feat: add longhorn to openCenter (#33)

Author: rackerchris

applications/base/services/longhorn/helm-base-overrides/hardened-values-v0.0.1.yaml

@@ -0,0 +1 @@
+---

applications/base/services/longhorn/kustomization.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - resources/namespace.yaml
+  - resources/longhorn-encrypted-storageclass.yaml
+  - resources/longhorn-multi-attach-storageclass.yaml
+  - resources/longhron-general-storageclass.yaml
+  - resources/helmrelease.yaml
+
+secretGenerator:
+  - name: longhorn-values-base
+    namespace: longhorn-system
+    type: Opaque
+    files:
+      - hardened.yaml=helm-base-overrides/hardened-values-v0.0.1.yaml
+    options:
+      disableNameSuffixHash: true

applications/base/services/longhorn/resources/helmrelease.yaml

@@ -0,0 +1,49 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: longhorn
+  namespace: longhorn-system
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: longhorn
+      version: "v1.10.0"
+      sourceRef:
+        kind: HelmRepository
+        name: longhorn-repo
+        namespace: longhorn-system
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 3
+    createNamespace: true
+  upgrade:
+    crds: CreateReplace
+    remediation:
+      retries: 3
+  values:
+    longhornDriver:
+      tolerations:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoSchedule
+      nodeSelector:
+        longhorn.io/storage-node: "enabled"
+    longhornRecoveryBackend:
+      tolerations:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoSchedule
+      nodeSelector:
+        longhorn.io/storage-node: "enabled"
+    longhornUI:
+      nodeSelector:
+        longhorn.io/control-storage-node: "enabled"
+    longhornConversionWebhook:
+      nodeSelector:
+        longhorn.io/control-storage-node: "enabled"
+    longhornAdmissionWebhook:
+      nodeSelector:
+        longhorn.io/control-storage-node: "enabled"

applications/base/services/longhorn/resources/longhorn-general-multi-attach-storageclass.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: longhorn-crypto
+  namespace: longhorn-system
+stringData:
+  CRYPTO_KEY_VALUE: "Your encryption passphrase"  # Be sure to replace this with your own passphrase
+  CRYPTO_KEY_PROVIDER: "secret"
+  CRYPTO_KEY_CIPHER: "aes-xts-plain64"
+  CRYPTO_KEY_HASH: "sha256"
+  CRYPTO_KEY_SIZE: "256"
+  CRYPTO_PBKDF: "argon2i"
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: general-encrypted
+provisioner: driver.longhorn.io
+allowVolumeExpansion: true
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
+parameters:
+  numberOfReplicas: "3"
+  dataLocality: "best-effort"
+  staleReplicaTimeout: "2880"
+  fromBackup: ""
+  fsType: "ext4"
+  encrypted: "true"
+  csi.storage.k8s.io/provisioner-secret-name: "longhorn-crypto"
+  csi.storage.k8s.io/provisioner-secret-namespace: "longhorn-system"
+  csi.storage.k8s.io/node-publish-secret-name: "longhorn-crypto"
+  csi.storage.k8s.io/node-publish-secret-namespace: "longhorn-system"
+  csi.storage.k8s.io/node-stage-secret-name: "longhorn-crypto"
+  csi.storage.k8s.io/node-stage-secret-namespace: "longhorn-system"

applications/base/services/longhorn/resources/longhorn-general-storageclass.yaml

@@ -0,0 +1,17 @@
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: general
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+provisioner: driver.longhorn.io
+allowVolumeExpansion: true
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
+parameters:
+  numberOfReplicas: "2"
+  dataLocality: "best-effort"
+  staleReplicaTimeout: "2880"
+  fromBackup: ""
+  fsType: "ext4"

applications/base/services/longhorn/resources/namespace.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    kubernetes.io/metadata.name: longhorn-system
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/audit-version: latest
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/enforce-version: latest
+    pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/warn-version: latest
+  name: longhorn-system

applications/base/services/longhorn/resources/source.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: longhorn-repo
+  namespace: longhorn-system
+spec:
+  interval: 10m # How often to check for updates to the repo index
+  url: https://charts.longhorn.io