forked from longhorn/longhorn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
uninstall.yaml
130 lines (130 loc) · 3.53 KB
/
uninstall.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#apiVersion: policy/v1beta1
#kind: PodSecurityPolicy
#metadata:
# name: longhorn-uninstall-psp
#spec:
# privileged: true
# allowPrivilegeEscalation: true
# requiredDropCapabilities:
# - NET_RAW
# allowedCapabilities:
# - SYS_ADMIN
# hostNetwork: false
# hostIPC: false
# hostPID: true
# runAsUser:
# rule: RunAsAny
# seLinux:
# rule: RunAsAny
# fsGroup:
# rule: RunAsAny
# supplementalGroups:
# rule: RunAsAny
# volumes:
# - configMap
# - downwardAPI
# - emptyDir
# - secret
# - projected
# - hostPath
#---
apiVersion: v1
kind: ServiceAccount
metadata:
name: longhorn-uninstall-service-account
namespace: longhorn-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: longhorn-uninstall-role
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- "*"
- apiGroups: [""]
resources: ["pods", "persistentvolumes", "persistentvolumeclaims", "nodes", "configmaps", "secrets", "services", "endpoints"]
verbs: ["*"]
- apiGroups: ["apps"]
resources: ["daemonsets", "statefulsets", "deployments"]
verbs: ["*"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["*"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["*"]
- apiGroups: ["scheduling.k8s.io"]
resources: ["priorityclasses"]
verbs: ["watch", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["csidrivers", "storageclasses", "volumeattachments"]
verbs: ["*"]
- apiGroups: ["longhorn.io"]
resources: ["volumes", "engines", "replicas", "settings", "engineimages", "nodes", "instancemanagers", "sharemanagers",
"backingimages", "backingimagemanagers", "backingimagedatasources", "backuptargets", "backupvolumes", "backups",
"recurringjobs", "orphans", "snapshots", "supportbundles", "systembackups", "systemrestores", "volumeattachments"]
verbs: ["*"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["*"]
# - apiGroups: ["policy"]
# resources: ["podsecuritypolicies"]
# verbs: ["use"]
# resourceNames: ["longhorn-uninstall-psp"]
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
verbs: ["get", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: longhorn-uninstall-bind
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: longhorn-uninstall-role
subjects:
- kind: ServiceAccount
name: longhorn-uninstall-service-account
namespace: longhorn-system
---
apiVersion: batch/v1
kind: Job
metadata:
name: longhorn-uninstall
namespace: longhorn-system
spec:
activeDeadlineSeconds: 900
backoffLimit: 1
template:
metadata:
name: longhorn-uninstall
spec:
containers:
- name: longhorn-uninstall
image: longhornio/longhorn-manager:master-head
imagePullPolicy: IfNotPresent
command:
- longhorn-manager
- uninstall
- --force
env:
- name: LONGHORN_NAMESPACE
value: longhorn-system
restartPolicy: Never
serviceAccountName: longhorn-uninstall-service-account
# imagePullSecrets:
# - name: ""
# priorityClassName:
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
# nodeSelector:
# label-key1: "label-value1"
# label-key2: "label-value2"