Air Gap Installation
Longhorn can be installed in an air gapped environment by using a manifest file, a Helm chart, or the Rancher UI.
wget https://raw.githubusercontent.com/longhorn/longhorn/v1.0.2/deploy/longhorn-images.txt
longhorn-images.txt
list. If you specify a tar.gz
file name for flag --images
, the script will save all images to the provided filename. In the example below, the script pulls and saves Longhorn images to the file longhorn-images.tar.gz
. You then can copy the file to your air-gap environment. On the other hand, if you don’t specify the file name, the script just pulls the list of images to your computer.wget https://raw.githubusercontent.com/longhorn/longhorn/v1.0.2/scripts/save-images.sh
chmod +x save-images.sh
./save-images.sh --image-list longhorn-images.txt --images longhorn-images.tar.gz
tar.gz
file name for flag --images
, the script loads images from the tar
file and pushes them. Otherwise, it will find images in your local Docker and push them. In the example below, the script loads images from the file longhorn-images.tar.gz
and pushes them to <YOUR-PRIVATE-REGISTRY>
wget https://raw.githubusercontent.com/longhorn/longhorn/v1.0.2/scripts/load-images.sh
chmod +x load-images.sh
./load-images.sh --image-list longhorn-images.txt --images longhorn-images.tar.gz --registry <YOUR-PRIVATE-REGISTRY>
--help
:./save-images.sh --help
./load-images.sh --help
Get Longhorn Deployment manifest file
wget https://raw.githubusercontent.com/longhorn/longhorn/v1.0.2/deploy/longhorn.yaml
Create Longhorn namespace
kubectl create namespace longhorn-system
If private registry require authentication, Create docker-registry
secret in longhorn-system
namespace:
kubectl -n longhorn-system create secret docker-registry <SECRET_NAME> --docker-server=<REGISTRY_URL> --docker-username=<REGISTRY_USER> --docker-password=<REGISTRY_PASSWORD>
Add your secret name to longhorn-default-setting
ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: longhorn-default-setting
namespace: longhorn-system
data:
default-setting.yaml: |-
backup-target:
backup-target-credential-secret:
create-default-disk-labeled-nodes:
default-data-path:
replica-soft-anti-affinity:
storage-over-provisioning-percentage:
storage-minimal-available-percentage:
upgrade-checker:
default-replica-count:
guaranteed-engine-cpu:
default-longhorn-static-storage-class:
backupstore-poll-interval:
taint-toleration:
registry-secret: <SECRET_NAME>
Add your secret name SECRET_NAME
to imagePullSecrets.name
in the following resources
longhorn-driver-deployer
Deploymentlonghorn-manager
DaemonSetlonghorn-ui
DeploymentExample:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: longhorn-ui
name: longhorn-ui
namespace: longhorn-system
spec:
replicas: 1
selector:
matchLabels:
app: longhorn-ui
template:
metadata:
labels:
app: longhorn-ui
spec:
containers:
- name: longhorn-ui
image: longhornio/longhorn-ui:v0.8.0
ports:
- containerPort: 8000
env:
- name: LONGHORN_MANAGER_IP
value: "http://longhorn-backend:9500"
imagePullSecrets:
- name: <SECRET_NAME> ## Add SECRET_NAME here
serviceAccountName: longhorn-service-account
Apply the following modifications to the manifest file
Modify Kubernetes CSI driver components environment variables in longhorn-driver-deployer
Deployment point to your private registry images
- name: CSI_ATTACHER_IMAGE
value: <REGISTRY_URL>/csi-attacher:<CSI_ATTACHER_IMAGE_TAG>
- name: CSI_PROVISIONER_IMAGE
value: <REGISTRY_URL>/csi-provisioner:<CSI_PROVISIONER_IMAGE_TAG>
- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
value: <REGISTRY_URL>/csi-node-driver-registrar:<CSI_NODE_DRIVER_REGISTRAR_IMAGE_TAG>
- name: CSI_RESIZER_IMAGE
value: <REGISTRY_URL>/csi-resizer:<CSI_RESIZER_IMAGE_TAG>
Modify Longhorn images to point to your private registry images
longhornio/longhorn-manager
image: <REGISTRY_URL>/longhorn-manager:<LONGHORN_MANAGER_IMAGE_TAG>
longhornio/longhorn-engine
image: <REGISTRY_URL>/longhorn-engine:<LONGHORN_ENGINE_IMAGE_TAG>
longhornio/longhorn-instance-manager
image: <REGISTRY_URL>/longhorn-instance-manager:<LONGHORN_INSTANCE_MANAGER_IMAGE_TAG>
longhornio/longhorn-ui
image: <REGISTRY_URL>/longhorn-ui:<LONGHORN_UI_IMAGE_TAG>
Example:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: longhorn-ui
name: longhorn-ui
namespace: longhorn-system
spec:
replicas: 1
selector:
matchLabels:
app: longhorn-ui
template:
metadata:
labels:
app: longhorn-ui
spec:
containers:
- name: longhorn-ui
image: <REGISTRY_URL>/longhorn-ui:<LONGHORN_UI_IMAGE_TAG> ## Add image name and tag here
ports:
- containerPort: 8000
env:
- name: LONGHORN_MANAGER_IP
value: "http://longhorn-backend:9500"
imagePullSecrets:
- name: <SECRET_NAME>
serviceAccountName: longhorn-service-account
Deploy Longhorn using modified manifest file
kubectl apply -f longhorn.yaml
In v1.0.2, Longhorn automatically adds <REGISTRY_URL> prefix to images. You simply need to set the registryUrl parameters to pull images from your private registry.
Note: Once you set registryUrl to your private registry, Longhorn tries to pull images from the registry exclusively. Make sure all Longhorn components’ images are in the registry otherwise Longhorn will fail to pull images.
If you keep the images’ names as recommended here, you only need to do the following steps:
Clone the Longhorn repo:
git clone https://github.com/longhorn/longhorn.git
In chart/values.yaml
Specify Private registry URL
. If the registry requires authentication, specify Private registry user
, Private registry password
, and Private registry secret
:
defaultSettings:
registrySecret: <SECRET_NAME>
privateRegistry:
registryUrl: <REGISTRY_URL>
registryUser: <REGISTRY_USER>
registryPasswd: <REGISTRY_PASSWORD>
If you want to use custom images’ names, you can use the following steps:
Clone longhorn repo
git clone https://github.com/longhorn/longhorn.git
In chart/values.yaml
Note: Do not include the private registry prefix, it will be added automatically. e.g: if your image is
example.com/username/longhorn-manager
, useusername/longhorn-manager
in the following charts.
Specify Longhorn images and tag:
image:
longhorn:
engine: longhornio/longhorn-engine
engineTag: <LONGHORN_ENGINE_IMAGE_TAG>
manager: longhornio/longhorn-manager
managerTag: LONGHORN_MANAGER_IMAGE_TAG<>
ui: longhornio/longhorn-ui
uiTag: <LONGHORN_UI_IMAGE_TAG>
instanceManager: longhornio/longhorn-instance-manager
instanceManagerTag: <LONGHORN_INSTANCE_MANAGER_IMAGE_TAG>
Specify CSI Driver components images and tag:
csi:
attacherImage: longhornio/csi-attacher
attacherImageTag: <CSI_ATTACHER_IMAGE_TAG>
provisionerImage: longhornio/csi-provisioner
provisionerImageTag: <CSI_PROVISIONER_IMAGE_TAG>
driverRegistrarImage: longhornio/csi-node-driver-registrar
nodeDriverRegistrarImageTag: <CSI_NODE_DRIVER_REGISTRAR_IMAGE_TAG>
resizerImage: longhornio/csi-resizer
resizerImageTag: <CSI_RESIZER_IMAGE_TAG>
Specify Private registry URL
. If the registry requires authentication, specify Private registry user
, Private registry password
, and Private registry secret
:
defaultSettings:
registrySecret: <SECRET_NAME>
privateRegistry:
registryUrl: <REGISTRY_URL>
registryUser: <REGISTRY_USER>
registryPasswd: <REGISTRY_PASSWORD>
Install Longhorn
Helm2
helm install ./chart --name longhorn --namespace longhorn-system
Helm3
helm install longhorn ./chart --namespace longhorn-system --create-namespace
If you keep the images’ names as recommended here, you only need to do the following steps:
In the Longhorn Default Settings
section, click Customize Default Setting and specify the Private registry secret.
In the Private Registry Settings
section specify:
The
Private registry secret
must be specified in the default settings so that Longhorn can create a secret under the name. The process for setting up the private registry will be fixed to be less confusing, but not in the v1.0.2 release. More detail is at this comment.
If you want to use custom images’ names, you can set Use Default Images
to False
and specify images’ names.
Note: Do not include the private registry prefix, it will be added automatically. e.g: if your image is
example.com/username/longhorn-manager
, useusername/longhorn-manager
in the following charts.
Specify Private registry URL
. If the registry requires authentication, specify Private registry user
, Private registry password
, and Private registry secret
:
The
Private registry secret
must be specified in the default settings so that Longhorn can create a secret under the name. The process for setting up the private registry will be fixed to be less confusing, but not in the v1.0.2 release. More detail is at this comment.
longhorn-manager DaemonSet
will fail to create.Create the Kubernetes secret
kubectl -n longhorn-system create secret docker-registry <SECRET_NAME> --docker-server=<REGISTRY_URL> --docker-username=<REGISTRY_USER> --docker-password=<REGISTRY_PASSWORD>
Create registry-secret
setting object manually.
apiVersion: longhorn.io/v1beta1
kind: Setting
metadata:
name: registry-secret
namespace: longhorn-system
value: <SECRET_NAME>
kubectl apply -f registry-secret.yml
Delete Longhorn and re-install it again.
Helm2
helm uninstall ./chart --name longhorn --namespace longhorn-system
helm install ./chart --name longhorn --namespace longhorn-system
Helm3
helm uninstall longhorn ./chart --namespace longhorn-system
helm install longhorn ./chart --namespace longhorn-system
It’s highly recommended not to manipulate image tags, especially instance manager image tags such as v1_20200301, because we intentionally use the date to avoid associating it with a Longhorn version.
The images of Longhorn’s components are hosted in Dockerhub under the longhornio
account. For example, longhornio/longhorn-manager:v1.0.2
. It’s recommended to keep the account name, longhornio
, the same when you push the images to your private registry. This helps avoid unnecessary configuration issues.
© 2019-2024 Longhorn Authors | Documentation Distributed under CC-BY-4.0
© 2024 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.