diff --git a/longhorn/argocd/longhorn.yaml b/longhorn/argocd/longhorn.yaml new file mode 100644 index 0000000..0e9d8f7 --- /dev/null +++ b/longhorn/argocd/longhorn.yaml @@ -0,0 +1,118 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: longhorn + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + # Helm chart from Longhorn repository + - repoURL: https://charts.longhorn.io + chart: longhorn + targetRevision: 1.7.2 + helm: + valueFiles: + - $values/longhorn/helm-values/longhorn.yaml + # Values file from Git repository + - repoURL: https://gitea0213.kro.kr/bluemayne/databases.git + targetRevision: main + ref: values + # Ingress from Git repository + - repoURL: https://gitea0213.kro.kr/bluemayne/databases.git + targetRevision: main + path: longhorn/ingress + + destination: + server: https://kubernetes.default.svc + namespace: longhorn-system + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + - RespectIgnoreDifferences=true + - ServerSideApply=true + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + + revisionHistoryLimit: 10 + + # Ignore differences in CRDs managed by Longhorn + ignoreDifferences: + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + name: engines.longhorn.io + jqPathExpressions: + - .spec.conversion.webhook.clientConfig + - .status + - .metadata.annotations + - .metadata.generation + - .metadata.resourceVersion + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + name: engineimages.longhorn.io + jqPathExpressions: + - .spec.conversion.webhook.clientConfig + - .status + - .metadata.annotations + - .metadata.generation + - .metadata.resourceVersion + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + name: instancemanagers.longhorn.io + jqPathExpressions: + - .spec.conversion.webhook.clientConfig + - .status + - .metadata.annotations + - .metadata.generation + - .metadata.resourceVersion + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + name: nodes.longhorn.io + jqPathExpressions: + - .spec.conversion.webhook.clientConfig + - .status + - .metadata.annotations + - .metadata.generation + - .metadata.resourceVersion + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + name: replicas.longhorn.io + jqPathExpressions: + - .spec.conversion.webhook.clientConfig + - .status + - .metadata.annotations + - .metadata.generation + - .metadata.resourceVersion + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + name: settings.longhorn.io + jqPathExpressions: + - .spec.conversion.webhook.clientConfig + - .status + - .metadata.annotations + - .metadata.generation + - .metadata.resourceVersion + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + name: volumes.longhorn.io + jqPathExpressions: + - .spec.conversion.webhook.clientConfig + - .status + - .metadata.annotations + - .metadata.generation + - .metadata.resourceVersion diff --git a/longhorn/helm-values/longhorn.yaml b/longhorn/helm-values/longhorn.yaml new file mode 100644 index 0000000..7a05922 --- /dev/null +++ b/longhorn/helm-values/longhorn.yaml @@ -0,0 +1,120 @@ +# Longhorn Helm Values +# Chart: https://github.com/longhorn/longhorn + +# Pre-upgrade checker - disable for ArgoCD/GitOps (per Longhorn docs) +preUpgradeChecker: + jobEnabled: false + upgradeVersionCheck: false + +# Persistence settings +persistence: + defaultClass: true # Set Longhorn as default StorageClass + defaultClassReplicaCount: 3 # Number of replicas for high availability + reclaimPolicy: Retain # Keep PV data when PVC is deleted + +# Default settings +defaultSettings: + # Storage + defaultReplicaCount: 3 # Default number of replicas for volumes + defaultDataPath: /var/lib/longhorn # Data storage path on nodes + + # Backup settings + backupTarget: "" # S3/NFS backup target (configure later if needed) + backupTargetCredentialSecret: "" + + # Performance + guaranteedInstanceManagerCPU: 5 # 5% CPU for instance managers + createDefaultDiskLabeledNodes: true # Auto-discover storage on labeled nodes + + # Node scheduling + replicaSoftAntiAffinity: true # Prefer to spread replicas across nodes + replicaAutoBalance: best-effort # Auto-balance replicas + storageOverProvisioningPercentage: 200 # Allow 200% overprovisioning + storageMinimalAvailablePercentage: 10 # Keep 10% storage available + + # Snapshot and backup + snapshotDataIntegrity: fast-check # Fast integrity check for snapshots + snapshotDataIntegrityImmediateCheckAfterSnapshotCreation: false + + # Auto cleanup + orphanAutoDeletion: true # Auto delete orphaned resources + +# Longhorn Manager (control plane) +longhornManager: + priorityClass: ~ + tolerations: [] + nodeSelector: {} + +# Longhorn Driver (CSI driver) +longhornDriver: + priorityClass: ~ + tolerations: [] + nodeSelector: {} + +# Longhorn UI +longhornUI: + replicas: 1 + priorityClass: ~ + tolerations: [] + nodeSelector: {} + +# CSI components +csi: + attacherReplicaCount: 1 + provisionerReplicaCount: 1 + resizerReplicaCount: 1 + snapshotterReplicaCount: 1 + +# Ingress for Longhorn UI +ingress: + enabled: false # We'll create a separate Ingress resource + +# Service configuration +service: + ui: + type: ClusterIP + nodePort: null + +# Monitoring +# Enable if Prometheus is available +enablePSP: false # Pod Security Policy (deprecated in K8s 1.25+) + +# Resources - NO CPU LIMITS per user request +resources: + longhornManager: + requests: + cpu: 100m + memory: 256Mi + limits: + # cpu: not set to prevent throttling + memory: 512Mi + + longhornDriver: + requests: + cpu: 50m + memory: 128Mi + limits: + # cpu: not set to prevent throttling + memory: 256Mi + + longhornUI: + requests: + cpu: 50m + memory: 64Mi + limits: + # cpu: not set to prevent throttling + memory: 128Mi + +# Default StorageClass parameters +defaultStorageClass: + enabled: true + name: longhorn + defaultClass: true + reclaimPolicy: Retain + allowVolumeExpansion: true + parameters: + numberOfReplicas: "3" + staleReplicaTimeout: "2880" # 48 hours + fromBackup: "" + fsType: "ext4" + dataLocality: "disabled" # Allow scheduling on any node diff --git a/longhorn/ingress/longhorn-ingress.yaml b/longhorn/ingress/longhorn-ingress.yaml new file mode 100644 index 0000000..34a73d4 --- /dev/null +++ b/longhorn/ingress/longhorn-ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: longhorn-system + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: haproxy + tls: + - hosts: + - longhorn0213.kro.kr + secretName: longhorn-tls + rules: + - host: longhorn0213.kro.kr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: longhorn-frontend + port: + number: 80 diff --git a/longhorn/kustomization.yaml b/longhorn/kustomization.yaml new file mode 100644 index 0000000..dc0b675 --- /dev/null +++ b/longhorn/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: longhorn-system + +resources: + - ingress/longhorn-ingress.yaml diff --git a/postgresql-dev/helm-values/postgresql-dev.yaml b/postgresql-dev/helm-values/postgresql-dev.yaml index e21075e..114bf5b 100644 --- a/postgresql-dev/helm-values/postgresql-dev.yaml +++ b/postgresql-dev/helm-values/postgresql-dev.yaml @@ -26,7 +26,9 @@ resources: requests: memory: "256Mi" cpu: "30m" # Reduced to 30% of original (100m -> 30m) - limits: {} # Empty limits to prevent Helm chart defaults in standalone mode + limits: + cpu: null + memory: null metrics: enabled: false