 zTjDrIIpVJr97Y8xo5yNRF-(3=(!6e}zTOx3Nb-}@$va-eLfdxXgNzo~QX`0|jQs-b@ zKsY)6e)??s?BDZLf%@7bxZP7*{~21P3Cs{b`gMtt6fr){((QRc&-#D%my?%`_5bqw zljE@d@8bFW_oF|9HC~+pjxsRE2@+HPhm{~pv_z-i&qsg!aUe<^y!xC%63ay-Rt%tX z`F|vZ#(^$30Wq3mg1}+9zC__eFsVMnJjuXR37dDKrRgV_&*%6vIGj|CAri~~6@ups!3+Ud!kFhtvH}0dVIn!0SkDsm>A}xPwJytN z0*2@Y2Qw7GoFl;L3W5L0XNVD$A+9<+$0&(8fDC~IuW*K9kWr8=F$a%l8%d0dch{mU zCJVq*6g}ypi@>fq&sLzrhv{`bRE@cZ8n|5W@VUW$L!t3UquNLOVHT-Kas?~(W^KuF-5;}uPq4lVm7ph`0Ei7yN=x|g6 zDB%^yIBYMV21l)WRCM9joF&$7bS;ri^oLY5&;})gaT0mj9Gq6Kj{ba5^h~UeV)6p5 zaDq}#wJj1|=-0B4l^*5S7NhPjQ5&V&OqJz3N6laUJM_PZ#e8RmV5k1~{QHyR;};G6 z@5PJbp#R;;W13Ph#prW}i1@{)H~+t4geM0#n8c^xJm(o*T_H|$7NHBV9h=Sa(&e zGt7nh%n(OJabWQpk^&(h)MLcB;2L=n3&y-gECUQhbV2Z!vNf)ZS_GsfkO8^w2~5CR zXf96yBr#aQ4PZ#L3vyz#uvW?qcuN@qn9S)Z5H=n^Jvv(8tPm*?U9ED0v(1r|4tSPl zl<}h&txBBppH=yCPx`U5CHD}pQ9Rz-P5WiImW46unLCtIUQPHqUjB@^X(IRzQZk=cxt2U|DPLQ>X=jZ$LS!v#78bC_`bDxa0} zu)sj$1AhNwocL5$O=-Z#K(NtLj25C3#TKURV9)-}5Z?y{A}A0+fq0M##DL{^oua6=5Mso!U{5vaRxVZN8m+;#uTSwrOBCJk zeARsKq=4)O<~NeF`BoAP)2ou;)E^ime2y4Hv8(Qk(gZ=$_^RZG7rYcQxI!6XEkc2s zrsN`LPxH>HBA!a%w_8QTHbfH;(_4~I7+XH&spA9soKlue#A2PSg|dfyC?u3M50bi; zhD9kJvN&Y5+VY??r3l}r^A8?e zH|E1~LNHmp-}jOtd6K|cf?AfBS=YYe@D~g5=9H~qCVTbrxmS<11$Oy<+Xdob>{V~N zZM|y6!6-s$hT?ZkpRjZ|S8iSTGonNd5kCcg`{h6ZM)9Y@1uI@oCX<8Uqc>gH`unaN z^lw#j3J0rqUYF=}%@;_i*<$s}uhciITYgm{aaTV1mC^0JTI5PN7$BwhKpKcSciHE% zQVr~-@y5$aE}#l!`wom@0~|vIf&|~&tpRMuAcfhoiAK&VwrB$`ez$-dFCUuw z{%zIuA*OdhsbF>ovpbmGjl#iiA4F^rvEPu0-Hn4gh}a-vgNXh5o^8Djw{mOOrBv6# z6wl0n{uSJ~cjp|J#PO=(?GfLF`?i8uWPaT+F?%o;mMc;{?5h z7H{s*+2`(=dbDD8?sQL^_&O#r=yD+stS<%k*vf9dve|&0+Untm#E9t`b{5C|t#zOy z8pC99h31GM67}?}6D_M_Sv}qE<-ri_v4w#>wFhwqR$gP4^46CyNb<> ziL-?GL5LqnVP_8s493P2Sw_WZ8H$E&8sWRGN!N>ysnh=urj7EJj&&3jX88@k!B(veXq? zV|4q;2sZ#}jGDG%_4{O0yhRO`HPF%-Vd)C3s880&%6>vBb?r&?cUNAPd+k~uYVZd` zKN$MK&~FqDzVt0};4SP`InlSxZ!eN==dM&{F`N$Oeg|3P026>Rq_lxAmXt;GTOWdR*(Z)&HrX4$F1?6x=Rxv;-D~I9+Zy zj&y}7_*rj${DK$-ImvJWq}>G`qv>KQnn@6V4K9JX=75+ip6rZF!GZk^Ik59|+no1Y znN4-?Yo1#Du6f$waaCVx4p-Us9$c-Qz?3g(=JK*?3s{$WR~6EhaQnj`w?F~ab1S#5 z=4pSI(29u#GCZKO>b%SNEVJU!{5sSNk*7)~y1{Rqu&BWZWdiUGiBR0#VX1Yf>KBMO=@srX@FBfb34G4T-MQToinD04%}01>ev! z7_gkkR^$jVw4xbu_PFrkh)F&%q(Joya>?!3&z+~^Jlun4pekI-XrBSqqDFbfz#J3I zms)~)jdMg-f^i99@)l)FYVjP_kT|c(i{-wg?Z89_G{hKX1G*{86)tcgYzfHVO~Hi+ zE+8ug_jb{b_c@!2(E!>?g-b2gCCtj?jywgokQbWRE!KPaY6}-+kS$Plm+Q9-gxuMf z)#e^olP`ivB4%HCB0eGuOc0<%x(vl9$^a%prpaH0S8|8L>k&>yML9#9&dCRj%ANzJ*g}UP5JQfDLA|&@AZrlzl6+6 zP=;dh zR0CeU9NVh_VNL^x=PC_h#cwLCsPvt%FXpT4i^LvXv$dqReHzNag8O!#~)eeMw?0?=rkyqHHN$aZQvk2XGCsRLg}L zPpFMJ$_ZT-tl@Rmc&m^ykB9B0%fpNKekiHe=?vHX3qJAS6AwP|M&S_t4Z<@B&xa^H zw~ZkO;TeQy5T3nc-hDt>Exb`-Wsp_oX!lA4Wo)mMMZ^7?m6Y=f&%dkCe4uooGfUIl^#Y&=4Qfv(r z3lI`2RL{}q_Uxmp;rLU&f@H!FjODy4@(=Ws6f!$T8N>+(a7J^jcUB!3jiZ`ZgHZfP z@IQpcL2Ouy>f`;nC1t=8_3H?~jPq0;MQYB<_Pd*B>sJg7jCn*Y7NF5SQ2>k7WE;OlA> z4uPT|x`ODs`!G!qT|smO(bY@l-G^z^!W$Q+u^ffw_OI?WGN3SdIFSKO^|6rwFT$Jm zmbmW|sUg`uhqgEr&MO!+^Utf_GMzs1*s;-}!g#?H>+xFpe!PLs5*porh~~sE%67MV z>zcZSfW7N&b%n|^$lEGKWj>pejQ*taysa~bDwMRoe-s?2IvTHeZN z%t3{Hx{`OcB~o|I*cpk5){%6;`d@Q1q-!Unu?@0L!Uw(;QqKd=9gzdK1lD2r?+aA6 z^?3q0AHX$KG)`6lk*Fitg^=m#`Y2sTV20&|R8?rmrN)F9$+sROQH#6da-hOLq$9Sk zwRfoS@`OE7d)y=SN)C?g>LBAwE9_(rsTvbY)Cn~&4l-)(KIn998Wmcen5UEPYdBohU$!^O+x&5Yy-3Bxi`=r>MU&(| zHr^@>${Qx`;f+nkx^VmSOo{}TUU2CJmtM1Qh(-mO7G&Bzxq>Okv>?-hOuO?im9gwR zqf{2|)U^(Q`^xwKLepP#1)sC$vVTVZAAz~{Kc8G)>B8|GX9U_%Sc^lSdHZrOOA!J|6DA-sWsuo67 zU*PPVu2$F*{OcGOLa)&L8k5LRkPsT93zQ~wvqEGSx02a+EZ+6CWQBp|M|sB~j$Nnn zbq{a|FWpsmX}>|FZMN7bg;GIk1UVe>jgHWU`qGGO^oO$cu+b*U8I#6U+gIdtTj)C1 zTRV$nWV}pwD70=4%BWV;V z6jE!n<0z>p!)vE&!R|Ae!RQ8&Snh+kV0euzmk%Lg+jueo>vl|K0@mOAxHe|St{N|& zh$7pyw=X5e9L^H-no*LW<{AP$#6nfr#tZ1&3C%@XxxpkxYs)9hBaSWa$$B-nyw?7g zftV(AQSSBfqm5DxJpE_p?KC@Z3p#ws9d18XbXILCxk6I#dG=>kn_& zr72ww*N$sYioGkCWG|l&Z*;pz@z@~oK*2FHuJRi{NPPiV1;u*OXAkj;$8kB{z}oKH zx6B6YPJ8wAU8gk=k?#AVhBjgseS>OmA6m24jS^Z+)&0$)?dE_`S+908ikP1#lwh*x zZow6*0y~+J-|SQh86Z6fg$$796EZ+T21ui>H3P(O-ub1&sfu@{)^5Q(wSRb*`fJsy zx5-_2hrB9T9KL?_EyL1PoWJ^fHSqpva7?Ar-0#8LsX1_^ zdK{)gdn!l@zojv{kK$6JSJ%e(hiK#O1UqaQ!YVFRkorC>FXP6fsHQ1usHD77{#P=% zTdMxxF=gtbionRjnurPlHCm(9XPiBmf)7i~Wl%`y$ zIu0JA>0)Y}kzpP!l5@lX&IG_1Wr(dXDeM}?P?YJQmC(d>->26pisa#kKOvZ8%gtH# z#C7V1W2~j5y#KDQQrQ&vVzO|F_JPf9$tH1v$Tl7Z!5no*#`8u~)A@={zW?b1EJ>}u|Y%b#$aCyyjY|D7ADUi^XCaF`R($(7pPr^5yK9K z2epHtaM$Q>+iYd9rSesK8X8|)n;V*ls5xNS<$zb}Q@PEdQS+b16fyQqR2ofkrpdf+1+J1q?^7Gs{P^?MT;N4vd61Wdi z>ahApB!1g7OI*3|P}+&jx0VD~^+Ah<;rNVA&20{lcaE+@ysD>Tn@5Vr9vb3exqbCg zMn7-P#=|Y@k2`H;Y~o2lUzJ0>NB?$vB@eF)25!O`)Z^;u^5PC`q}Nm2oyIn#<6UW< z)#K+V2LnR{V5r9&450<+Omu2C)H8T8TKASaV`YOIN-)pdVVA+pq?Bc^Y}=Qr$4D!C z*4_cugx3{cD*#?+(3UQ=FOY>&<781*z?Kv`U%;L5L@;!Sx{@^qHqtZ4_Y~SFn6yqp z2wd8;k-(*!4F)dld;*sq3pj9T$)y8(_G~1u=VpU}Jv*Pkp2q_IS76U|kL?9Y8H!}C zl1$)*kxIe6tUEoVtNOB`V?Xj@{eBxt{5OV#RG)9;E<8fxa0%YMy9BR{I#x+k;#Dhi zN{*f)za?Etb)w3aBC6FL=RjSmJ;DgwE|J_ykQKpL8QFtzv6<5nf-aZo-yU6wl8=7* z+avYu(Ju$)Ot>=I=?ey15z0AY#X&;x5mL#G<@O97Em52&m@LXY#H0%RHp9d)N$Bl$ zS*3>Pne|&+E$hR%3^+uP6zHJ>Uk)hgLb6R=jgjcJlg36FH>K}g&ec0T)9hjH^0%Cj zA;ukI+#$x@C>*k^?n=h}=i~p9Sx!IvprzfDUv#M;>vkvW3@V#a&ra*FDf7l>c?Fpl zWL}VYJ!IZxUYA&Kp2=JWyXsnaa`DyqsLKsw_v*%&-|W%D--}y6hU!6U9A(mEb{=;* zv?*z~ch>Ga$4P1nS4is-j&_E)I{V$68C*CW_Rb^G26m(BHahjJ}fN=F8l|k%D~)g(C% zm0%!4Q_pVLntBF>XMI>)CyF~|bY30kVR{y<_r&_Vui!+<86&zWJLoXKiZNI1~yRHD_h}F_#ca_5L^xUS2I{cdka6~mD}XpDXi;a821TnPl=lhE&Q$yt_~YIU!usV)^uwV zQj0(g(-=px8T+xez@S|WGc*y>*{wLbms$&D$0QtJ3tOr9g%TedJ!CX}BNLqt93xMY^=ZLX}YJ8KVEkeAQnT`8ffz4L~qjDysda7nOw+MdfHyr%3C) z4VN9J4mYP-iXuGUXp>(sBS!~n9~F!@=BrM>%lLgcCR1{IU+VKRIAMYlCOBalg~R@w zpifl#M5#kOt^S|PDT~lVU4v5l5G4qbJgvQpQG!%4t(%np)!UIOOBGa~WDKu@<`OiQ z2co%*j~E5bC1@@|bNLG4BXi+-29av3u?C^jfnV^!0Z|&Gw1f_CiWyP}3N0sGF&f7~ z$;{>twhKs(GBGW^fK#2`4LAc$yAGSBYWC#6v5y!$6ART0bkp{G`l>!A7qT*s#xxUO=#7hOeErz|B@ z&zv9naA@>@_%s_EX|3^U?|ADNcI^y`wC1HO2`(>m$iFwnU!TWbq5cqec~Dm#7H3Lq z6^E&=sxU(^@~tKMq5!Hfwgq0)7bEUcG=KLu85X8yZOzuN=GfykQuTDg^5XQ}$xyJ4|Jp zKt(y~E=yk(2sVDO@q>-uC>){_LAD0j`fbbBZCvR=wg%Z6Wb0k|&*ftBcAdBHUhFu_ zC(7{Jxv$cGiqDW+K3x8}^@;6e`__XFKdJza$>P%cmP|1&7nq?aqiple_sAzjb^jX> zl@#=@^4@wVT1O>y8K*y0R6TEUYQha1j(M^FK|snG0yL6BJ=Xas4LqM3 z5HJS`zCp=G0AIqjJkNEWC*X0mr1@eAQp!1=B^$Ax6ZAxH6*?;$xW(DB0wAcc%DH5T zOnTii#a1C8luQ&|%es##12~fhvCbsm7+^sl4wJRqAu$IqNvgA1Awzm-o=j_L-aU3D)oo@HkG$91v3;u zF><&*6^#5IV;2~Vgb9(Lc%g?cT0*k$i`Fb5i-m@KHkU3@OGvS+GJ;9A-1JWGpNeut zr{omFtk`i=&7v8K=nARBiH~j>&QOhX0L}%e3*}H<&n^dOY67v(X}QOQ=TU?>7ZbA_ z+WH)CBD;f0UTe}d#mr*gz{C>Nem#u)y)lYP-7L9<8-=7c!#G^&frPwVepB#~h|wrt zJZ-f^&{|9vMe%9-GtDIZ6D+x=o;S3#ze>%coB@xx9@5v80rVNJ(gc|kL^81&7%`ME zk%w)IA=OJpD%O}NF1>)5Ou1s}ww$2ljM~Zk{I-}SU5r#PM_h@o2lNVMY;#U? z+x>T4Sr!bfF~^k1s)$|a1N;5Z*1FWlPUmC=)3=b_Tws24zJ!=up%q=D_!Sv}iyBgI z%Rp7T#$PPex=(4^Lso;bphqM$_!!Y)>v$hRVe5GF30ud**6~JNTSlcBI`HDcW~^z~ zj-6q*V9Ed<_+J?cYBl=5Q`ZHUgARK47D}EsXeM;=8fDSaS7iF{^w;+hdTAP3NqF@c zMY*?*z%$53RFYBE%lF|7gKssLPG_TUlS_B4nozLHTsr->l}lFuRAX$(rPE)^TsmGh zfA_g`DjHT8mqtHp@m^Ug_YmO?5#A8t?GbiBk=RzU(X5~d zW~Nl00F#;Aqs*s=#R{^N9 z!S)Dg8>NZ?$}LrE#m-ooA}lsO6omGKOHqB<`WvyVuv|e1|HF z4a#I;l@ce@onqt2k^;Tjd3pnA=W`~=))#@)$GBh#KFD%=Xx&5dj{qBjs^5x7q&SXp z8*hkt*pcB0(XZQHkOHRL143Zh^np}B_7PWAX`@<473)%i12ZIgFXX62Jxx(Gt+5v! zV=!O!D#*oHS4pgr%S|wmmmpTC+zN#X-XPmXXT8JMm_Id)&f6dQ@VYE_Y2f*~SO@k=IeZYQAnKgiKoLmBq2HDmj|qRlWiof06u7 zk8R=6Rj4jEF%$eyD^tdZci=1gca6U^5pKR8ViUnA%VAO?X%g6Ni8VoY!@Pe+kTHWq zhgIP+Yp~=C;OzZnuzG^k6Re)mR*zmv{T5HDykFanEbK@&muChRm3s6~&3jGbhM-&b zDT!SjA-nNx73CE;*& zza0$)Dk9o8twvj(#f%+db&j62OBCI3+mQfWDa=cp#0*)IE3y+wDBAq^RF@5XZMN^rLL3=|?cXwVeqy6r3J~S=F-PQ!wk^MPh}52MlEP z6L7eF~U(IS|Mhm@$mz=F6g!*l4D86kAoi2Ku7){y~_t=EUp> z>eWWQ$@YSI8_e5a-ujxi=F0Po>a|5p_fl*E@3z(kGR9tNiKpPw1A;qEhF?8{bZaa4 z!MEY349yW^^1P=i)@4M&bd=2F$OV_d*%lyXLnExt+C=gWc#fG%VV8a%LSdJF^9j53 z|CM&>ySL%baf0l(1a-iZ84)`+{D-8ud}vub^_&-U6)!YQnHgO081V#mdL4 zH~X}@Yf8KapkV4gsH+WBxX5nF_FN^PEQHEN;TeM&T5L|i&uF%!RNZEOtNt%WP-(R1 zl+5v>nv4Prj%u@0p;zKw0h`atx@KEsua6L#HcX z-S7mIJ7o90x2Wf^jqOuR7@g%jBZ%{XAgc;BxL3{BgYsLVC5rO|#fEY=42y~h{q0fN z%A;TY_DFqy^h=#6MF}6=j3Ydp$fPLpJ-(yo7)2d?#=OWtOf~>!8H|?FNVXkUqbZ__ zzmw_xHGCe};klnm3fP@NnnK|i#oz@BUZ6(da9(bZvHOs*|M~d8rUKXxKRnX1R9KUb zp8TTA25I|HPcRPBHb~nbZSN-LqSl&cu*Gs1liPKFok0@MEV-^-r_!k7cHh$2;@d*R zcC69_uv=<<``O2zHiOX(BJs80G#3o7k>&6r7Xs@O+sp5L!DF)Uzx`IZ56|gJtPjDn z-lA+tEobGpkSCP1ov;&-d}(jjn}Ed^ocdrVX6qXo!31ZPiQq!1$XvF3njxM|(0oo= z+p#>6I7Hbb5fFXRyp~MIi}o7N*Nl=3H8~*Yndvd+H`gdZQD!?Q%NZ)`^t`)$=ZHjX zlX~BVi^u{K6$9Dghn?pT3bG09&v1&@axsw^7^oyC*PCTcqWxI z6#wYtarVqXykJlso98zcsvf4~o#WJm5eF^wRJptPN%GYUvA@o*P@3QfdTvam^Lc^^ z(v`22?;VpxPkiLBj%q?xDUKYDQHIzG6I7g0tYHa_MAQPTsy0VZh&nvP_~baEc}N5HB#_>k9r-ySf3FXrkiXY_LjGRJ-)q#hZk<$d3V&~cuK2dk0B#*> zZw6Q}w?czgp@Qkk`OZR*r){`a5GkIIxPF?W_&SOXiEX+Hp$bp6hH!rGv!t^pWS zIT{W4ma?0K!q_eDt$!VjvNn+6EY)amX?>c6WDBr^|M_I_=R?LByS)RW$aY zLs|@Mtdrk^ex46H`F>~nVquT)6j#-3{Gg}e1zIo|+qa~5?ZI}q3&-*CQP)EtA^;AO ze-|iaD3Vc4KL>)m=JHC#Nxf;LT_u+UXV~}7hO+iJf>wztUKq=JDqlIT2<@wR?Rh3* zI7RWEq~PEEZgZu6s+69UOl26q;aoWl&dRnF^hRoV_1TeRZs4M3NF&``C!9m|v5|2O zP2hdG=lz*+z&j@iSn`rUJ2%Oeoz%=v>c~*Cy16RK7P(0kHDtmFTU7}{9lkD?8skb{ z3h7H*r7v}G*>(z3NMhP9iK&Cw_C%%*J+Yn4)Uzx-ZY8v`(*7kXmuXq)1CDM`X0;H8 z-d{Gvs97L_ln=zM@i#7u;9|0n2e$p(NS3yiI++`QqvF(H9T4Xoc3Ee^?@rOK)Sj6BL_ldI~-kA$~lcBPJ*!rbhY8 zC|f%IWQhsnF`PYVc(P1sQ}Tl@V{rgZDP(XZZ1xU2clcZ$47Qn*k*f9$ zP!(p{H(Vn?PnSE4+HObdP(Q63Lg#1K#hkXW7n9E9SVbPRp3^-HtfwpX!zh63^35(L zZFQ1#vuUrZICsdY6=3`1-6g~B3a42qbcG_yVgSiTU7@M3Y-bzgq6YIknd2lGyb3zK zXv6xTo8ps-GlBJ zp|uD5ixqlf-!0NCxQ~t@dZIQ!91rp{gC1YAdV-?-Z79kdW|+^hO+B%8=2G!HB*doR z$t`s`lj0vNAqO*rNClt=OV`!fpi_lX&%{szoJG138Lw(OK3QJ3T*x*jvfYh*SB~WG z!t<~CRAS$~S@u&tQ@$ nW#;_qLT}@kZK`leU?JfNPk6%fz@GmX00960u`~h(06YQ!Dc zVQyr3R8em|NM&qo0POwib{jXcFbvP%&8xtsGt0I{O`Yu-?VVYlBFTv+w#+5T$+w>* z%Lcna5>XTA0nm~ekDqIKujRe6ccE}-^ob`?axz=}!xp=7C=?2XszRYE7SPdocBcJ^Mpc==*~_fOk9d)xbae?r@9 zhos@jrNZJ*+js7(I=DZ`gBjxrE6SNX>>w0lg;PH2#aOA7^eErLx#AIJQsFc`M2=jd zSR`Lhu!_fxm0}_k9a54UB7s>vCZe%eLS>fXX~gh^9HQ5@?Z%?l`G7<>L`cfnA$t1v zuhC9#cc-@mVey5r7YpMvbnV2H#8wK z8r_JZef{NTXFwF*X{=>2Q69x^@1-6D`fs$``)m7f1W5^ }I)g()@7$RUc;Tq+_W z#d+FTEYGA81WyWZc6tZBgAUH<5AMy)P6uaM@DoZTM8<+<3f{R%LsTM+5-OFTgItjW z4N@LoBdNH+BZ3U>(U1%DeLf(95k+LLGv<0cW2G{AxV1H+YMc*xF`sOCzU0SBW8I%C zD)4R36wf6QF=vV}1vO(954W&Tw_IFrO|Zs-p0Hm@tYp!wZfz^(DHr}-q~AsGu9vY< z=bB7!xk%(;Cn_)=xe;}uaI~Gsj90%UH#F9tsf;D^(A4{&@<*(jnDJSreBR@e4!Z?Cuampn78=u0zx`*`qgaGDc& zF9N{q{eO3N|K-c-{=c`g{kZ=>#PbB5kRi@fg$w}zhxQz&^8{UusWi;}e~#X~j)q)J zu+sc}NK>Ki ze<8a^Sa>eTNVC`JA?kMFtKE=~&BkVGAoK*CGTkdu8cxL#PE&qc@JGdw$Qj}csWCwp zW(!6M$x=Qg3Hs4A>b6VUD1j!ELo~#xB)+FBo)Uo-L9exhfEZ5*(!5vM63TpcvXp)z zbWQXSihY;MuKk7#$`4T&B#z=W84gLT4pH}C<4@8}SPIQtqvJ1h|5s~Mts1MD_A_MM%FW3G=C zn(K5J0WqP^QyNnOvsRn?C+O$~)6@{zG$Zm5UGK?FB(BLW{HvusBXo7I_hh%zfgM1% z<<^lIq}e##fCb68q>5__x02!3gbKk0Ng`K~@~FD+I%JK!Jf?r!?Plf1-FDU7dQMkv zIHxUbI>F%09U-p?7|q>*JaN~)%0fwVM^+3t(=@PRf6bCa%ee9^<3fFtvm_`+^Ua=UTRMrYl!av$NaV?jV%qX$p*YdWg=3=Unv#k%XyE zM-rh`DBY*yJchs8z5lH5XS2_RIz%i_wUS$6g0pK_nIh#l`39$&e~7bw3B>7^pffN1x#;}lDIh?K}l@$!|t0x-x&wO_n_b3K%OEbv6y9>XRsNS4wV zAM>24L$p_XJ;4gU<}psGnjUK16ZR?e1PzE(5g87-P>8EB5w{dJE};c8I&nBYAt_P% z{e+GLR=Re$$wd*mBnq9sxZ*P&WDpACyH9v(JVi)~|f@)iGG5V? z7`f$2(8(d9Bc>M+dV;!E{OBSsP}fazH<;JXn52`wAn&q~zzG51iTDQ}l!O-`!;WRz zTKY+ey5L-$P+^AYSaF%$^p}8*)<0UFRR0k0lj_G#S>gjJOV4heU12dIwt?`?u^(<%}tR9?Tv8Uu-*R9Tv4y{P(FjcYH9 zm1c$wL%QTcb;J}s8V)I|emu$*w@kyL#H^LKH$?OuPAMDpiHHePnykZOZz!V^oO)Ta zrPu}0+>s>3=T}?=BQ=Hd5^1#Tns#5S3bkkg@Bng><^+Giz z18Od!LYSpNxu9wqU+=M9r<^&)?>`GnOD}Dsnj#3Jay%hS{fMb5Pi@SZ#y(+= zbS}ssr>Uku4PSuVqNEwKA%_b?1@+=~;1|R!4WLLztfeXG^F+cv&<{ig&k;;t$9lPYmep6CT}3hI~Ty7j??+m-F1 zj>@o*R<3V|nAS^;ax5@Ygd}HW9qG9L&Xg$BSu5XYC}oUOB2L{7pv!TQjWIiN6j>0w zS={GF`*mDEmtdn~&W2P>0GY2+EwcUJj?-N&0bJ1u;dzDeYo@8kF%llzji1gY6OvG@ z40AdfDk2>2-5k!SeJnWpl@A>KF0i*6?j$S3TSAjv2fF6vl*QjEl^v&)FjX38%15us z4M{_8sF{TzQj_l+qQ*Qae{@7tVr8%z8o%A_>aiL^vlBQRrUl+D?39hloWmlZp9{}~ z^ujpisb*f3jT~!#C-p`{l%O%NuTCcD4OYb4+Wg)b?z>jSnZ6Tg<%M+1)xGIsDQ}bV zyP~O%QxF2ZIOWy^^yCRT(omDcSt79@=tGub%06gm=)BVZ*(Fh%W{nWAB!2kmmk)>GFga`bF zm|ieTP|jjL(G1lXCdo%U$+WNtheRN6Tg%`znRektvuW>1U?znB-OCmuVae8qK7DQ- z_Y51}oRNR}e7BLKR7+#gHJR=lqOSP?L)+m_^ratihYofXgL!8%pkWi`8Q+7>D;n_NH}oVl3qD4?WQTHT1tI3cln*@YL|` z?6BCv!7W{moa&OT)$Eq5H6{w`tSK(@~W2~Sh zEyod-xcvd$(lkW_qSXTiIvm0ZX{8hG@9)9h6z2le9>S7JpJzjWkxIMFU?iJBi<4X` zl-Og`Tiv+?naT7A@}faAnL5v^7%KvldiDC!jL?Z${_Hm8F-{|u$^rm~8BLFd0HFUE zGXvC^IAee>nqf6I_0^a#UmSzN4mIALp}`d8lClx}9&#0iS64z=&!7MD z>68BbS+B(m%r09FI@@2kUuzv0VF}y;C?92*3K_2Br-In7!9gq~BW`dCsB?=PCy8At zWlB}4jBu=p&zfzYJTb*yae=UbKc!M3K13Opl7`DFfOHdO;GTsfu^d2L{bk_(eSZ8hlmIrHyGa7j6?COeLgDLFPT%4v; zP2!TMPAHfdR#QDSE-m##1Vd>mS3$H{DuO7-z>3Kw`b?*`1IoH?A6)v(bXxuMO>Jc zf-)DEN2q^s_QTQDDf<5Of8a|nRZKHb+X?Iud1ku7#fpVl9Ogoei9mTam$;Sn$H*BY zBq7PB9x1iF!YFTm49h|^kI?IZ4s{_a5#!2Et|usXk5kDDB3InCrEz8sR_ZwBxso&? zdU*g?W0Fo#JjTK_kNSR9po`O^lQ*ZmNdgc}G)tq*sBvaT(qcf_fi2)*W}nx5!2TJ4 zaoFiRL9k*A$3pbqdZ*bv*wo_&Lb47XmhVZ_=Lx#hD}t&iGBzcIlL-Y~UNd+lwE8SI zb>lMFfIesn{s5xGm}Z4@X(lstJErm2dZ1|4nxn4)$&8|^T2a*i)6tHS&#X$rsARk0#KCDzimEIT4wD^`CS%6qm z@s|D2@x|U+kjyFA6BMXmeiia&1HP{7Bo1q_Kre#e8U;_$2v6!qF@bOmdXdGKwfbA((YS#e!Tym_s-fne|vR$*;60Y zy84*o|G&L=uv_u}+dtTU^#6O1C-mQD{1#bHf08(9+A_}n>~t(Qzr|E(;fUO#31zvm zK7(*VS*-lR?F-3VGewDxFVC#womPwFCNh>z1mwUB&5 zLU|GfJftK|%(+BLCsgbIAcjzho(-mejFa%*F4gB-5>g;{?okr{P}a&BfN4* z)(g(V(6a*Zhk*EbbtDmU3z<_i^e;4cu}@h1-2a7w5gV$H(AGw$P?+$5q|#aXh_TP; z4K=|cLEmZZ%oNdN8Lr6kG@CL8!8pq*b_AoOefs46`D;tPr-9SDU{8*>fIUF@keEMz zj*2(-Vifw9H!61j(na0(FnM(V3>7BPU}~Cmv~H#K=1R^@xLn1;(oo*t+bO_2@>k)| zY{~=0>AhXU@7=5x1WSjW1k6PUcP+2+0z|_a-|DW^07+%RF}n2yRN<(_h};m~=OS$! z#;heW6Z}Og24Ex4U|Nyft4>aBR9hPzH!?8Z`>P98y|`(S*h24pp+@eu>g7 zl_=FH>$7HU`Tf5^{<9Ll;3-+pb+9?|-@)F&K}G(1vA6%?QT}^~C%o<}1~~5NjgSla z8)#I$>%SUqxYN0&Eb;!-7d$1M2~jw~3LpAgsor*^X{TdPu%zap5vq#@Zky?$e<4O$ zLYPAPdi9DtHP=>gM!yw2&%k&CKgmZ$m;|G^0nND7xSOuJRGdr2C+;PzTMFi&4nj9X z3~aIPMz_=h`l;LfrPLbwshjacb~jO%+-Qwe|K**(mGydVdI^5lvb)*xVM{8ka;OQ{ zw4e#WKTfxbpFELUDIe*-tr^?=30s_ji6t4Q7Oa@FAstO{78bKcF$v=`Lq|V#H@d&f zAGl{vmC7TcbO$Mws@@FFGFfjb0o$K+BT!h8VV=6*fk9v{m;e0S5|Vl)WLvC zFKPv?BWuH(R$!K6LG#vb%(+M?3+0sh8V2Ecep~j8sGU_?IlwHuWp+gBE(p#96KB+K z?WNYC*-d1(gL?b!#B!ltCb`0z@!XQZnDc8RGvwCW3+4i+G?`JPb>Oi3608Vpmu~Aa z-cog_Tjk6;$Xbvzi-o6TKv`n=Ch7)CO3UkpS^v_)_V4hSt^Zln-cb#lqyO#f?d?_c zzn3pw?mX&$5Am$7|9xX$DgAWz8!8R~W&`;>eVcBj&P}fjV~6Or5embV33NUsB^EVF5lz-T_D|sAk&)^TLtOWAuWmXFTJ$> z5KjaD_X>L?@mdUkv-$td?tabx=%SZnI5KqXIaF)q}|9GFR65Cmkt!VilXIZei zi?Ak@WnccV#Cn$*iH(<6cx@koRK7M)TZN%g@Zitr*~J!i)|=1h@~>M&4I3x`eb4(_lt znP8R_WutcVL?}v1b3=!S{L_P0xd7Qq`KV`{U{Uv1$yqmqHA2y^rM7}uG~W%U4lCFw zQ6_Xy@S(f%gqa2xo-bS6OjoxAS~XJB8iA|?lUf+sYP}|~OF^I32y+;bYGHs&m71V! zj2*Q`s2jptEew29-A0U;V^ZA%>MKFB7Ds=zViWl5hxcwwvx3~3DpO->ZAJ9ZWyl8o z{$YYD{q10TJ7B10C#iGDdaa#Wt(Y_Gff3z~XV%@V)%8ZPc~$pnRRxLpjdMowUj@Ml zt%btU&seGKTT8iMbxuKJfnfJiWozJXJ`5b*}u zgxmyeK-4A^%VulLrP@l!%~q{WCU`unlKx(=6$G4as(FLOR!Rp&EZkZ-!81Iv!5zM# z2^AzZHvn3@ibf)f?d6ZAK2<8CAx()aIwS0+j->wEllSLGZ%!}!N5`i@TX3Q5mEe=| znP1jB^EPOZ`JGC*#?%JENhW9d_1P!`=&flJ#!syo1RYu|-;|V#(6E`M% zGgRPnAwf|3;i?aip+$9l-Q)JJcbnk(FwLy7AQ-h5<@tr^z6`N~?CAJ}+Rh>lAdujWo? zJ?@RERQ@#v&6;HQ@5LnL^W;W|pa!t#55;^QuJDpeAHxZNj)` z7^yuhRzX-5Bp2+}&0rDyb;dZVl>%IRX-n<>JWck0<5L}3H>JBD0nE1l@9n&NS-t=D za_2Gs!^1p{yc1#oj^5yG)`?? zXVXY~so3HTb za~fqliEhV)RZYcFUdq2UXJ89LuvX1>b~dm=uQlbOBF;p_Srpr%z`$o~wX^%V2jgK= z?y{N{@i)%MiuTW@_SZR#)(mUU!xQEx;kOLPFR_K9tbRpd;kMU4fFcK61#JCcVNi=! z?txHR^U>9)MT8}zTTInr_K&UuTS%In&9W>T#ip!{>>s%> zp@~lhK35=`-P`@}l=&Gro7jp^XyR_fxl@*vILmw()_n*tBbR9DFrc{Wr?y5592Z z(__pS)cnrYIkb8XTt5`^DJt|vAMkhKw(j95+-Bviop>{st#|&Rwryg)C$7!ufrEoq zQy_|i644Mc2+urSZEkm+us0_YU#`sh;PJDx$6p;~o)V-HI1jyyUk0=obL)-VtQ8S*L+K$W{uHd}^kYxh3RMeIJ%&&8;lf!lm*B~3GZ@Y_LCx;3VR$X~zg$T6$OQeq>kY6u z@!$4#5B96~zxEFv<9|NLGb8?+Cxe-{z<@%c#OBI>z*}JMZfcSGerNgMZ*}k=FbG_| z^Ky7L%BVW7g=j18%z{y@H5A$JCRSS!K@I)%RF0o+qNh=;|Aot3=qL2mvp5$iiY90W zMG{5a1P)<&nxg0yb^rWHi>B{mo{-O7WRr$fuUtdwu&tY&=jcDbM%~@*?JoM|zfi&v ziN_pJMcL@TkW2~5(C&Xha`C6XbR2-~Se`juzcWOy8Wyi1$lc5^ca=bQ5Q`4bVv$rX z*b))z_Yo7T3}G(P(w8~J7L+XoADSP2s5MScd!(L4gAmOQ4|La#n}P&|eO{hk{BU-B z`u^zn`0cy%t9AEW4=)i^`BaVw5K9Wi=9H)l&eaJOWtw*&fB){A)7Ph0?=RlIy?TFg zc2S49w27tPqtV0B5U6g=WIreq^NdopW$y-Ze0lc%=<4d|_`B1K_h)a8zHONJ z!{ygp8;DKotpU*Pop9rC=FLM-Sa2qW`WJ71IJ-Q1d%kugwZPhjr#i%ULzQvO(frqj zg2Ho9)>L68>VTn~T%7%Idh!0^^xLz`tBa#`BXQ0s+K|~kmb)QU5J`WVM|-Z&Oypgh zUY`A*wbNV!d~GNyLwPr}I8|HCLrqw4CVDQG|p9rDkW}oUR#TtsuAItO@W%u@>&DZtG~eI9kVn-|H?;`>)TA zkKVV49JTGcv71_Kx@7;L<4dvG#1k!f$7z6UI zF(8`|xybZ>i3pHrR$2y;vm^OV5^;#O|4k$Cec5OB`A<&QkpO5;{B>dXbAc%p9cB6aK1{$ zlkl=zIhhR^5+O)p{H2O(erF@b{p-_@B+kKot|Tnq5;__ybDkD7$rIPp6%jQPE)1}~ z<+=wjeEQLOx5#>l2wjsY5Mk{TLOj!A2N#Fvj5T})alN6<(jkV$Y4IqY@sy9I-|K!0 zujC%(kPCqo#^nVPB?YbD^*AV}3!iG_bX}Q|W~G`yhlq_R`xwPqYYwnjO#%Vmx1ek_ ziA2!`1Q(sv2oz{;dtES-P!y8+lxlEw5y?Zm1`Lq$RtzK6DkhTr($|d=KJReY6922N&OaR4UOfF&Q;Qvu9WlJI*&2!GcqlqwCaVSNOZQjQZF zh*q5S(X&|qzYfZFt^a1Zej8|&US9tG{UiiwafCfLpBoMyDr{)Y0IbAOKLqqv8&4u+@o~G5+^QD#eJ3I~cAIe5r zOIu6oXL#n=fA+R(`Tr00_xB&|KM(O#mXMqKK=QC9B$?b0am*(f76f(w{`F38=Wo$= z7xj*DW`Y|~B75KG17f$x-nUfQKOvGQA4b7W(|z#0WHXD@xC&dOD#dcM02z{om_Z=vfot{dG~ovwL*4)v{Hj zt?T-3Ci0Zn&1%f0YHUV-aAODM->HyTjZ2mYpEtqYA3* zn#X6+r$PR+yRC`xM2Xxg$7F$9j1n|}s8n>?CNa*D|8{owEBC*4U+(Nb-v4@#r^0*e zg!b*!hjQRt@y!Te=Rph81~IIan9A~4;V=N#{JrRq@#J#e(Or?=pKtk~#z(VV5xs0@XZa$oo$BpPgp5^(!yDGI9 z@Bh;x{C}^?|6lCw?>+MWhj_j)|1T%feJI`^=AnJ$`;UD8fAO;j|F4BD43_^QM&h~r ze|NXS|My?Kc=^cxAL4m%{@=i|?w9p9boj{iAG!YH1J5G-e|d?&{LJJ32m3n}{=fI) zF zUCOE13;Ng$T)a;|QmG{RJQwPDy@g}=l@B6?<@HJ(&BJsxG|(SsJ6nYR`zY-8m~YvQ zU=IJ^KG>=Ff9xLYzkHPcALRLR{J%<7zn_gDxHAx;OmM|xo*tsBW9Q*-Jk$Pmu)X&O zTItQtBI`e={&;&O8F0?}-#vJ-UDf{&c6J}v|3f?tt~hNxpv_0jWHb$YR;vvd$JOrh z=l8)z0^+NT9bq8XazI&IKpl6$!LVsn2~39c+WVLXH_Wp7oxrC3KPvmCHy8V3I8`mO|KF0qnDgsYmSRasz+MUSXQ%!hQbZh1jt9OYatEqq&j!!8TTiOxGUK z!2$6Yq~k6@I-0OJGps{Xh4qK)aJ@Xn?6_;pjz&x_G{bj{-tna+t3SrmB>xMtR`GwX z{J+2Vq8k74(f;#5Pi56=fxRzWf_q4fOT<6;pv@3;XO%&a^=b^8@N0-^N|FZcq14^K zmGV$QM} z|LbK{{@;JG{pkPsAWvoO8D`PH>{kVSBZK?6TSnaP^W@TIZkT_jnaS+#BD5ANXi7#T zIYdh2TAG2(*M0Z?RK_?3=I#p!^3R+KlAH*hg%O9$dFJ`))%%O1A6-KvsTaBYpUd}0 zCvVQqI|xGX*kjy7G{mVS_T^dsxcs7jc2a=g(^vqv5qU}u(S?3_#HJ7>@ik@n$Cj@{ z`K{o2)>b#qT*#&r%E^|3L7->|gFU39H#mb|3BP5xSR_aNvrZV}8Ge{ZLLGbF`zwhR zs8%K%k(NShN8ncBP^6mbvY?KZAzf;sAv+(cz{D1q! zZY}@+&fcT_??Ik9b^tJ|k#eNCrOXDEh}mvM!H!aAT}zq|9?F1cVosNRNfRDl6JfT| zUnOT9HO5yVf|aiY5C^;+y8fVcB=CK%k4+`|6!h%^;z2SW{4Pf z-em6}m*@(&RE?|gye-)EfVGXGcAY6wj-||7A7*gH{P2*Z%`Nv!t5)$#2wp?`Mg- zLCfSJswWhhm6ImC5K~D^(+E`QDiEq9stIe;9Wt^9g%Nx%pK)k_q#`UPJzJ{LAu$vDhHB7>I7BAaTo^mgj4w_3?GJFofBG@Q zOolEHNN?LIrW5B5+HHZNR1AIoY;uMf&jEYl{DvoxCu%|xij`?S!var;3Y>&ZQl+=U z3!jz0t;=xWw)8R2nex4B{Nj|@Z&!3ec&-jnch9H59tuAB2FKTVc8I#&77y2Ym#^fN zPZ$c#NRtC=4y3+XcR>%P;^LRtO)uS8obyiEJiLrXAj~{>tfer zTKXJC(eF9GX2bf=85m>IbWPWP=g0rqug3p*ad7ac|3ApH?#sO9%I*SpdD}1V`U}1d z!CoC{{+r$24abEZ^zLr8=l^9lck9ECP!tWhi09noef{?Q+wb09oPVL~yyxV`kK^$w z@8eb8$E&=LS9yO&S9upj=3^Y7Fa0#h|B?v7)Ac!k&5{3K9Mt^(Uu^Hbc$EJi;#uP^bmm=1!xMH@qk4GaxMp%(ZaZ~pYb(P3Tx9L_U`Y8~GDet0RN|!UyPhES} zwY!PjpIcI4mBSn3hY|i6e6$V+rN4vEk|;&lNOm_XGMsG+gsPxv^E+rjGqd84;Dd93 zurg}nJ72uoxg29rs#$sw^kVJy1(>B5t?h@U!fu-0xAdkd#m>--PctFNGvkQl8}KhG zedbv}0HqhTg5jU7o%?fyU-`gNM(`qNlZ$MOS@>s2JI>l&`q4h8=E8`%FJkJH-h?fK z(L5MX=|!!e)+M+g4R2b3G3die;dneDOa)6Tcta}hLYPAIgPIR$Y~xq%_FDzx8O7*qIBt$O8Ea4t9aZ+zkF$J zZuzG{|G&X0O*Gqb$AGa&?qmv>cmHeeprZfpZf|cNJnH`s@jS5>yOBcAQo_))l=JI6 zL)}^1W*2pXEwhWdU6bB%8}5fb0qfgWL!Pq)9e#}x8mr)gB+7jZcRUwbZ0nmwU$?G_ zt+ir1)|7a+MpmnxXRFq`f_-4s+Qt=l`P!$j$FDeGQ+fG%XI3a!d7jRBvUIn*TW?`M zTfVo8z^`zX+8}~0U-8liYAaOKlGBQ~-Q99tdMng4oBKDgxvx+i_VLvgk*j@Sq=4md zw%YpHwe^m?08wwjI#Y#l275>SGpn%3pd=llF_zzxsq68X;+IMj9_l@}<^H1rRH=wo zH-h#EOIm*!sJ?o?iM}ExE&k!xuFVoe&&WT05g1wt5*KU{buZjs#}_9OVL=dF&}5?? z>Vu00vhoE|V}fEX1d$nsD+am>ipN+e>n7rg>ThaHrTN%{ooDXwf*)UcxBdM+v*f=_ zW=;mYPx){A;NWFV{@Z)>|9X(;KIFeyF=gFH$QjRyeBy{qi*siK4v37w7c4FOJ5YX%+l&%CL{GpB?~@Wt<6_9db$U^|W{WrD|qXnxh} zmN`xP-(PyVYmZ<5kotp;7#C#Seav0|I|r5X-@V=a$M_!)@;pI(tP~MUBE^xJe{?%0 z3=MLc!e*S|_!^Ih>~)@?E4>P=%|;?QCTWUBDIb`SHI$7uksv8n^oF1et8wriv!wF` zF){*Xf}Ul94CzObn9yYZ`MihTvUG|#gPIy7lo5ea%1E!%JGp#+sRg;t6Licc6VA{N z$CoIfLUwv1sumhr&J*+l7L?}_ot>P@PS1ux?(}Fv@Rlhj_^*FNR};VfFHVn6-kkO($@=@4 zv;JT1)$V`n?my;#eVFG7dTl8H9qY}l)A>8v*f^W$1&*28*f?yG)_onbA;R`Z(1*f} z5_GQ*g^xDkES>gD<3D1-C>!afeLH%aW>1x4EfA1=Brx!wq2LpQ(U^|LL?9bbM{_HT zQhr;!vdy1!MReQmBthSibb|H_KMPa{%o1es_2^#?h@L6Fi>O3DF%C|lL^zO0^2@Wa zQkgv5+H#KVgOrcpN3 z5k8RQLv@RVmO>1RaUWuy5M4uNg5U(*NCcdK7bHzo-b6Qu5@;T_MO=VS=)l?sn&@*@=ABZT4n)n#~R9;q=_hNgW1%5 z=q&~s97}n)_It?M3=!DSLa^KiI3R-krV%5v`?ZHm5j5hvJqXYd^yuGl5s!&f##eUJ z-6@dh`0~sK6hK2R(D(i-)M8_I-M+!I-X=$Q7xT=><~cx>;!@@qnn-H&fZ@(i^_?9wby(3mrX=e+pc zul4uc9Zgqn@HIg)7X*D6U^)J*X=ZiB#zArKMa+^kcv^hFnY#)-(`hsoqp=&N(x)UOk01@xg1| zAHX`OIQjtAx({0WrmCQ*OpqHb+on@rP>Gy;2)5J1jg8LV(b*79dG0%%@?3Z|yJ>Qr zo(%ZaXaZIGhGK-#2fb^$raqu&0p9cj?;9C;*?;9@~rTKc&^b;^$^n(rNpW9 zuy5OoUk1Me!LRkUs<1Ll!ip#kUYW;Zvn>pBp|o59ZSc%rCx9*(SLl|DYxK+l?5+#x zm0ucyWh*_6DUT~*W<;V9QAnyhzV?;`fNax_cWSK@ycjanE{)4w$?m+%I78NHqcqQo z8-who8LB0QG_@3t^xoFL>=)=n3CU7EC5fg}sx(22aXKtkf@ct*_fZKiZMXpsg5Ed+ zqpV*pK%=n5>k@kMs|)(b#q7JwiuQs3ww@z7=6RZ+0nv*n@wS|pGre}pqN{EjAe(3+ zO^CuYl^PLaehX6pL69^jE@skCh8Ju>Z3Ys7Wv6>!B)4upHxXRb)G`L3KuiFPXqe(rPZKuGwf?0EVq*hHZewG!jNQC62J|Z* z7*ZT!n)cA8W;DJT#nHxw<~bW1Al9cTzin%&hyI7>D8|e%E8j*gH7XoQW_p{VtR$3h zfj(&JidBjthAO%W%CL&ZD9X^&PhGgb*LCh%pP!-#!qI&_A!0;OI+im~^r19g35Fe0 z@s_O@Cc-tuD>AP%#a&<)Yi?=Hzv%R1mU2M^dUv*o7`~w+&2SY*M_DFe z8Z0>xP4|U{_(9`?mET3NNIvLUJM$C_ttdR`b-=B!?>HerKc$pi7i?peaQVDg<&^0? z)DY4i(OR?q$72g;S)}E*30b=hXx{z*om%|oz5Rnn`|pE1h5e^&n!qTfqp`Xr`d={W zQaBFLI~c)os@HgKj!BfDgIr6ggOtbDE*KuNe6_4r_Rw3cJ2<(+3A>t~r{sn}MIR?f zdG-d%yw*tu)52U60Bq6}X{ZyDK!}dS!%{`(-0 zmUTy5P;(#6O01nAwpK;F>v%fRo>K{Jz|yZcTS zOt(-z%sno5&CVR;p4d{*vh?{c2Au1SrGqqsynQe8fdlV79Tw@hMY@;eFRl( zT8!$LW(2l^8%2JQ!Z6^i2^B)C1(B;sdDIw!s*H@wjKp*}t)JtWbHoeZtBHzg5Fo+T z*JM*L*qU1%3b$YcUAnt~i=jf{Q5gp}JH3P6!SbWK!lRXjb!7p#<9N*3_T6UIo{uju zbbBnn;=H!hULzXrFsmit7N68=wRH?8r>*n3*o5YEkrBT;TXiBEYOZPAcbGsA)Z&vD zR$0dYX!$bG-Bx8|;+Z)(sJXSQIKgwZbVUb*;xQH zWe=kj$zgUQYsb(X2%!nm#i^jB_BsYQsNd;ai4vNfs20FXvv1dm1hH6S_l37R(8nym z7pIdst*m81gclIMr)ni)DQE7EuBlpR4Oz3c>HE&Squko}RNW5)sp6|nB-_31-rmbQ zV_*q((l+$F(MT+5&xCnck%z>RMy`Pw=s3PSL#~+hpDTLnq1Rvr9;BFE!}&(8ctRA3 zRc}G`==P6X`-{m#uH+S+DO=VbxP4~MaJ_w60Ws5 z7(3?)aj<#_?u&YwJ6k&)HQ}^QPrJRp&84SV*jXQC%|gpMXiN}Ef4c(*vi0ZS$`1ev z-xmp0dRaT|I9xSJvh(Ss5eMrdl*YlYgF>9+hPnfl1Z^yarOTqiJyT2A)7mK}#9f_g zUi9`BrJ6cE)=oKfM682)QhGxek+LuNU`2zsZ6VVw%)yo`i=gm*QO;}E3k+)gR8z)T z)9$ph+uL3R73(9KMjR|dFyYYK@_oD$X>lyqH-(VoVw$1byjlaE9l)b-yb7v{^T)-;XA_pS57GFlfR{vVsAog#hG^aCt7CSRsf4gR zn?>os_sEv9J{MF%SO0}bD#7yu{4gN)j`4Pf!p?t67wy4mDFsKUEKgH=nra+hz~7@b z759x?Gfa=#d1u1M3*fNZZ~(l}5bV6#K5Y6LaN=pJ)poRO6D!X;K5kt_(&fKzp|V^y zZp*qJxc^u#F(yozbaZ;Mo2IpacZ9RH7`S~bEPHQ_rQ-iaJS?`0_`GBNEU2v{Ws3^_J zjLpy1LV|M@B~+}w;eBsg(g2_nDj*}w{O!HX4j9_E!o=eN43w!d>FvQ!$WLLD#^aBN zXlK^u?{2|ELMhFxL;F<^eKYlBw`a#c)8JKV?oMM53@{Hp{J=i5Fa|=K&iasGb;yTC zfK>|@9=uZ{*EjG$6?*8w2b#^o2ne;I^&r9a>OS`dLD1C@3=@A61s}>oz0x8XOEONG zDt5Uz*21`E`Sxms;)3)bG6iM{y4(X7c^@joj(j0DJ!4m2Vu;6rBzhmlsTa+fhm4An zC@5M-0%Y{92N|$ZDwdMR6z;Zok765n$%Jfs7!<(0m@t0pk7Jq=b3^ik0FN!nI!ACB z)mK3O-~$9zkg0>tBr4S_;pM5jF6&&%sYEu3+h#%EAS&oxaDug5l%`X6a8ka7#1f?N zH7PFsY*_@F_%_P zL3v_&4eH)v**uD*hkkU;z*yaF_ghRA%9)}js!##!uY7=plu%+wNCYMx?$I$DmdFUfI7vwIz|&=apJ0XiSdGI8@-u@KM*d@YHe4BqRcEg>YO>et zS`#8%nTKmoW3Dk5>{i{a8!Wa`Iw&rbbypaBqi)vF^x}AU&10NWHEqR3sX!SYKN2MI z6yfR(bGUG2;|G|^R-+Nb-WJub{myK60b7?FHX-%?02G4_pUQxV(0HtyFc%(+TD{Iy z$T%ek6qJ;2>Xab@y2Jr1a}?~a{RBRXCg@FgBj4VOu_2Q3ECCI5OwflU!0HDV?JT@V z-_iRYzQHtwOR^JKCRmWePJ}i#+*;e%XufY`G)A~HDhPxF;R62Ctaw1|og=_&3nm?- zbz^_#*!FV(U_hjb$Z*Jo@-SF6RcoLkk5v#COL3%?dd1N-A=#aJ?^QNAJs_!g7R>V| za<}KGLNVkRul8$b%f?V>?+hh5>?(xaP{A2o&`RlqDm$a3H|hZdgzR6!ByI#TGm7s1qYD@-6PJ8S7%G+pwcI%0|*4fW1h zUjA0XH>a1c$qh-7E{=5hs8pfM4vh3;Zx7pmQmojPyd`o>aH_`B;%c*H06;2sJ%_v# zSo;I-6c)ClT=8#kikVHVUBQt4jKc3_gq(u#R+j0?ySE?%Q(G3;0LGM18S@(=NP;j6 zm<4R;6$WB5^E&ETo|Bw&zj!oskp;;8b#dgPgL2-q0k+sbdayitKfKJ6|zo8V7Dif$(gWM)kV}LfJGE zu4fNYcLC1r9JwwkGw1-wNL-&r6Nh%rEE?Io8B3IniJ+?3*s8!Z5=%ScSqr@s*G~W7 z6mzdUJjBR48N0oW_x6SeZ~UTc)F&b)OqnZoo`G3$1nJT!ERHJWEB1N+QS)pUu>wfX zt`n^>n}`}dva{l7j74H1N1_;KIHqc9R+%GWh@oVIoUWqUJL?meo3_gs+}Yk<40Ue| zksY~ZIU9AhH1fq~qwdV?aX`rVBv|_(KRB!)@-ZePv651(G1ZcH7;9HBErE_f=+N_h7NfxFC{<8sS|gFu6Ll3=(i8rs z{=gL-(ij(qXE@6U7EayL8e2fqO5|%4Al*^)0vdMBSYFYvogi5hsFS7}L@9c6AS&L6 z4r}^)JGAi0Mm@IC9KSmG2B!qORq9;~+pf<`t;EG8mAe7=#hn2tUK$!YH%=Q(^YK&$ z1$DWn8uKHng$Tt_{|6H!ssF>VG`s7kWr zYzDN6B)8_=j7teRskKevaEw8dS`MNtLAWs3DqaGs{{!f3JXZ#C&|E^=DYeH3zmm9Y z?|NEXp9AbZU6a8+$ggV}UhJR-4pjO)P0yGj;s&Sn0}LpFbQx4CRN2NEk|gFVu~EB% z=26BW@>tQC5g>Jc=bBO>nr%=&xhw%Gv15|if5~t>1#M2#jz9R%PE!rK~z~5GywC{`ZGzeA4hqGbp zbxr_ldTg@?0nBPbu*nqTa6JqWTfzFerT+c>d8BJ|{+gq?@RU!MZ9Qg$_5`nVxYuxG z({<%b=ToxSk?r8i*6z~TrXetM@>6NW=E4F#?FbJCbg#Lxq2WfOhg{j}!I@jf5G@x3 zj|skR>;Dcm5DUQM;sJdFr&Fo*gIt)bHhP0$ z#?BN(TXexFdmSHf-OLAsT;DeF*1;R2*j!4d8CfnyVE$+s%|p+rhVBxlHx&!skpmjZ z;A72P=Us1HTwx~%mIrOyupTZh=apB{jWrGdU{iCdXipv)QQ+(gM?H*@7&h+z_x~vi zxAt(=24U0+nGq^&2hZel&@XdoOd}8|-TMAdyxVcZp&FP(*0w<`ViM74JAvr#eV+U{ zCamm7^^Um^u<5jMwgB6vfx<(m?_7)Ya;Q65p<1gokE?||tZYZoB2X`@WcS<>hRr5moh>#Y6lyRQEqp+PSLcnPxk#7;3LBPXVb=1iOKWW- zSx!IW^=A-Lc&^_cJyBY98&`J&^J{)jG9d#*U%_Ssj;SB+` zR-c3ynPkgw77`t~A;OLq&^mcwBc+*zOMhbjmK}4UMMrR8D;dqK23M3tZy9o>kuP56 zqOO)7hYg-ni8AgTMoPv>+ccQQzbxmn5dI&|$Rd6dy4(_e6WyBM1S7YuF>sEse9h9D z@${pCdku7mW!=NVHPW+{63(7#xeJUaVDg)q%5G~@)=Y`(9q2X`bygLRaY0fo$8cs{ z4nHWK@sy9Iy>blW-#8;*|2K3Ny8i0f{kyj=2lEduL&mTO${RQp52sM@X((ANGd^}Pra4j2jnFT{uWaL>T{LxVlwYFt7( zX30`xS&*6@Vq7cmmUfR2zu3I{M>B<1KbLV={kj0UYpx|FNanITfoTJivoTIEbu6xx zp}B(#%?9lWmE~rz@&n&>sj5zb;QA1X!@^h2SD~_Lb_3|PhkiV|I6pi8 z_OLhBgGDgpA|f{wWQFdmkFCq4R%?NRGZsLpR59ySRy4n>1q5_0?h-~N=$t=ds+vxF zos?cGjCAQ`&VAdCc^i%=;dl-!1de}N(&ZvCDv%(xC=JCG5^F+p#3V4>%u!>^Py)A^ z(`k4%uXP4j7L0xgb1tr>y?S2pzNtV!S;>}U&J~M>CU_cfRzU_i zO%so~sKiD1?6H1SCJ*;@xH z$o;u%*f8uNVCD%O==BD2LWe^FBZ4zFLDH$cZcxKPLQ)LU1`NtzqnOqL)J@010~}Eq z*s1)sVpLL5;vU{p-YradO<^1EMBb;ZghE*JmJ^$8vvfCUNU+KULARi<>m_QY!yp3A zR`dsBTVhj0CmA++vi?Nag>@AX*hXtP845u3M~{D z#JG%u<6_xgv{=@r2nx&0m>6oeA-!L?DRFLdgK5R3(>fSXX>JDrL$ZuW6y_{V`_w`a z8z|6_8V5NgaD1(WOEE>af+}xca~s@=5!vkd4&>dvA%fQS_l#B;Feox979#?}U=;ui zx@JNX8`H)%Z0yKmo)!?C4Ur&~+9jq`H=Zv#Dr4HKj;z|E6HlI++R>QcB>MRAV~l`5i@*eqayjzP|0#!*0?9=OXuv!G4h4kTZWilbzdlw7HPle}$ z&7tJ3Y}`SFYVifJwjXyKET3AoB;AIjS&%zp2sxHTd699pdU$9!n30coC1OhX%FYCT zgv(aN%?SrXMnrJjfQ7lVb8D{bxU8?0+dE|-RdG6I!nvJQJ(!xd=SCbgqR8Kjv$>1c zEauJAmBSn$b}_aYRLYq-+{&G2P%%E7-U-=ze=llKvBCCW73<#f!UY_JNdN{Ukg{1L zxV&nO5pXNZ1eBmF?PjyB5=$WZ!bm~W#W3wkFOO<#$yyTCf&nez#NW3DZ>Y zbJq>!=Wfq;@d^Z1$fNvo*Fy7i*SWF7R-3~1;M^G8@sm5qbODj9(bocIEXzugbm&et zw+io@)xvq*?b605#{x4&NOD$A2zK0m7ZTjJzFa+9mn+&rYr2T#g)Fg2^1a4gzDo(B z3RgIFHzz@TJnp|M?n;{TA*0m!tC~JRe^mt5!nnEZMn2+6mXb}hvu&qwXZz3PK5aj^ z+)3#UXLBe1?7cOA_M9cyA%=EQo`+1IHf#q21oVO%R_5XhEK|8j0v~e7h%;5d(t;@e|f*DMC z4)zeI3l6#7DXn35lBXC1SDeOqYC`dvS@-F%?bd7-@`pJTg}#Q(ok&F|cBOr+dBZiJ zvue)VK-;|?v;~bdl9ntv9c-YT?d=Z$p}h;UeH>1-W#EIaVnm~GZT9!5R zAd1Z5B@Yfav6_wjGp9mR3`fIUivr|hmU3&Ltd93=t7S?Yk!}@p3KzV~Fx*gFv7iE7 z4H4C_!_|CE;}+!rK`!;uWc;@1%VeOZsyL=C-QC|T?mF%4{ux9x=Ig4QnX0v&*fL7* zK4-S!>T!L`j_?Bznp@a8b3&jQJ_M&VyF=5`l?B^B=1kIr6cOv(A)gje8|ymJ!6nqU z`h)knR1I8EB7vFSB?X_D8)*C6J>-FS%k1Py6QsMjUx@QW3|AVEB5}R9(^m}!)cb-a zAfh@=ptyHq7DI6cYP@QK$VYB}ZN-Km5(k!XR1IuSVYDuuCPb>1!8xal()ot>PPf%f z(Mse%-~`6iLl-O2e{lm2Vub73fv16L1jmRFZZAl2&cO9njS1_O1(Na|B45Q`R`*XL%n#{T_dOfl>nX=(D9&6f4HbL@g#;%)$I?%juTX*4_ znjGD&y$1-1*+7A}T|;jbP4o&Y zoNl61A-LE?KVrc)(HR@^O>{yA`Dhbe3GjfBCSp)p(_sVeMX0g1`_USTMIC>wm7|}F zQM0$NGlLW*D!3t&j0-GiI`z_trX{QtnPf_u%mQLmT<^0juH;fR)3Q5jyoD?3vAI5T zlq)V{oDyN8TO^%Q+;Hm>W(%XDv<-%lpl7EaGa~3jOR?$mTBLX==GR+^J3#1)An~CO zs_LS>`|yS{A<-Pcw_#B)1Fx2W)se81)_^hA2LztjIJG`=p@-;%n7P!tA}yI|&$*8> z>*DJ1}jy% zi$=Py5}zkMpuCxc$3-^A?8x1Gp_~JAx1xU|C`|nfjC8f--5sY z{&N=;H>`S{|L`L9e;9$LU_z5z+GB=Ne{b?s<+8{`u?a*r3yQP85h#ULqRsg=QMZIx zn(3LYmlhyU<1IPo3==FF8`UOIJ;2&qjtlC*0ACF_`|@X`rkScO*Ig*m{L!DgRkO!$ zdXI}*_UOW^c!{M@OQth(4LGO#W6p+D&o|}lRSG$td>|a_wjUNjwoC&T8m8Dd#SlqH z%rJeo=@*$!w0bijz^&pKu5B1wH!ISY7*!DvnGzFx#%)}hD*f$K=nz~Wl*ozkf-v5p z#X@z>+OP-z;bN#m-Hi?46&o9yZ8hNDvT;4fH0`0gbEie*5o5uyeot3)LU5_q?$41nS5?2w>Zuyu5-Jpf7Nrbw_WbF7R~Rk{`-=6 zHNt*@)4$Hfr;{r6PI{)*Zeh+|9ou(eEbO#lfyItyr3n-a+=~nEh~p0l$5@V`igV5KMd+Vs&ZTogCy1Fo&wHo5{8-#CUFo4+wN zL^;E^5bCP%ijFZTK!Yh7P=y3n8hu7{q*CVQ8e1I@xmmMggmK~kP9p8$g7GwAiF6%9 zv=XiNL;Rf0@PIe4q7|w-_|B1roCUhK2BZ$LR1v%`@H!8hx=uSvtAho>-43z=JJysy zg}2l|*~FbUGA-z2m!E2iED3vnK3XZ&nCVM1Lbo zOWO^JchnVyTbTP33wbtj{1J=lS96dSQJAA=SXgd$##F=yUz=hnkx&{$_kxj61rfkrX zxxCxXfiC_JC|=2a$LPl>7MeDJketZdvN@J7-3PJRDod6Ro90ln2Jc(HhPggd$R2f0 zCWIws21U*q8HjXziw}oUM({PPc*7RKu`bE259$zX;>7xt4co!eqj9@z>@Xv+nwLrTzz_p+|J22HTI4(-E* zH;~n+A!57YLLwYo7-9)rzmncL#8nH79zN7sJf>+P2B#v@XzcmZh{X zytu?0TAX&Wn>nc?3G`1{&hr9T?hh@zMGm%|0-W%+w-QDn;szA#n=y0^GCv&r(ZF>I zHdqq{0ak?DH-dqgB2>n32&L!lnzFSUy*5j+fw)nZ5a zu1n3_`ASPB)$1)qsU|hh5~7bO2M7o+z6CcxG&3tg1b~?nI8Q!lVWtqy)UDufCL_)L zqJsN@UT6f|jSWrDWy#E3Vaf!7vsOtJc@WE!MSZLmdA(ayQ`}{ zGR5?;+-!h5if#p65^)0#^s8un(0XiJx1Cz9VLY^T58zTE?y9EkZO^7hb9LdEPclKI zq@2AWYRm&_v^P6~637=>LRXVEp`gFFQ8YJ!=H{zoj589dV&>*htsQikQ{z+sX$mxV z2O-Vu)iRI4_kysP>wVnjSJq7Bh9-o|LaRuB+t=N}a-7@GFvY5nJxl|m-)N>=I09XZ z55c3vTD@Ik5S$ShvGe>$r%0y!b`63+`rH0ulkdDyovUee>bBmq0Jn8oNAK=3-S6<-y`+a9KdjJWvnf(Ga{auM zctqY1C1@-=6)*dubP&ZH98-!43!l1G%!XjOuj* zs+393g&}1|weW%H!SySbXh0zSXwDKMq|!^i(m`%6 z$qaMYcj-if4#6pw7T_E9G|2fpYwB)xwd!Szki{JRuxm6j|Gt4Xt85v^%B1hU*){yp z8XpH(nh>*>{gdx|=-83wrj2WEy=^iv9xwcYof>%P3dpuz+G?sJju-k z%OJ;B?a%x@26a2-87d_cEjcuXjW`@iv;$r=G323z$pi;Q{m!fs zJ-x~jr`JMcmR!GABc+iKDQ&%j7u7mId%sqGsa6LySZ16Ve=NQAL6kW-24-2Vws@|x zT%l)YZ=WNc5fgn_TCp9R?2IE8lk_HtntmifiIH%Vkb;IL!BuHz+xUlKln~>#ns`Kj z6?izLF$Le2u#_a336Hn-Wz$!ifmW+SuVR+csI(DM}Yaji*GJpR55} zmUa@K62EkBEx5H7p{`w3#^84;37MOaK+1`C(0qJA@|k}(@{B>MxG zQZ@#S9yjW4rB`-{Ua?6g*;gpspd*1xk63i@t zoJMi4Na7wOXPGnNN}AdFU@O57Rvv6MU+vO^ZJhXW0=80=e$G-n=LuPm^58n?gAyF{_|SCL zgcw=C&@!7@)q=l!5KJ(F*Y`E=ao*H^4fsx()awAn0O*KKN;M$%ibCDN(s%4GHThvR}H5Z10tksVWp~LU*#|UZu75 zd6n`l9$%wS|A1#@ApBLnYY@rJ_QFV^*N`8v-(^3}10Ka-)7{8c7TL#!@$J@p1Wq!1 ztHcm`vUWKFFj3yhdhPM$5KA1l{M63`SHX#_!=yJpn<^$y0D3*n#4>p*!O;g5II|l3 zfGIS}%;V^W2{>4kGd)XI1L48V31aq5AWPcbJ z0R=|QN;G_&Ir(dq@7nDu|6!H0pCgP_C-8h>E@rK~QMxWfCH~a4xHmcfoiUoZR|1(CH1PbN-O&6Y1Lj{4qT(EGm^SB1UIc`pyqLvw>lQK%z$&lcq*x zJ&omsP_+4UJF6|>i(Az$O~v zp%QNNVrQw_n}cRqP_%0ZDKYC`uXA}cudeJ|nyC3nO%B?8OrJeL*Hk3&oe|5JYtJAr z9TJ0mLx&!@@4w6xIG)Rm?x!PWuOrOM#o5`}+3e!{^83qgN0I69kVB`#)9};DEmDyy zZqw(_@jt`iqM>mklGz?%X98u!ky$JkQ`Wqt>~>8izzu9^0WkdhUGCSJY`wv zb++VE){8T?Cc=l0w+;A>Ms|Xt6kWHK#l5Q6`kryy|7i_pXQDC*;24EelSz%HfFsoS z9baqHEqXoWXZaCo+5>w_2v3lhlHn$mvdV^!J7#N9q5~R_CYEo2nNB?Jch_5(@D8;L z09VEMIg0Z17E++4%*vhVbQLt@fN;@I5KI$cJ>tH*ydi|B<*uZMG#2Tx6(JU7$LFAt zH-c8vLY`PE-aD(7OIm_jM8f7%1ucZ9^o7o>au^-q$ot$1Ff!;@{VwzBRlKgU3wUrw zbMk6$<#|3lx54t>-pV(5@bldJd3#~= 1.21.0-0' + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 1.5.5 +apiVersion: v1 +appVersion: v1.5.5 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +- nfs +kubeVersion: '>=1.21.0-0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-share-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +- https://github.com/longhorn/backing-image-manager +version: 102.3.3+up1.5.5 diff --git a/charts/longhorn/102.3.3+up1.5.5/README.md b/charts/longhorn/102.3.3+up1.5.5/README.md new file mode 100644 index 000000000..adb190be3 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/README.md @@ -0,0 +1,50 @@ +# Longhorn Chart + +> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +> **Note**: Use Helm 3 when installing and upgrading Longhorn. Helm 2 is [no longer supported](https://helm.sh/blog/helm-2-becomes-unsupported/). + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager +4. Backing Image Manager -- Backing image file lifecycle management. https://github.com/longhorn/backing-image-manager +5. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +6. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.) +2. Kubernetes >= v1.21 +3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `enablePSP` set to `false` if it has been previously set to `true`. + +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, you may have to clean up your Helm release secrets. +Upon setting `enablePSP` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. + +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Longhorn docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. + +## Uninstallation + +To prevent Longhorn from being accidentally uninstalled (which leads to data lost), we introduce a new setting, deleting-confirmation-flag. If this flag is **false**, the Longhorn uninstallation job will fail. Set this flag to **true** to allow Longhorn uninstallation. You can set this flag using setting page in Longhorn UI or `kubectl -n longhorn-system patch -p '{"value": "true"}' --type=merge lhs deleting-confirmation-flag` + +To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab. + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/charts/longhorn/102.3.3+up1.5.5/app-readme.md b/charts/longhorn/102.3.3+up1.5.5/app-readme.md new file mode 100644 index 000000000..321e5193c --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/app-readme.md @@ -0,0 +1,27 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) + + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `enablePSP` set to `false` if it has been previously set to `true`. + +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. + +Upon setting `enablePSP` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. + +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. \ No newline at end of file diff --git a/charts/longhorn/102.3.3+up1.5.5/questions.yaml b/charts/longhorn/102.3.3+up1.5.5/questions.yaml new file mode 100644 index 000000000..2ff391135 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/questions.yaml @@ -0,0 +1,904 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: rancher/mirrored-longhornio-longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.5.5 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: rancher/mirrored-longhornio-longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.5.5 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: rancher/mirrored-longhornio-longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.5.5 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: rancher/mirrored-longhornio-longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1.5.5 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.repository + default: rancher/mirrored-longhornio-longhorn-share-manager + description: "Specify Longhorn Share Manager Image Repository" + type: string + label: Longhorn Share Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.tag + default: v1.5.5 + description: "Specify Longhorn Share Manager Image Tag" + type: string + label: Longhorn Share Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.backingImageManager.repository + default: rancher/mirrored-longhornio-backing-image-manager + description: "Specify Longhorn Backing Image Manager Image Repository" + type: string + label: Longhorn Backing Image Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.backingImageManager.tag + default: v1.5.5 + description: "Specify Longhorn Backing Image Manager Image Tag" + type: string + label: Longhorn Backing Image Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.supportBundleKit.repository + default: rancher/mirrored-longhornio-support-bundle-kit + description: "Specify Longhorn Support Bundle Manager Image Repository" + type: string + label: Longhorn Support Bundle Kit Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.supportBundleKit.tag + default: v0.0.37 + description: "Specify Longhorn Support Bundle Manager Image Tag" + type: string + label: Longhorn Support Bundle Kit Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: rancher/mirrored-longhornio-csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v4.4.2 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: rancher/mirrored-longhornio-csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v3.6.2 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: rancher/mirrored-longhornio-csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v2.9.2 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: rancher/mirrored-longhornio-csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v1.9.2 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.repository + default: rancher/mirrored-longhornio-csi-snapshotter + description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.tag + default: v6.3.2 + description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.livenessProbe.repository + default: rancher/mirrored-longhornio-livenessprobe + description: "Specify CSI liveness probe image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Liveness Probe Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.livenessProbe.tag + default: v2.12.0 + description: "Specify CSI liveness probe image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Liveness Probe Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry. Leave blank to apply system default registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registrySecret + label: Private registry secret name + description: "If create a new private registry secret is true, create a Kubernetes secret with this name; else use the existing secret of this name. Use it to pull images from your private registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.createSecret + default: "true" + description: "Create a new private registry secret" + type: boolean + group: "Private Registry Settings" + label: Create Secret for Private Registry Settings + show_subquestion_if: true + subquestions: + - variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry." + type: string + default: "" + - variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry." + type: password + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.resizerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Resizer. By default 3." + label: Longhorn CSI Resizer replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.snapshotterReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Snapshotter. By default 3." + label: Longhorn CSI Snapshotter replica count + group: "Longhorn CSI Driver Settings" + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.allowRecurringJobWhileVolumeDetached + label: Allow Recurring Job While Volume Is Detached + description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup. +Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.defaultDataLocality + label: Default Data Locality + description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume. +This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass +The available modes are: +- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload) +- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.replicaAutoBalance + label: Replica Auto Balance + description: 'Enable this setting automatically rebalances replicas when discovered an available node. +The available global options are: +- **disabled**. This is the default option. No replica auto-balance will be done. +- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy. +- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy. +Longhorn also support individual volume setting. The setting can be specified in volume.spec.replicaAutoBalance, this overrules the global setting. +The available volume spec options are: +- **ignored**. This is the default option that instructs Longhorn to inherit from the global setting. +- **disabled**. This option instructs Longhorn no replica auto-balance should be done. +- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy. +- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "least-effort" + - "best-effort" + default: "disabled" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "Percentage of storage that can be allocated relative to hard drive capacity. The default value is 100." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 100 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.storageReservedPercentageForDefaultDisk + label: Storage Reserved Percentage For Default Disk + description: "The reserved percentage specifies the percentage of disk space that will not be allocated to the default disk on each new Longhorn node." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 30 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.failedBackupTTL + label: Failed Backup Time to Live + description: "In minutes. This setting determines how long Longhorn will keep the backup resource that was failed. Set to 0 to disable the auto-deletion. +Failed backups will be checked and cleaned up during backupstore polling which is controlled by **Backupstore Poll Interval** setting. +Hence this value determines the minimal wait interval of the cleanup. And the actual cleanup interval is multiple of **Backupstore Poll Interval**. +Disabling **Backupstore Poll Interval** also means to disable failed backup auto-deletion." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1440 + - variable: defaultSettings.restoreVolumeRecurringJobs + label: Restore Volume Recurring Jobs + description: "Restore recurring jobs from the backup volume on the backup target and create recurring jobs if not exist during a backup restoration. +Longhorn also supports individual volume setting. The setting can be specified on Backup page when making a backup restoration, this overrules the global setting. +The available volume setting options are: +- **ignored**. This is the default option that instructs Longhorn to inherit from the global setting. +- **enabled**. This option instructs Longhorn to restore recurring jobs/groups from the backup target forcibly. +- **disabled**. This option instructs Longhorn no restoring recurring jobs/groups should be done." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.recurringSuccessfulJobsHistoryLimit + label: Cronjob Successful Jobs History Limit + description: "This setting specifies how many successful backup or snapshot job histories should be retained. History will not be retained if the value is 0." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1 + - variable: defaultSettings.recurringFailedJobsHistoryLimit + label: Cronjob Failed Jobs History Limit + description: "This setting specifies how many failed backup or snapshot job histories should be retained. History will not be retained if the value is 0." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1 + - variable: defaultSettings.supportBundleFailedHistoryLimit + label: SupportBundle Failed History Limit + description: "This setting specifies how many failed support bundles can exist in the cluster. +The retained failed support bundle is for analysis purposes and needs to clean up manually. +Set this value to **0** to have Longhorn automatically purge all failed support bundles." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1 + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly + label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly + description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount. +If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume. +**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. Notice that Longhorn relies on label `topology.kubernetes.io/zone=` in the Kubernetes node object to identify the zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.nodeDownPodDeletionPolicy + label: Pod Deletion Policy When Node is Down + description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down. +- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down. +- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods." + group: "Longhorn Default Settings" + type: enum + options: + - "do-nothing" + - "delete-statefulset-pod" + - "delete-deployment-pod" + - "delete-both-statefulset-and-deployment-pod" + default: "do-nothing" + - variable: defaultSettings.nodeDrainPolicy + label: Node Drain Policy + description: "Define the policy to use when a node with the last healthy replica of a volume is drained. +- **block-if-contains-last-replica** Longhorn will block the drain when the node contains the last healthy replica of a volume. +- **allow-if-replica-is-stopped** Longhorn will allow the drain when the node contains the last healthy replica of a volume but the replica is stopped. WARNING: possible data loss if the node is removed after draining. Select this option if you want to drain the node and do in-place upgrade/maintenance. +- **always-allow** Longhorn will allow the drain even though the node contains the last healthy replica of a volume. WARNING: possible data loss if the node is removed after draining. Also possible data corruption if the last replica was running during the draining." + group: "Longhorn Default Settings" + type: enum + options: + - "block-for-eviction" + - "block-for-eviction-if-contains-last-replica" + - "block-if-contains-last-replica" + - "allow-if-replica-is-stopped" + - "always-allow" + default: "block-if-contains-last-replica" + - variable: defaultSettings.replicaReplenishmentWaitInterval + label: Replica Replenishment Wait Interval + description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume. +Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 600 + - variable: defaultSettings.concurrentReplicaRebuildPerNodeLimit + label: Concurrent Replica Rebuild Per Node Limit + description: "This setting controls how many replicas on a node can be rebuilt simultaneously. +Typically, Longhorn can block the replica starting once the current rebuilding count on a node exceeds the limit. But when the value is 0, it means disabling the replica rebuilding. +WARNING: +- The old setting \"Disable Replica Rebuild\" is replaced by this setting. +- Different from relying on replica starting delay to limit the concurrent rebuilding, if the rebuilding is disabled, replica object replenishment will be directly skipped. +- When the value is 0, the eviction and data locality feature won't work. But this shouldn't have any impact to any current replica rebuild and backup restore." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 5 + - variable: defaultSettings.concurrentVolumeBackupRestorePerNodeLimit + label: Concurrent Volume Backup Restore Per Node Limit + description: "This setting controls how many volumes on a node can restore the backup concurrently. +Longhorn blocks the backup restore once the restoring volume count exceeds the limit. +Set the value to **0** to disable backup restore." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 5 + - variable: defaultSettings.disableRevisionCounter + label: Disable Revision Counter + description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the replica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.systemManagedPodsImagePullPolicy + label: System Managed Pod Image Pull Policy + description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart." + group: "Longhorn Default Settings" + type: enum + options: + - "if-not-present" + - "always" + - "never" + default: "if-not-present" + - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability + label: Allow Volume Creation with Degraded Availability + description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot + label: Automatically Cleanup System Generated Snapshot + description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit + label: Concurrent Automatic Engine Upgrade Per Node Limit + description: "This setting controls how Longhorn automatically upgrades volumes' engines to the new default engine image after upgrading Longhorn manager. The value of this setting specifies the maximum number of engines per node that are allowed to upgrade to the default engine image at the same time. If the value is 0, Longhorn will not automatically upgrade volumes' engines to default version." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 0 + - variable: defaultSettings.backingImageCleanupWaitInterval + label: Backing Image Cleanup Wait Interval + description: "This interval in minutes determines how long Longhorn will wait before cleaning up the backing image file when there is no replica in the disk using it." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 60 + - variable: defaultSettings.backingImageRecoveryWaitInterval + label: Backing Image Recovery Wait Interval + description: "This interval in seconds determines how long Longhorn will wait before re-downloading the backing image file when all disk files of this backing image become failed or unknown. + WARNING: + - This recovery only works for the backing image of which the creation type is \"download\". + - File state \"unknown\" means the related manager pods on the pod is not running or the node itself is down/disconnected." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.guaranteedInstanceManagerCPU + label: Guaranteed Instance Manager CPU + description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each instance manager Pod. For example, 10 means 10% of the total CPU on a node will be allocated to each instance manager pod on this node. This will help maintain engine and replica stability during high node workload. + In order to prevent unexpected volume instance (engine/replica) crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting: + `Guaranteed Instance Manager CPU = The estimated max Longhorn volume engine and replica count on a node * 0.1 / The total allocatable CPUs on the node * 100` + The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting. + If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes. + WARNING: + - Value 0 means unsetting CPU requests for instance manager pods. + - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. + - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then. + - This global setting will be ignored for a node if the field \"InstanceManagerCPURequest\" on the node is set. + - After this setting is changed, all instance manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 40 + default: 12 + - variable: defaultSettings.logLevel + label: Log Level + description: "The log level Panic, Fatal, Error, Warn, Info, Debug, Trace used in longhorn manager. By default Debug." + group: "Longhorn Default Settings" + type: string + default: "Info" + - variable: defaultSettings.disableSnapshotPurge + label: Disable Snapshot Purge + description: "Temporarily prevent all attempts to purge volume snapshots." + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.kubernetesClusterAutoscalerEnabled + label: Kubernetes Cluster Autoscaler Enabled (Experimental) + description: "Enabling this setting will notify Longhorn that the cluster is using Kubernetes Cluster Autoscaler. + Longhorn prevents data loss by only allowing the Cluster Autoscaler to scale down a node that met all conditions: + - No volume attached to the node. + - Is not the last node containing the replica of any volume. + - Is not running backing image components pod. + - Is not running share manager components pod." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.orphanAutoDeletion + label: Orphaned Data Cleanup + description: "This setting allows Longhorn to delete the orphan resource and its corresponding orphaned data automatically like stale replicas. Orphan resources on down or unknown nodes will not be cleaned up automatically." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.storageNetwork + label: Storage Network + description: "Longhorn uses the storage network for in-cluster data traffic. Leave this blank to use the Kubernetes cluster network. + To segregate the storage network, input the pre-existing NetworkAttachmentDefinition in \"/\" format. + WARNING: + - The cluster must have pre-existing Multus installed, and NetworkAttachmentDefinition IPs are reachable between nodes. + - DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES. Longhorn will try to block this setting update when there are attached volumes. + - When applying the setting, Longhorn will restart all manager, instance-manager, and backing-image-manager pods." + group: "Longhorn Default Settings" + type: string + default: +- variable: defaultSettings.deletingConfirmationFlag + label: Deleting Confirmation Flag + description: "This flag is designed to prevent Longhorn from being accidentally uninstalled which will lead to data lost. + Set this flag to **true** to allow Longhorn uninstallation. + If this flag **false**, Longhorn uninstallation job will fail. " + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.engineReplicaTimeout + label: Timeout between Engine and Replica + description: "In seconds. The setting specifies the timeout between the engine and replica(s), and the value should be between 8 to 30 seconds. The default value is 8 seconds." + group: "Longhorn Default Settings" + type: int + default: "8" +- variable: defaultSettings.snapshotDataIntegrity + label: Snapshot Data Integrity + description: "This setting allows users to enable or disable snapshot hashing and data integrity checking. + Available options are + - **disabled**: Disable snapshot disk file hashing and data integrity checking. + - **enabled**: Enables periodic snapshot disk file hashing and data integrity checking. To detect the filesystem-unaware corruption caused by bit rot or other issues in snapshot disk files, Longhorn system periodically hashes files and finds corrupted ones. Hence, the system performance will be impacted during the periodical checking. + - **fast-check**: Enable snapshot disk file hashing and fast data integrity checking. Longhorn system only hashes snapshot disk files if their are not hashed or the modification time are changed. In this mode, filesystem-unaware corruption cannot be detected, but the impact on system performance can be minimized." + group: "Longhorn Default Settings" + type: string + default: "disabled" +- variable: defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation + label: Immediate Snapshot Data Integrity Check After Creating a Snapshot + description: "Hashing snapshot disk files impacts the performance of the system. The immediate snapshot hashing and checking can be disabled to minimize the impact after creating a snapshot." + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.snapshotDataIntegrityCronjob + label: Snapshot Data Integrity Check CronJob + description: "Unix-cron string format. The setting specifies when Longhorn checks the data integrity of snapshot disk files. + Warning: Hashing snapshot disk files impacts the performance of the system. It is recommended to run data integrity checks during off-peak times and to reduce the frequency of checks." + group: "Longhorn Default Settings" + type: string + default: "0 0 */7 * *" +- variable: defaultSettings.removeSnapshotsDuringFilesystemTrim + label: Remove Snapshots During Filesystem Trim + description: "This setting allows Longhorn filesystem trim feature to automatically mark the latest snapshot and its ancestors as removed and stops at the snapshot containing multiple children.\n\n + Since Longhorn filesystem trim feature can be applied to the volume head and the followed continuous removed or system snapshots only.\n\n + Notice that trying to trim a removed files from a valid snapshot will do nothing but the filesystem will discard this kind of in-memory trimmable file info.\n\n + Later on if you mark the snapshot as removed and want to retry the trim, you may need to unmount and remount the filesystem so that the filesystem can recollect the trimmable file info." + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.fastReplicaRebuildEnabled + label: Fast Replica Rebuild Enabled + description: "This feature supports the fast replica rebuilding. It relies on the checksum of snapshot disk files, so setting the snapshot-data-integrity to **enable** or **fast-check** is a prerequisite." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.replicaFileSyncHttpClientTimeout + label: Timeout of HTTP Client to Replica File Sync Server + description: "In seconds. The setting specifies the HTTP client timeout to the file sync server." + group: "Longhorn Default Settings" + type: int + default: "30" +- variable: defaultSettings.backupCompressionMethod + label: Backup Compression Method + description: "This setting allows users to specify backup compression method. + Available options are + - **none**: Disable the compression method. Suitable for multimedia data such as encoded images and videos. + - **lz4**: Fast compression method. Suitable for flat files. + - **gzip**: A bit of higher compression ratio but relatively slow." + group: "Longhorn Default Settings" + type: string + default: "lz4" +- variable: defaultSettings.backupConcurrentLimit + label: Backup Concurrent Limit Per Backup + description: "This setting controls how many worker threads per backup concurrently." + group: "Longhorn Default Settings" + type: int + min: 1 + default: 2 +- variable: defaultSettings.restoreConcurrentLimit + label: Restore Concurrent Limit Per Backup + description: "This setting controls how many worker threads per restore concurrently." + group: "Longhorn Default Settings" + type: int + min: 1 + default: 2 +- variable: defaultSettings.allowCollectingLonghornUsageMetrics + label: Allow Collecting Longhorn Usage Metrics + description: "Enabling this setting will allow Longhorn to provide additional usage metrics to https://metrics.longhorn.io/. This information will help us better understand how Longhorn is being used, which will ultimately contribute to future improvements." + group: "Longhorn Default Settings" + type: boolean + default: true +- variable: defaultSettings.v2DataEngine + label: V2 Data Engine + description: "This allows users to activate v2 data engine based on SPDK. Currently, it is in the preview phase and should not be utilized in a production environment. + WARNING: + - DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES. Longhorn will block this setting update when there are attached volumes. + - When applying the setting, Longhorn will restart all instance-manager pods. + - When the V2 Data Engine is enabled, each instance-manager pod utilizes 1 CPU core. This high CPU usage is attributed to the spdk_tgt process running within each instance-manager pod. The spdk_tgt process is responsible for handling input/output (IO) operations and requires intensive polling. As a result, it consumes 100% of a dedicated CPU core to efficiently manage and process the IO requests, ensuring optimal performance and responsiveness for storage operations." + group: "Longhorn V2 Data Engine (Preview Feature) Settings" + type: boolean + default: false +- variable: defaultSettings.offlineReplicaRebuilding + label: Offline Replica Rebuilding + description: "This setting allows users to enable the offline replica rebuilding for volumes using v2 data engine." + group: "Longhorn V2 Data Engine (Preview Feature) Settings" + required: true + type: enum + options: + - "enabled" + - "disabled" + default: "enabled" +- variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass for Longhorn" + label: Default Storage Class + group: "Longhorn Storage Class Settings" + required: true + type: boolean +- variable: persistence.reclaimPolicy + label: Storage Class Retain Policy + description: "Define reclaim policy (Retain or Delete)" + group: "Longhorn Storage Class Settings" + required: true + type: enum + options: + - "Delete" + - "Retain" + default: "Delete" +- variable: persistence.defaultClassReplicaCount + description: "Set replica count for Longhorn StorageClass" + label: Default Storage Class Replica Count + group: "Longhorn Storage Class Settings" + type: int + min: 1 + max: 10 + default: 3 +- variable: persistence.defaultDataLocality + description: "Set data locality for Longhorn StorageClass" + label: Default Storage Class Data Locality + group: "Longhorn Storage Class Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" +- variable: persistence.recurringJobSelector.enable + description: "Enable recurring job selector for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Recurring Job Selector + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.recurringJobSelector.jobList + description: 'Recurring job selector list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "isGroup":true}]' + label: Storage Class Recurring Job Selector List + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: persistence.defaultNodeSelector.enable + description: "Enable Node selector for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Node Selector + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.defaultNodeSelector.selector + label: Storage Class Node Selector + description: 'We use NodeSelector when we want to bind PVC via StorageClass into desired mountpoint on the nodes tagged with its value' + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: persistence.backingImage.enable + description: "Set backing image for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Default Storage Class Backing Image + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.backingImage.name + description: 'Specify a backing image that will be used by Longhorn volumes in Longhorn StorageClass. If not exists, the backing image data source type and backing image data source parameters should be specified so that Longhorn will create the backing image before using it.' + label: Storage Class Backing Image Name + group: "Longhorn Storage Class Settings" + type: string + default: + - variable: persistence.backingImage.expectedChecksum + description: 'Specify the expected SHA512 checksum of the selected backing image in Longhorn StorageClass. + WARNING: + - If the backing image name is not specified, setting this field is meaningless. + - It is not recommended to set this field if the data source type is \"export-from-volume\".' + label: Storage Class Backing Image Expected SHA512 Checksum + group: "Longhorn Storage Class Settings" + type: string + default: + - variable: persistence.backingImage.dataSourceType + description: 'Specify the data source type for the backing image used in Longhorn StorageClass. + If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image. + WARNING: + - If the backing image name is not specified, setting this field is meaningless. + - As for backing image creation with data source type \"upload\", it is recommended to do it via UI rather than StorageClass here. Uploading requires file data sending to the Longhorn backend after the object creation, which is complicated if you want to handle it manually.' + label: Storage Class Backing Image Data Source Type + group: "Longhorn Storage Class Settings" + type: enum + options: + - "" + - "download" + - "upload" + - "export-from-volume" + default: "" + - variable: persistence.backingImage.dataSourceParameters + description: "Specify the data source parameters for the backing image used in Longhorn StorageClass. + If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image. + This option accepts a json string of a map. e.g., '{\"url\":\"https://backing-image-example.s3-region.amazonaws.com/test-backing-image\"}'. + WARNING: + - If the backing image name is not specified, setting this field is meaningless. + - Be careful of the quotes here." + label: Storage Class Backing Image Data Source Parameters + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: persistence.removeSnapshotsDuringFilesystemTrim + description: "Allow automatically removing snapshots during filesystem trim for Longhorn StorageClass" + label: Default Storage Class Remove Snapshots During Filesystem Trim + group: "Longhorn Storage Class Settings" + type: enum + options: + - "ignored" + - "enabled" + - "disabled" + default: "ignored" +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname + - variable: ingress.path + default: "/" + description: "If ingress is enabled you can set the default ingress path" + type: string + required: true + label: Ingress Path +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "false" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" +- variable: global.cattle.windowsCluster.enabled + default: "false" + description: "Enable this to allow Longhorn to run on the Rancher deployed Windows cluster." + label: Rancher Windows Cluster + type: boolean + group: "Other Settings" +- variable: networkPolicies.enabled + description: "Enable NetworkPolicies to limit access to the longhorn pods. + Warning: The Rancher Proxy will not work if this feature is enabled and a custom NetworkPolicy must be added." + group: "Other Settings" + label: Network Policies + default: "false" + type: boolean + subquestions: + - variable: networkPolicies.type + label: Network Policies for Ingress + description: "Create the policy to allow access for the ingress, select the distribution." + show_if: "networkPolicies.enabled=true&&ingress.enabled=true" + type: enum + default: "rke2" + options: + - "rke1" + - "rke2" + - "k3s" diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/NOTES.txt b/charts/longhorn/102.3.3+up1.5.5/templates/NOTES.txt new file mode 100644 index 000000000..cca7cd77b --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/_helpers.tpl b/charts/longhorn/102.3.3+up1.5.5/templates/_helpers.tpl new file mode 100644 index 000000000..3fbc2ac02 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "registry_url" -}} +{{- if .Values.privateRegistry.registryUrl -}} +{{- printf "%s/" .Values.privateRegistry.registryUrl -}} +{{- else -}} +{{ include "system_default_registry" . }} +{{- end -}} +{{- end -}} + +{{- /* + define the longhorn release namespace +*/ -}} +{{- define "release_namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/clusterrole.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/clusterrole.yaml new file mode 100644 index 000000000..e652a3403 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/clusterrole.yaml @@ -0,0 +1,61 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps", "serviceaccounts"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets", "podsecuritypolicies"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status", + "volumeattachments", "volumeattachments/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] +- apiGroups: ["apiregistration.k8s.io"] + resources: ["apiservices"] + verbs: ["list", "watch"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "patch", "delete"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles", "rolebindings", "clusterrolebindings", "clusterroles"] + verbs: ["*"] diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/clusterrolebinding.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..8ab944b23 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/clusterrolebinding.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-support-bundle + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: longhorn-support-bundle + namespace: {{ include "release_namespace" . }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/daemonset-sa.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/daemonset-sa.yaml new file mode 100644 index 000000000..21614b033 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/daemonset-sa.yaml @@ -0,0 +1,150 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ include "release_namespace" . }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + privileged: true + command: + - longhorn-manager + - -d + {{- if eq .Values.longhornManager.log.format "json" }} + - -j + {{- end }} + - daemon + - --engine-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --share-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}" + - --backing-image-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.backingImageManager.repository }}:{{ .Values.image.longhorn.backingImageManager.tag }}" + - --support-bundle-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.supportBundleKit.repository }}:{{ .Values.image.longhorn.supportBundleKit.tag }}" + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + - containerPort: 9501 + name: conversion-wh + - containerPort: 9502 + name: admission-wh + - containerPort: 9503 + name: recov-backend + readinessProbe: + httpGet: + path: /v1/healthz + port: 9501 + scheme: HTTPS + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-grpc-tls + mountPath: /tls-files/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-grpc-tls + secret: + secretName: longhorn-grpc-tls + optional: true + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.tolerations }} +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornManager.nodeSelector }} +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ include "release_namespace" . }} + {{- if .Values.longhornManager.serviceAnnotations }} + annotations: +{{ toYaml .Values.longhornManager.serviceAnnotations | indent 4 }} + {{- end }} +spec: + type: {{ .Values.service.manager.type }} + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/default-setting.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/default-setting.yaml new file mode 100644 index 000000000..8630171c8 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/default-setting.yaml @@ -0,0 +1,199 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + {{- if not (kindIs "invalid" .Values.defaultSettings.backupTarget) }} + backup-target: {{ .Values.defaultSettings.backupTarget }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backupTargetCredentialSecret) }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.allowRecurringJobWhileVolumeDetached) }} + allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.createDefaultDiskLabeledNodes) }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.defaultDataPath) }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.defaultDataLocality) }} + default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaSoftAntiAffinity) }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaAutoBalance) }} + replica-auto-balance: {{ .Values.defaultSettings.replicaAutoBalance }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.storageOverProvisioningPercentage) }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.storageMinimalAvailablePercentage) }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.storageReservedPercentageForDefaultDisk) }} + storage-reserved-percentage-for-default-disk: {{ .Values.defaultSettings.storageReservedPercentageForDefaultDisk }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.upgradeChecker) }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.defaultReplicaCount) }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.defaultLonghornStaticStorageClass) }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backupstorePollInterval) }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.failedBackupTTL) }} + failed-backup-ttl: {{ .Values.defaultSettings.failedBackupTTL }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.restoreVolumeRecurringJobs) }} + restore-volume-recurring-jobs: {{ .Values.defaultSettings.restoreVolumeRecurringJobs }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.recurringSuccessfulJobsHistoryLimit) }} + recurring-successful-jobs-history-limit: {{ .Values.defaultSettings.recurringSuccessfulJobsHistoryLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.recurringFailedJobsHistoryLimit) }} + recurring-failed-jobs-history-limit: {{ .Values.defaultSettings.recurringFailedJobsHistoryLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.supportBundleFailedHistoryLimit) }} + support-bundle-failed-history-limit: {{ .Values.defaultSettings.supportBundleFailedHistoryLimit }} + {{- end }} + {{- if or (not (kindIs "invalid" .Values.defaultSettings.taintToleration)) (.Values.global.cattle.windowsCluster.enabled) }} + taint-toleration: {{ $windowsDefaultSettingTaintToleration := list }}{{ $defaultSettingTaintToleration := list -}} + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.defaultSetting.taintToleration -}} + {{- $windowsDefaultSettingTaintToleration = .Values.global.cattle.windowsCluster.defaultSetting.taintToleration -}} + {{- end -}} + {{- if not (kindIs "invalid" .Values.defaultSettings.taintToleration) -}} + {{- $defaultSettingTaintToleration = .Values.defaultSettings.taintToleration -}} + {{- end -}} + {{- $taintToleration := list $windowsDefaultSettingTaintToleration $defaultSettingTaintToleration }}{{ join ";" (compact $taintToleration) -}} + {{- end }} + {{- if or (not (kindIs "invalid" .Values.defaultSettings.systemManagedComponentsNodeSelector)) (.Values.global.cattle.windowsCluster.enabled) }} + system-managed-components-node-selector: {{ $windowsDefaultSettingNodeSelector := list }}{{ $defaultSettingNodeSelector := list -}} + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.defaultSetting.systemManagedComponentsNodeSelector -}} + {{ $windowsDefaultSettingNodeSelector = .Values.global.cattle.windowsCluster.defaultSetting.systemManagedComponentsNodeSelector -}} + {{- end -}} + {{- if not (kindIs "invalid" .Values.defaultSettings.systemManagedComponentsNodeSelector) -}} + {{- $defaultSettingNodeSelector = .Values.defaultSettings.systemManagedComponentsNodeSelector -}} + {{- end -}} + {{- $nodeSelector := list $windowsDefaultSettingNodeSelector $defaultSettingNodeSelector }}{{ join ";" (compact $nodeSelector) -}} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.priorityClass) }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.autoSalvage) }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly) }} + auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.disableSchedulingOnCordonedNode) }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaZoneSoftAntiAffinity) }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.nodeDownPodDeletionPolicy) }} + node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.nodeDrainPolicy) }} + node-drain-policy: {{ .Values.defaultSettings.nodeDrainPolicy }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaReplenishmentWaitInterval) }} + replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.concurrentReplicaRebuildPerNodeLimit) }} + concurrent-replica-rebuild-per-node-limit: {{ .Values.defaultSettings.concurrentReplicaRebuildPerNodeLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.concurrentVolumeBackupRestorePerNodeLimit) }} + concurrent-volume-backup-restore-per-node-limit: {{ .Values.defaultSettings.concurrentVolumeBackupRestorePerNodeLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.disableRevisionCounter) }} + disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.systemManagedPodsImagePullPolicy) }} + system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability) }} + allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot) }} + auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit) }} + concurrent-automatic-engine-upgrade-per-node-limit: {{ .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backingImageCleanupWaitInterval) }} + backing-image-cleanup-wait-interval: {{ .Values.defaultSettings.backingImageCleanupWaitInterval }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backingImageRecoveryWaitInterval) }} + backing-image-recovery-wait-interval: {{ .Values.defaultSettings.backingImageRecoveryWaitInterval }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.guaranteedInstanceManagerCPU) }} + guaranteed-instance-manager-cpu: {{ .Values.defaultSettings.guaranteedInstanceManagerCPU }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.kubernetesClusterAutoscalerEnabled) }} + kubernetes-cluster-autoscaler-enabled: {{ .Values.defaultSettings.kubernetesClusterAutoscalerEnabled }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.orphanAutoDeletion) }} + orphan-auto-deletion: {{ .Values.defaultSettings.orphanAutoDeletion }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.storageNetwork) }} + storage-network: {{ .Values.defaultSettings.storageNetwork }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.deletingConfirmationFlag) }} + deleting-confirmation-flag: {{ .Values.defaultSettings.deletingConfirmationFlag }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.engineReplicaTimeout) }} + engine-replica-timeout: {{ .Values.defaultSettings.engineReplicaTimeout }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrity) }} + snapshot-data-integrity: {{ .Values.defaultSettings.snapshotDataIntegrity }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation) }} + snapshot-data-integrity-immediate-check-after-snapshot-creation: {{ .Values.defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrityCronjob) }} + snapshot-data-integrity-cronjob: {{ .Values.defaultSettings.snapshotDataIntegrityCronjob }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.removeSnapshotsDuringFilesystemTrim) }} + remove-snapshots-during-filesystem-trim: {{ .Values.defaultSettings.removeSnapshotsDuringFilesystemTrim }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.fastReplicaRebuildEnabled) }} + fast-replica-rebuild-enabled: {{ .Values.defaultSettings.fastReplicaRebuildEnabled }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.replicaFileSyncHttpClientTimeout) }} + replica-file-sync-http-client-timeout: {{ .Values.defaultSettings.replicaFileSyncHttpClientTimeout }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.logLevel) }} + log-level: {{ .Values.defaultSettings.logLevel }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backupCompressionMethod) }} + backup-compression-method: {{ .Values.defaultSettings.backupCompressionMethod }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.backupConcurrentLimit) }} + backup-concurrent-limit: {{ .Values.defaultSettings.backupConcurrentLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.restoreConcurrentLimit) }} + restore-concurrent-limit: {{ .Values.defaultSettings.restoreConcurrentLimit }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.v2DataEngine) }} + v2-data-engine: {{ .Values.defaultSettings.v2DataEngine }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.offlineReplicaRebuilding) }} + offline-replica-rebuilding: {{ .Values.defaultSettings.offlineReplicaRebuilding }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.disableSnapshotPurge) }} + disable-snapshot-purge: {{ .Values.defaultSettings.disableSnapshotPurge }} + {{- end }} + {{- if not (kindIs "invalid" .Values.defaultSettings.allowCollectingLonghornUsageMetrics) }} + allow-collecting-longhorn-usage-metrics: {{ .Values.defaultSettings.allowCollectingLonghornUsageMetrics }} + {{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/deployment-driver.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/deployment-driver.yaml new file mode 100644 index 000000000..f162fbf79 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/deployment-driver.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }} + - name: CSI_SNAPSHOTTER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}" + {{- end }} + {{- if and .Values.image.csi.livenessProbe.repository .Values.image.csi.livenessProbe.tag }} + - name: CSI_LIVENESS_PROBE_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.livenessProbe.repository }}:{{ .Values.image.csi.livenessProbe.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.snapshotterReplicaCount }} + - name: CSI_SNAPSHOTTER_REPLICA_COUNT + value: {{ .Values.csi.snapshotterReplicaCount | quote }} + {{- end }} + + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornDriver.priorityClass }} + priorityClassName: {{ .Values.longhornDriver.priorityClass | quote }} + {{- end }} + {{- if or .Values.longhornDriver.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornDriver.tolerations }} +{{ toYaml .Values.longhornDriver.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornDriver.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornDriver.nodeSelector }} +{{ toYaml .Values.longhornDriver.nodeSelector | indent 8 }} + {{- end }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/deployment-ui.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/deployment-ui.yaml new file mode 100644 index 000000000..6bad5cd4e --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/deployment-ui.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ include "release_namespace" . }} +spec: + replicas: {{ .Values.longhornUI.replicas }} + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - longhorn-ui + topologyKey: kubernetes.io/hostname + containers: + - name: longhorn-ui + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name : nginx-cache + mountPath: /var/cache/nginx/ + - name : nginx-config + mountPath: /var/config/nginx/ + - name: var-run + mountPath: /var/run/ + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + - name: LONGHORN_UI_PORT + value: "8000" + volumes: + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-config + - emptyDir: {} + name: var-run + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornUI.priorityClass }} + priorityClassName: {{ .Values.longhornUI.priorityClass | quote }} + {{- end }} + {{- if or .Values.longhornUI.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornUI.tolerations }} +{{ toYaml .Values.longhornUI.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornUI.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornUI.nodeSelector }} +{{ toYaml .Values.longhornUI.nodeSelector | indent 8 }} + {{- end }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ include "release_namespace" . }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + {{- if and .Values.service.ui.loadBalancerIP (eq .Values.service.ui.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.ui.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.ui.type "LoadBalancer") .Values.service.ui.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.ui.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/ingress.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/ingress.yaml new file mode 100644 index 000000000..ee47f8b8d --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/ingress.yaml @@ -0,0 +1,48 @@ +{{- if .Values.ingress.enabled }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: longhorn-ingress + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.secureBackends }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: ImplementationSpecific + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: longhorn-frontend + port: + number: 80 + {{- else }} + serviceName: longhorn-frontend + servicePort: 80 + {{- end }} +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/backing-image-data-source-network-policy.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/backing-image-data-source-network-policy.yaml new file mode 100644 index 000000000..cc91054ba --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/backing-image-data-source-network-policy.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: backing-image-data-source + namespace: longhorn-system +spec: + podSelector: + matchLabels: + longhorn.io/component: backing-image-data-source + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: longhorn-manager + - podSelector: + matchLabels: + longhorn.io/component: instance-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-data-source +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/backing-image-manager-network-policy.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/backing-image-manager-network-policy.yaml new file mode 100644 index 000000000..ebc288f4b --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/backing-image-manager-network-policy.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: backing-image-manager + namespace: longhorn-system +spec: + podSelector: + matchLabels: + longhorn.io/component: backing-image-manager + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: longhorn-manager + - podSelector: + matchLabels: + longhorn.io/component: instance-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-data-source +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/instance-manager-networking.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/instance-manager-networking.yaml new file mode 100644 index 000000000..6f03c6eb3 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/instance-manager-networking.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: instance-manager + namespace: longhorn-system +spec: + podSelector: + matchLabels: + longhorn.io/component: instance-manager + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: longhorn-manager + - podSelector: + matchLabels: + longhorn.io/component: instance-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-manager + - podSelector: + matchLabels: + longhorn.io/component: backing-image-data-source +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/manager-network-policy.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/manager-network-policy.yaml new file mode 100644 index 000000000..c9d763fbe --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/manager-network-policy.yaml @@ -0,0 +1,35 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-manager + namespace: longhorn-system +spec: + podSelector: + matchLabels: + app: longhorn-manager + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: longhorn-manager + - podSelector: + matchLabels: + app: longhorn-ui + - podSelector: + matchLabels: + app: longhorn-csi-plugin + - podSelector: + matchLabels: + longhorn.io/managed-by: longhorn-manager + matchExpressions: + - { key: recurring-job.longhorn.io, operator: Exists } + - podSelector: + matchExpressions: + - { key: longhorn.io/job-task, operator: Exists } + - podSelector: + matchLabels: + app: longhorn-driver-deployer +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/recovery-backend-network-policy.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/recovery-backend-network-policy.yaml new file mode 100644 index 000000000..cebe4854a --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/recovery-backend-network-policy.yaml @@ -0,0 +1,17 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-recovery-backend + namespace: longhorn-system +spec: + podSelector: + matchLabels: + app: longhorn-manager + policyTypes: + - Ingress + ingress: + - ports: + - protocol: TCP + port: 9503 +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/ui-frontend-network-policy.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/ui-frontend-network-policy.yaml new file mode 100644 index 000000000..04c8beb38 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/ui-frontend-network-policy.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.networkPolicies.enabled .Values.ingress.enabled (not (eq .Values.networkPolicies.type "")) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-ui-frontend + namespace: longhorn-system +spec: + podSelector: + matchLabels: + app: longhorn-ui + policyTypes: + - Ingress + ingress: + - from: + {{- if eq .Values.networkPolicies.type "rke1"}} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: ingress-nginx + podSelector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + {{- else if eq .Values.networkPolicies.type "rke2" }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: rke2-ingress-nginx + app.kubernetes.io/name: rke2-ingress-nginx + {{- else if eq .Values.networkPolicies.type "k3s" }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + app.kubernetes.io/name: traefik + ports: + - port: 8000 + protocol: TCP + - port: 80 + protocol: TCP + {{- end }} +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/webhook-network-policy.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/webhook-network-policy.yaml new file mode 100644 index 000000000..c9790f6a2 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/network-policies/webhook-network-policy.yaml @@ -0,0 +1,33 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-conversion-webhook + namespace: longhorn-system +spec: + podSelector: + matchLabels: + app: longhorn-manager + policyTypes: + - Ingress + ingress: + - ports: + - protocol: TCP + port: 9501 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: longhorn-admission-webhook + namespace: longhorn-system +spec: + podSelector: + matchLabels: + app: longhorn-manager + policyTypes: + - Ingress + ingress: + - ports: + - protocol: TCP + port: 9502 +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/postupgrade-job.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/postupgrade-job.yaml new file mode 100644 index 000000000..bb25a54d4 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/postupgrade-job.yaml @@ -0,0 +1,56 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.tolerations }} +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornManager.nodeSelector }} +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} + {{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/preupgrade-job.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/preupgrade-job.yaml new file mode 100644 index 000000000..357e6d779 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/preupgrade-job.yaml @@ -0,0 +1,58 @@ +{{- if .Values.helmPreUpgradeCheckerJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed + name: longhorn-pre-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-pre-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-pre-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - longhorn-manager + - pre-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.tolerations }} +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornManager.nodeSelector }} +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/psp.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/psp.yaml new file mode 100644 index 000000000..a2dfc05be --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: default + namespace: {{ include "release_namespace" . }} +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/registry-secret.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/registry-secret.yaml new file mode 100644 index 000000000..3c6b1dc51 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/registry-secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.privateRegistry.createSecret }} +{{- if .Values.privateRegistry.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.privateRegistry.registrySecret }} + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/serviceaccount.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/serviceaccount.yaml new file mode 100644 index 000000000..a563d68ca --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-support-bundle + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} \ No newline at end of file diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/servicemonitor.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/servicemonitor.yaml new file mode 100644 index 000000000..fd11fe9d4 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/servicemonitor.yaml @@ -0,0 +1,19 @@ +{{- if .Values.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: longhorn-prometheus-servicemonitor + namespace: {{ include "release_namespace" . }} + labels: + {{- include "longhorn.labels" . | nindent 4 }} + name: longhorn-prometheus-servicemonitor +spec: + selector: + matchLabels: + app: longhorn-manager + namespaceSelector: + matchNames: + - {{ include "release_namespace" . }} + endpoints: + - port: manager +{{- end }} \ No newline at end of file diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/services.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/services.yaml new file mode 100644 index 000000000..8baef021f --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/services.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-conversion-webhook + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} +spec: + type: ClusterIP + selector: + app: longhorn-manager + ports: + - name: conversion-webhook + port: 9501 + targetPort: conversion-wh +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-admission-webhook + name: longhorn-admission-webhook + namespace: {{ include "release_namespace" . }} +spec: + type: ClusterIP + selector: + app: longhorn-manager + ports: + - name: admission-webhook + port: 9502 + targetPort: admission-wh +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-recovery-backend + name: longhorn-recovery-backend + namespace: {{ include "release_namespace" . }} +spec: + type: ClusterIP + selector: + app: longhorn-manager + ports: + - name: recovery-backend + port: 9503 + targetPort: recov-backend +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + name: longhorn-engine-manager + namespace: {{ include "release_namespace" . }} +spec: + clusterIP: None + selector: + longhorn.io/component: instance-manager + longhorn.io/instance-manager-type: engine +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + name: longhorn-replica-manager + namespace: {{ include "release_namespace" . }} +spec: + clusterIP: None + selector: + longhorn.io/component: instance-manager + longhorn.io/instance-manager-type: replica diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/storageclass.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/storageclass.yaml new file mode 100644 index 000000000..f79699f5e --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/storageclass.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}" + volumeBindingMode: Immediate + parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + {{- if .Values.persistence.defaultFsType }} + fsType: "{{ .Values.persistence.defaultFsType }}" + {{- end }} + {{- if .Values.persistence.defaultMkfsParams }} + mkfsParams: "{{ .Values.persistence.defaultMkfsParams }}" + {{- end }} + {{- if .Values.persistence.migratable }} + migratable: "{{ .Values.persistence.migratable }}" + {{- end }} + {{- if .Values.persistence.nfsOptions }} + nfsOptions: "{{ .Values.persistence.nfsOptions }}" + {{- end }} + {{- if .Values.persistence.backingImage.enable }} + backingImage: {{ .Values.persistence.backingImage.name }} + backingImageDataSourceType: {{ .Values.persistence.backingImage.dataSourceType }} + backingImageDataSourceParameters: {{ .Values.persistence.backingImage.dataSourceParameters }} + backingImageChecksum: {{ .Values.persistence.backingImage.expectedChecksum }} + {{- end }} + {{- if .Values.persistence.recurringJobSelector.enable }} + recurringJobSelector: '{{ .Values.persistence.recurringJobSelector.jobList }}' + {{- end }} + dataLocality: {{ .Values.persistence.defaultDataLocality | quote }} + {{- if .Values.persistence.defaultNodeSelector.enable }} + nodeSelector: "{{ .Values.persistence.defaultNodeSelector.selector }}" + {{- end }} + {{- if .Values.persistence.removeSnapshotsDuringFilesystemTrim }} + unmapMarkSnapChainRemoved: "{{ .Values.persistence.removeSnapshotsDuringFilesystemTrim }}" + {{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/tls-secrets.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/tls-secrets.yaml new file mode 100644 index 000000000..74c43426d --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/tls-secrets.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "release_namespace" $ }} + labels: {{- include "longhorn.labels" $ | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/uninstall-job.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/uninstall-job.yaml new file mode 100644 index 000000000..968f42061 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/uninstall-job.yaml @@ -0,0 +1,57 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: longhorn-uninstall + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: Never + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.tolerations }} +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if or .Values.longhornManager.nodeSelector }} +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} + {{- end }} diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/userroles.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/userroles.yaml new file mode 100644 index 000000000..f9a8d7a58 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/userroles.yaml @@ -0,0 +1,53 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status", + "volumeattachments", "volumeattachments/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status", + "volumeattachments", "volumeattachments/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status", + "volumeattachments", "volumeattachments/status"] + verbs: [ "get", "list", "watch" ] \ No newline at end of file diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/validate-install-crd.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/validate-install-crd.yaml new file mode 100644 index 000000000..8168d3383 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/validate-install-crd.yaml @@ -0,0 +1,34 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/BackingImageDataSource" false -}} +# {{- set $found "longhorn.io/v1beta1/BackingImageManager" false -}} +# {{- set $found "longhorn.io/v1beta1/BackingImage" false -}} +# {{- set $found "longhorn.io/v1beta1/Backup" false -}} +# {{- set $found "longhorn.io/v1beta1/BackupTarget" false -}} +# {{- set $found "longhorn.io/v1beta1/BackupVolume" false -}} +# {{- set $found "longhorn.io/v1beta1/EngineImage" false -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- set $found "longhorn.io/v1beta1/InstanceManager" false -}} +# {{- set $found "longhorn.io/v1beta1/Node" false -}} +# {{- set $found "longhorn.io/v1beta2/Orphan" false -}} +# {{- set $found "longhorn.io/v1beta1/RecurringJob" false -}} +# {{- set $found "longhorn.io/v1beta1/Replica" false -}} +# {{- set $found "longhorn.io/v1beta1/Setting" false -}} +# {{- set $found "longhorn.io/v1beta1/ShareManager" false -}} +# {{- set $found "longhorn.io/v1beta2/Snapshot" false -}} +# {{- set $found "longhorn.io/v1beta2/SupportBundle" false -}} +# {{- set $found "longhorn.io/v1beta2/SystemBackup" false -}} +# {{- set $found "longhorn.io/v1beta2/SystemRestore" false -}} +# {{- set $found "longhorn.io/v1beta1/Volume" false -}} +# {{- set $found "longhorn.io/v1beta2/VolumeAttachment" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/longhorn/102.3.3+up1.5.5/templates/validate-psp-install.yaml b/charts/longhorn/102.3.3+up1.5.5/templates/validate-psp-install.yaml new file mode 100644 index 000000000..0df98e365 --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/templates/validate-psp-install.yaml @@ -0,0 +1,7 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +#{{- if .Values.enablePSP }} +#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} +#{{- end }} +#{{- end }} +#{{- end }} \ No newline at end of file diff --git a/charts/longhorn/102.3.3+up1.5.5/values.yaml b/charts/longhorn/102.3.3+up1.5.5/values.yaml new file mode 100644 index 000000000..97eb3b02e --- /dev/null +++ b/charts/longhorn/102.3.3+up1.5.5/values.yaml @@ -0,0 +1,306 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + windowsCluster: + # Enable this to allow Longhorn to run on the Rancher deployed Windows cluster + enabled: false + # Tolerate Linux node taint + tolerations: + - key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + # Select Linux nodes + nodeSelector: + kubernetes.io/os: "linux" + # Recognize toleration and node selector for Longhorn run-time created components + defaultSetting: + taintToleration: cattle.io/os=linux:NoSchedule + systemManagedComponentsNodeSelector: kubernetes.io/os:linux + +networkPolicies: + enabled: false + # Available types: k3s, rke2, rke1 + type: "k3s" + +image: + longhorn: + engine: + repository: rancher/mirrored-longhornio-longhorn-engine + tag: v1.5.5 + manager: + repository: rancher/mirrored-longhornio-longhorn-manager + tag: v1.5.5 + ui: + repository: rancher/mirrored-longhornio-longhorn-ui + tag: v1.5.5 + instanceManager: + repository: rancher/mirrored-longhornio-longhorn-instance-manager + tag: v1.5.5 + shareManager: + repository: rancher/mirrored-longhornio-longhorn-share-manager + tag: v1.5.5 + backingImageManager: + repository: rancher/mirrored-longhornio-backing-image-manager + tag: v1.5.5 + supportBundleKit: + repository: rancher/mirrored-longhornio-support-bundle-kit + tag: v0.0.37 + csi: + attacher: + repository: rancher/mirrored-longhornio-csi-attacher + tag: v4.4.2 + provisioner: + repository: rancher/mirrored-longhornio-csi-provisioner + tag: v3.6.2 + nodeDriverRegistrar: + repository: rancher/mirrored-longhornio-csi-node-driver-registrar + tag: v2.9.2 + resizer: + repository: rancher/mirrored-longhornio-csi-resizer + tag: v1.9.2 + snapshotter: + repository: rancher/mirrored-longhornio-csi-snapshotter + tag: v6.3.2 + livenessProbe: + repository: rancher/mirrored-longhornio-livenessprobe + tag: v2.12.0 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + loadBalancerIP: "" + loadBalancerSourceRanges: "" + +persistence: + defaultClass: true + defaultFsType: ext4 + defaultMkfsParams: "" + defaultClassReplicaCount: 3 + defaultDataLocality: disabled # best-effort otherwise + reclaimPolicy: Delete + migratable: false + # -- Set NFS mount options for Longhorn StorageClass for RWX volumes + nfsOptions: "" + recurringJobSelector: + enable: false + jobList: [] + backingImage: + enable: false + name: ~ + dataSourceType: ~ + dataSourceParameters: ~ + expectedChecksum: ~ + defaultNodeSelector: + enable: false # disable by default + selector: "" + removeSnapshotsDuringFilesystemTrim: ignored # "enabled" or "disabled" otherwise + +helmPreUpgradeCheckerJob: + enabled: true + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + snapshotterReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + allowRecurringJobWhileVolumeDetached: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + defaultDataLocality: ~ + replicaSoftAntiAffinity: ~ + replicaAutoBalance: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + storageReservedPercentageForDefaultDisk: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + failedBackupTTL: ~ + restoreVolumeRecurringJobs: ~ + recurringSuccessfulJobsHistoryLimit: ~ + recurringFailedJobsHistoryLimit: ~ + supportBundleFailedHistoryLimit: ~ + taintToleration: ~ + systemManagedComponentsNodeSelector: ~ + priorityClass: ~ + autoSalvage: ~ + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + nodeDownPodDeletionPolicy: ~ + nodeDrainPolicy: ~ + replicaReplenishmentWaitInterval: ~ + concurrentReplicaRebuildPerNodeLimit: ~ + concurrentVolumeBackupRestorePerNodeLimit: ~ + disableRevisionCounter: ~ + systemManagedPodsImagePullPolicy: ~ + allowVolumeCreationWithDegradedAvailability: ~ + autoCleanupSystemGeneratedSnapshot: ~ + concurrentAutomaticEngineUpgradePerNodeLimit: ~ + backingImageCleanupWaitInterval: ~ + backingImageRecoveryWaitInterval: ~ + guaranteedInstanceManagerCPU: ~ + kubernetesClusterAutoscalerEnabled: ~ + orphanAutoDeletion: ~ + storageNetwork: ~ + deletingConfirmationFlag: ~ + engineReplicaTimeout: ~ + snapshotDataIntegrity: ~ + snapshotDataIntegrityImmediateCheckAfterSnapshotCreation: ~ + snapshotDataIntegrityCronjob: ~ + removeSnapshotsDuringFilesystemTrim: ~ + fastReplicaRebuildEnabled: ~ + replicaFileSyncHttpClientTimeout: ~ + logLevel: ~ + backupCompressionMethod: ~ + backupConcurrentLimit: ~ + restoreConcurrentLimit: ~ + v2DataEngine: ~ + offlineReplicaRebuilding: ~ + disableSnapshotPurge: ~ + allowCollectingLonghornUsageMetrics: ~ + +privateRegistry: + createSecret: ~ + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + registrySecret: ~ + +longhornManager: + log: + ## Allowed values are `plain` or `json`. + format: plain + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + serviceAnnotations: {} + ## If you want to set annotations for the Longhorn Manager service, delete the `{}` in the line above + ## and uncomment this example block + # annotation-key1: "annotation-value1" + # annotation-key2: "annotation-value2" + +longhornDriver: + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +longhornUI: + replicas: 2 + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## Add ingressClassName to the Ingress + ## Can replace the kubernetes.io/ingress.class annotation on v1.18+ + ingressClassName: ~ + + host: sslip.io + + ## Set this to true in order to enable TLS on the ingress record + tls: false + + ## Enable this in order to enable that the backend service will be connected at port 443 + secureBackends: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## If ingress is enabled you can set the default ingress path + ## then you can access the UI by using the following full path {{host}}+{{path}} + path: / + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# For Kubernetes < v1.25, if your cluster enables Pod Security Policy admission controller, +# set this to `true` to ship longhorn-psp which allow privileged Longhorn pods to start +enablePSP: false + +## Specify override namespace, specifically this is useful for using longhorn as sub-chart +## and its release namespace is not the `longhorn-system` +namespaceOverride: "" + +# Annotations to add to the Longhorn Manager DaemonSet Pods. Optional. +annotations: {} + +serviceAccount: + # Annotations to add to the service account + annotations: {} + +metrics: + serviceMonitor: + # Enable this to create the ServiceMonitor + enabled: false diff --git a/index.yaml b/index.yaml index 6c068200e..be0aaff1b 100755 --- a/index.yaml +++ b/index.yaml @@ -2842,6 +2842,50 @@ entries: urls: - assets/longhorn/longhorn-102.4.0+up1.6.1.tgz version: 102.4.0+up1.6.1 + - annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/kube-version: '>= 1.21.0-0' + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 1.5.5 + apiVersion: v1 + appVersion: v1.5.5 + created: "2024-05-01T15:58:12.145471-03:00" + description: Longhorn is a distributed block storage system for Kubernetes. + digest: 3f0c704fc92e9ac89057fcf539f2aba17783ec742f190ef1dede14d65c04b9ec + home: https://github.com/longhorn/longhorn + icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png + keywords: + - longhorn + - storage + - distributed + - block + - device + - iscsi + - nfs + kubeVersion: '>=1.21.0-0' + maintainers: + - email: maintainers@longhorn.io + name: Longhorn maintainers + name: longhorn + sources: + - https://github.com/longhorn/longhorn + - https://github.com/longhorn/longhorn-engine + - https://github.com/longhorn/longhorn-instance-manager + - https://github.com/longhorn/longhorn-share-manager + - https://github.com/longhorn/longhorn-manager + - https://github.com/longhorn/longhorn-ui + - https://github.com/longhorn/longhorn-tests + - https://github.com/longhorn/backing-image-manager + urls: + - assets/longhorn/longhorn-102.3.3+up1.5.5.tgz + version: 102.3.3+up1.5.5 - annotations: catalog.cattle.io/auto-install: longhorn-crd=match catalog.cattle.io/certified: rancher @@ -4462,6 +4506,21 @@ entries: urls: - assets/longhorn-crd/longhorn-crd-102.4.0+up1.6.1.tgz version: 102.4.0+up1.6.1 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd + apiVersion: v1 + appVersion: v1.5.5 + created: "2024-05-01T15:58:39.207342-03:00" + description: Installs the CRDs for longhorn. + digest: afc041c570daba7b851b4b432bdeddca6f211e5bec5314e5c96844edd7bcb83d + name: longhorn-crd + type: application + urls: + - assets/longhorn-crd/longhorn-crd-102.3.3+up1.5.5.tgz + version: 102.3.3+up1.5.5 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index 8705e174d..bc67ad30f 100644 --- a/release.yaml +++ b/release.yaml @@ -19,12 +19,14 @@ longhorn: - 103.2.2+up1.5.4 - 102.4.0+up1.6.1 - 103.3.0+up1.6.1 + - 102.3.3+up1.5.5 longhorn-crd: - 102.3.1+up1.5.3 - 102.3.2+up1.5.4 - 103.2.2+up1.5.4 - 102.4.0+up1.6.1 - 103.3.0+up1.6.1 + - 102.3.3+up1.5.5 harvester-cloud-provider: - 104.0.0+up0.2.3 - 102.0.2+up0.2.3