Longhorn
Longhorn is a lightweight, reliable and easy-to-use distributed block storage system for Kubernetes. Simply put, it can take free space on any of your engines and use it as Block Storage. It can also be configured to store and synchronize this storage across multiple nodes to provide some fault tolerance. It also supports backups and snapshots of volumes. I find it easier than many other block storage solutions and more secure than NFS shares.
Product: Longhorn
Install Type: Helm (Chart)
Container Image: Docker
Installation Details
You may wish to read through the Longhorn Installation Instructions prior to installation to be sure you understand the process. But like most Helm installations, we start with adding the repository:
helm repo add longhorn https://charts.longhorn.io
helm repo update
I like to see the values and modify them myself as needed, so we can do:
helm show values longhorn/longhorn > values.yaml
By default, an ingress is not defined for the User Interface. I have leveraged Authentik with the embedded outpost to provide a secure authentication limited to admins for this.
ingress:
# -- Setting that allows Longhorn to generate ingress records for the Longhorn UI service.
enabled: true
# -- IngressClass resource that contains ingress configuration, including the name of the Ingress controller.
# ingressClassName can replace the kubernetes.io/ingress.class annotation used in earlier Kubernetes releases.
ingressClassName: your-ingress
# -- Hostname of the Layer 7 load balancer.
host: your.longhorn.ui
# -- Setting that allows you to enable TLS on ingress records.
tls: true
# -- Setting that allows you to enable secure connections to the Longhorn UI service via port 443.
secureBackends: false
# -- TLS secret that contains the private key and certificate to be used for TLS. This setting applies only when TLS is enabled on ingress records.
tlsSecret: longhorn-int-tls
# -- Default ingress path. You can access the Longhorn UI by following the full ingress path +.
path: /
## If you're using kube-lego, you will want to add:
## kubernetes.io/tls-acme: true
##
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
# -- Ingress annotations in the form of key-value pairs.
annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: true
cert-manager.io/cluster-issuer: your-issuer
# This should be the in-cluster DNS name for the authentik outpost service
# as when the external URL is specified here, nginx will overwrite some crucial headers
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-authentik-embedded-outpost.identity.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
# If you're using domain-level auth, use the authentication URL instead of the application URL
nginx.ingress.kubernetes.io/auth-signin: |-
https://lyour.longhorn.ui/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
Note:
This of course will only work if you have previously installed and configured Authentik, an Ingress, Cert Manager, and possibly an internal certificate provider. You can simply omit nginx.ingress.kubernetes.io/auth-url, nginx.ingress.kubernetes.io/auth-signin, and nginx.ingress.kubernetes.io/auth-response-headers keys and values if you are not leveraging Authentik for Single Sign On.
We can then install it with:
helm upgrade --install longhorn longhorn/longhorn --namespace longhorn-system \
--create-namespace --version 1.6.0 -f values.yaml