Longhorn: Upgrade from 1.6.4. to 1.7.3
Change-Id: I4e713a453a6b9e983685e2db550066fd2694609f
diff --git a/charts/longhorn-1.6.4/templates/network-policies/backing-image-data-source-network-policy.yaml b/charts/longhorn-1.6.4/templates/network-policies/backing-image-data-source-network-policy.yaml
new file mode 100644
index 0000000..7204d63
--- /dev/null
+++ b/charts/longhorn-1.6.4/templates/network-policies/backing-image-data-source-network-policy.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: backing-image-data-source
+ namespace: {{ include "release_namespace" . }}
+spec:
+ podSelector:
+ matchLabels:
+ longhorn.io/component: backing-image-data-source
+ policyTypes:
+ - Ingress
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ app: longhorn-manager
+ - podSelector:
+ matchLabels:
+ longhorn.io/component: instance-manager
+ - podSelector:
+ matchLabels:
+ longhorn.io/component: backing-image-manager
+ - podSelector:
+ matchLabels:
+ longhorn.io/component: backing-image-data-source
+{{- end }}
diff --git a/charts/longhorn-1.6.4/templates/network-policies/backing-image-manager-network-policy.yaml b/charts/longhorn-1.6.4/templates/network-policies/backing-image-manager-network-policy.yaml
new file mode 100644
index 0000000..119ebf0
--- /dev/null
+++ b/charts/longhorn-1.6.4/templates/network-policies/backing-image-manager-network-policy.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: backing-image-manager
+ namespace: {{ include "release_namespace" . }}
+spec:
+ podSelector:
+ matchLabels:
+ longhorn.io/component: backing-image-manager
+ policyTypes:
+ - Ingress
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ app: longhorn-manager
+ - podSelector:
+ matchLabels:
+ longhorn.io/component: instance-manager
+ - podSelector:
+ matchLabels:
+ longhorn.io/component: backing-image-manager
+ - podSelector:
+ matchLabels:
+ longhorn.io/component: backing-image-data-source
+{{- end }}
diff --git a/charts/longhorn-1.6.4/templates/network-policies/instance-manager-networking.yaml b/charts/longhorn-1.6.4/templates/network-policies/instance-manager-networking.yaml
new file mode 100644
index 0000000..332aa2c
--- /dev/null
+++ b/charts/longhorn-1.6.4/templates/network-policies/instance-manager-networking.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: instance-manager
+ namespace: {{ include "release_namespace" . }}
+spec:
+ podSelector:
+ matchLabels:
+ longhorn.io/component: instance-manager
+ policyTypes:
+ - Ingress
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ app: longhorn-manager
+ - podSelector:
+ matchLabels:
+ longhorn.io/component: instance-manager
+ - podSelector:
+ matchLabels:
+ longhorn.io/component: backing-image-manager
+ - podSelector:
+ matchLabels:
+ longhorn.io/component: backing-image-data-source
+{{- end }}
diff --git a/charts/longhorn-1.6.4/templates/network-policies/manager-network-policy.yaml b/charts/longhorn-1.6.4/templates/network-policies/manager-network-policy.yaml
new file mode 100644
index 0000000..6f94029
--- /dev/null
+++ b/charts/longhorn-1.6.4/templates/network-policies/manager-network-policy.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: longhorn-manager
+ namespace: {{ include "release_namespace" . }}
+spec:
+ podSelector:
+ matchLabels:
+ app: longhorn-manager
+ policyTypes:
+ - Ingress
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ app: longhorn-manager
+ - podSelector:
+ matchLabels:
+ app: longhorn-ui
+ - podSelector:
+ matchLabels:
+ app: longhorn-csi-plugin
+ - podSelector:
+ matchLabels:
+ longhorn.io/managed-by: longhorn-manager
+ matchExpressions:
+ - { key: recurring-job.longhorn.io, operator: Exists }
+ - podSelector:
+ matchExpressions:
+ - { key: longhorn.io/job-task, operator: Exists }
+ - podSelector:
+ matchLabels:
+ app: longhorn-driver-deployer
+{{- end }}
diff --git a/charts/longhorn-1.6.4/templates/network-policies/recovery-backend-network-policy.yaml b/charts/longhorn-1.6.4/templates/network-policies/recovery-backend-network-policy.yaml
new file mode 100644
index 0000000..6e34dad
--- /dev/null
+++ b/charts/longhorn-1.6.4/templates/network-policies/recovery-backend-network-policy.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: longhorn-recovery-backend
+ namespace: {{ include "release_namespace" . }}
+spec:
+ podSelector:
+ matchLabels:
+ app: longhorn-manager
+ policyTypes:
+ - Ingress
+ ingress:
+ - ports:
+ - protocol: TCP
+ port: 9503
+{{- end }}
diff --git a/charts/longhorn-1.6.4/templates/network-policies/ui-frontend-network-policy.yaml b/charts/longhorn-1.6.4/templates/network-policies/ui-frontend-network-policy.yaml
new file mode 100644
index 0000000..6f37065
--- /dev/null
+++ b/charts/longhorn-1.6.4/templates/network-policies/ui-frontend-network-policy.yaml
@@ -0,0 +1,46 @@
+{{- if and .Values.networkPolicies.enabled .Values.ingress.enabled (not (eq .Values.networkPolicies.type "")) }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: longhorn-ui-frontend
+ namespace: {{ include "release_namespace" . }}
+spec:
+ podSelector:
+ matchLabels:
+ app: longhorn-ui
+ policyTypes:
+ - Ingress
+ ingress:
+ - from:
+ {{- if eq .Values.networkPolicies.type "rke1"}}
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: ingress-nginx
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: ingress-nginx
+ app.kubernetes.io/name: ingress-nginx
+ {{- else if eq .Values.networkPolicies.type "rke2" }}
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: kube-system
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: rke2-ingress-nginx
+ app.kubernetes.io/name: rke2-ingress-nginx
+ {{- else if eq .Values.networkPolicies.type "k3s" }}
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: kube-system
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/name: traefik
+ ports:
+ - port: 8000
+ protocol: TCP
+ - port: 80
+ protocol: TCP
+ {{- end }}
+{{- end }}
diff --git a/charts/longhorn-1.6.4/templates/network-policies/webhook-network-policy.yaml b/charts/longhorn-1.6.4/templates/network-policies/webhook-network-policy.yaml
new file mode 100644
index 0000000..3575763
--- /dev/null
+++ b/charts/longhorn-1.6.4/templates/network-policies/webhook-network-policy.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: longhorn-conversion-webhook
+ namespace: {{ include "release_namespace" . }}
+spec:
+ podSelector:
+ matchLabels:
+ app: longhorn-manager
+ policyTypes:
+ - Ingress
+ ingress:
+ - ports:
+ - protocol: TCP
+ port: 9501
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: longhorn-admission-webhook
+ namespace: {{ include "release_namespace" . }}
+spec:
+ podSelector:
+ matchLabels:
+ app: longhorn-manager
+ policyTypes:
+ - Ingress
+ ingress:
+ - ports:
+ - protocol: TCP
+ port: 9502
+{{- end }}