Add longhorn crypto storageclasses
parent
6f5a86f612
commit
a60d3e372c
@ -0,0 +1,20 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: longhorn-crypto
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
encryptedData:
|
||||
CRYPTO_KEY_CIPHER: AgCvo3F4zyAitID1J3e82Zdr9t//TvQPBEUJwPmu7+ij8+kuyPT9+7wlPfN/oNQlOKDTBI+sG+dzPZyf8/SS7tvVoWWyPBwtING5svbNspND+pyqUAzZ6fI6v9UE7HNCy0vODX/PLoC91rUnONIelfNUUs8Mrw2hxH18b+f4C314cHhd4sctovCu/rgbvH5MJPM8zsIpiANNYXfX8CLddCV1MEL0CcMED01WJM1tSRD7bChTN3mlNLiUUvMkLsCBZAef+Em6exR22ao2USGC5D5CkmbsAckEP05Ib29LDyeR/dK9uBR8+l43m2qThq9FRde59mVTiM3YnWavFXzIf8oyBaJ99MGBEfzqLBj8oAOFV8mD1x+ztx6EhUKmuCARLDWZ25wxV5iBiBQlI919vEqdZDzfgy4CHd57dgheQMo2lEPlevp9Rgay5jF2Yj6unVJ0UvDwMU1mjACvIUqwHrTJhKYzOxUvNSr/kBpDKSq6T3bhkyNgHBlj4+scjkXovArGT3HLpmNpivTyYUknhAsUhpsrSwWQKWqWW5bJqWnHRYn3rhF88Rq7zdmeDqsBCiPYbT7Q9bfi7KYIkGqLhByaqhSnPdQDsQAdBQwXoF3gb7d7Mw7TnqNDVq/yt/fAOW48c84nYe+sqZgghCIAId3+O6u33eFrnYhMHHxapDalyTWBLv4Oi80L897fH2fF5XkfErKtzK3SHPR31I8ObJQ=
|
||||
CRYPTO_KEY_HASH: AgDJ31ivB35Wqvbcj3Z83NKQ1Kxc0OO33ca9gxAWAkiClPesJssxjpv/WEZ1HKgOuYvwxV2zF03UwCB/8jXwbKr1JStkGqicwqo8k6CY7tamh5wc1OKTimxygnMMroks8Ouqt84Rn3SrYgNZipzMHY+55O2VNmP+UKJQT47KSagYWfVNVX+O10lMV4MQTEetJk/tvkKHYnXV/zywXdrbODSu795IDyYAL/tpua2GRAbfC2q9QorsHhpTJUqR2VtBT6ZKiqcPgeGhCY121A12zOt7tHeuWD51vqqrcDyoPmO6H9t5SZLQuzx1b1v3swehdZCvS2gBS4d85iiiDLa/h6GxksUX1PBqz8MG7fD6NkJuVMNBqM2rqXRJtRvlh0Ls7T2uwz9Gnk6pxUU5U98E6/WKePp0rH1MhVHw0q5w8bWMO9Axj8rQjx4yMS70kOcVZOLYEQfs9Wi3HoBc+5R1hWJ/gca9G7DI46S0qbfsQh7GFvuN/uh9fm1yK27OO3MVsFa9Cg/5hk2fWy9vrR6n6hmZkebE0d1W6E0nAz3Bx+r10jtkZWn9efkVRaSxyJglfO+lkZr9dAHla8xBrNP6HnpV2eFoyOpoOKBAIfKlOTFBjfklCZuG4XZBbR5iMW+IFDLPU/y40ulsfElFwxhb3GQUTCqqi/6KFjUsoBuk6/q42Y0l7eFCycXTBdvV60pq1AmjlgTvWUw=
|
||||
CRYPTO_KEY_PROVIDER: AgAsmmj2MJ9j1PYfUTyEON7ZLJMTiv+DhMl0EZ2gAsv3q17lu1OFm9hemHe1Tq8LYm8u+MfDO1oJbPmKFDzHb9yyo/NLgoiz1TQoK4Ro+qDO7B6BA6um+uwAT7aU1cCVxNmlHaqor61dsyveCOYXOOIcdh2XSkAYn0IkibKNLL2i4Ef2dl4q+l+zyMQlKEEBUNK6nQf8TvXWWInmqrKj02vc2Yz0KyszLuRCkoN2vnkaK1QnQaZoB+OQCBP4h9uyDTMep6r29hJukcpVBX/GYyfWZCLTNt5Se3cZHjEptqUQDdlbtg3pWzcmYQxBn8Y6jaw8CE8DoOTSfG1dwZtijaET1N6At9+bhfS10X+DMNXePlO3oCzUi6GW8j3hNU5y9z49QqzcQ7+IKb/aqrPyNbsWgtw8vQjyt5VaVssXVCs9LpoXG/yrltS+5mfy3fz603Ru0v21LTtM7+IImCeAiwoQ2hJ4bIB0nztlEuHu8fKw+vF2z9q3KYVu7+x8Qf5IrCQOmfksv4ygscdjHXxAQY/nPuHd0S+EGd5oXVos1ZA4+CHH3DjtlkdOClZc/34zwnom1HUWutZOoHwbSHzasJH3Visf8FoAudFgZHyuNZxkc/EeTM32KZoaoU7A5KPX+9oqU7zrIUwc/KC20a25yxw8q8xBqfeOEdfMl2T2+/cTTcFJ0vG28AJLBC02kEhMevoCBPrGYeM=
|
||||
CRYPTO_KEY_SIZE: AgDOEpO2FEjMlRpBtXsksHB7j0VQ60Fj+taacs9MiDZcfO+EHF6HeJez7CJ8bXqppFGS+h893cF7gRhzgq3x/n69XPZXQt3Dd6zmbWy4CmalLEdT/1MgmAJMb/wwGGvPY+QS8Gcb6yvuM1Eqzq4giWAF38EONq1UcxCXQObhACmsOidw4WaT8EYg3Nt1YKrEsjylJ3hEAa8S6eb+CnXW+dx4aafibpisrW86nngeogMTfWkahHSxp/TzF7xqDK3JTaGMcoul4/rYVgkdFmQ6XjXe/D9TG3BFnBBJIMetKNDWcW1KkF1+ixHQOg6da5GowHzfPOyiNQFM4n+POp9Xje/8Cc/WcIzgR/MErNZRHyx5qKawNwSuYw8hZESTNOmHS1RIKFi2+pDxasy9U7L8MTnLIREy1gSNJy4Ptp+ja014ZDnoeUHlUsRil5kEjCucXySyXgTWj0CGs61xBMfjQ54JGHa79SaZn6ks5Ao/QoA3IHqkwdY8jfO90jMvXLAM8F/xZQuBm1RxtRIhuE6uhmiciNuSJ9U2K4KA46BkwFVI1XqIU22Az4DeNRw/vEG+7JN46CBmviiAx62lpJHlg3oBv2znvLdBDOGhAH4qn+skoiiCB/X6tgl6bxAgSU+Z9UDbERr7XeVIFub33pd9XhdKcx0pxNzVQNR0nUhuhRZN0Dj1zlmj8FXxG7EW80X/PIpZlnQ=
|
||||
CRYPTO_KEY_VALUE: AgC1YI84qkckv0EOup2iEqz1IDe+kFxYa0OFbGRPygn6+AT1GjpOqLwBZQw54cjnVV3xMoaI/qceAyi74wxMOZ9lIvymuD21oLRRlRLqJf3YUf33jQxbyd2mXek/DQqWM27h01+qcXm3TqrH/uGBXAqQfZgBPBZkqRiH2DKlrzykEb+GnBpEA/6e/vLpeZplQnefcagnSRlAeNlptjcZpm9FPmDwHAsSO6lMTmldWv2tg/bKc+KGdmNdwIJVulWCGSd9yKWSsf4rwxPjPdOb0efn+/djq7EqyTs+f8gFo8vNg0MwU3df9bkrtLsgsqFif1FO/FXN4Rbu6wdmwzNY+1ix6oal/MX77xKvyMW5amSvOeBKSR8udwjX3Xp52cOGD5G9N+CnDPBTwEAiQKTDOg68ZmpeaJcdwZ1AugXLdD+8sqfZD3K+N9rzKWlh8P6RirxLdD/jjMefdhvb3ALN1wdZhSLw6xDWqNbPuNba4OO814830gbjKsoEzjxGIAhOLlKc8JjHOfd0EhPALCx/9md76DAS9FkyzL+/dem7RpZl+FLwUY3mSSyaU29ePjGR5fXehhD8xh7N/oMp6y9qxJ3Slw9jR43pwDZ2n1+ut0WMzE6vxvf+0UWm3zw/0DXKSCvxquOkTRyYuL4DBgQpfDlkzNIb2+vJz5XC0saITCYKlstNOI1ja/AiRXeNnRFSHtd32U82gra+SiXSf8FG1rjg
|
||||
CRYPTO_PBKDF: AgDVDAjBh6FHTdXzOU+vR57QZQLGxl3Ow6BiW2ksHhUUcCATfNrFlMptJpTH+2EFWvtO5CJrFj6RE9EuSOW/OlWxAMiphxz61keZH32HaAg27Tc8Li8irr4+tbBcKmNYGm7B6suPpShMskcQSXDjqCrtSk3JqFmusQiNkZCcUQkOdA4jtDgO6q7wm3tgD8bfNONDI4RY8Py/7W/N2KH0dYK76/7iRi7efcIK97DZuB2I1IrERq3ED6U7hCoqUlgkbGznnsSkboi2BPKnCDCewLuC6aTbmShhyHtsU1XlCmS7pK/Hi+bNW70x3JX8Ud0uf//oiO36UD2+1IMRFe6u2e1UZ8+4WQRpRM81zzOJmNZIEFA6rOLGfnCSxHWEfpsyBPD42bcVTPFwI4F9YKoucMElG8bdxZBU5FPazkPKxyCX6BSCt8FaKpmdHOskx4Z5wsp8g4rYslE4JBuqLl5SfkzdnSD0EZSpUeBpKj3OPzdzTOJWgVq793dP5gT6PJ0TC7M/pevOMusqNXwktVF7hKfE4bYNrLwY0HovqMvYsLOCszrXr5xgA8h7Izw0gpB5AdlPW7R0VXEABN7S/eIwx7QhwiKh80H3bQNfNeSRpcvxICuf5oS6V2GAEEIniNyxudENrKZS7dRVmongt89p4bh43tPbS00AcS8TkY4cqErGOKhS9M/Gs0dtHAD3ROLPUdmW1rW+9IAw
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: longhorn-crypto
|
||||
namespace: longhorn-system
|
||||
|
@ -0,0 +1,21 @@
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
metadata:
|
||||
name: longhorn-crypto-global
|
||||
annotations:
|
||||
storageclass.kubernetes.io/is-default-class: "true"
|
||||
provisioner: driver.longhorn.io
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
diskSelector: ssd
|
||||
numberOfReplicas: "3"
|
||||
staleReplicaTimeout: "2880" # 48 hours in minutes
|
||||
fromBackup: ""
|
||||
encrypted: "true"
|
||||
# global secret that contains the encryption key that will be used for all volumes
|
||||
csi.storage.k8s.io/provisioner-secret-name: "longhorn-crypto"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "longhorn-system"
|
||||
csi.storage.k8s.io/node-publish-secret-name: "longhorn-crypto"
|
||||
csi.storage.k8s.io/node-publish-secret-namespace: "longhorn-system"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "longhorn-crypto"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "longhorn-system"
|
@ -0,0 +1,15 @@
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
metadata:
|
||||
name: longhorn-hdd
|
||||
provisioner: driver.longhorn.io
|
||||
allowVolumeExpansion: true
|
||||
reclaimPolicy: "Delete"
|
||||
volumeBindingMode: Immediate
|
||||
parameters:
|
||||
numberOfReplicas: "3"
|
||||
staleReplicaTimeout: "30"
|
||||
diskSelector: hdd
|
||||
fromBackup: ""
|
||||
fsType: "ext4"
|
||||
dataLocality: "disabled"
|
@ -0,0 +1,19 @@
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
metadata:
|
||||
name: longhorn-hdd-crypto-global
|
||||
provisioner: driver.longhorn.io
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
diskSelector: hdd
|
||||
numberOfReplicas: "3"
|
||||
staleReplicaTimeout: "2880" # 48 hours in minutes
|
||||
fromBackup: ""
|
||||
encrypted: "true"
|
||||
# global secret that contains the encryption key that will be used for all volumes
|
||||
csi.storage.k8s.io/provisioner-secret-name: "longhorn-crypto"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "longhorn-system"
|
||||
csi.storage.k8s.io/node-publish-secret-name: "longhorn-crypto"
|
||||
csi.storage.k8s.io/node-publish-secret-namespace: "longhorn-system"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "longhorn-crypto"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "longhorn-system"
|
Loading…
Reference in New Issue