xeiaso.net / site
The code and data behind xeiaso.net
5
fork

Configure Feed

Select the types of activity you want to include in your feed.

lol oops

Signed-off-by: Xe Iaso <me@xeiaso.net>

Xe Iaso 1a1c4141 f52ea15a

+76
+76
lume/src/notes/2024/homelab-v2/04-2.mdx
··· 1 + --- 2 + title: "Rebuilding the homelab: Fixing longhorn was annoyingly easy" 3 + desc: "lol oops" 4 + date: 2024-05-09 5 + tags: 6 + - homelab 7 + - k8s 8 + - longhorn 9 + --- 10 + 11 + This is a followup to [my last post](../04/), where I was trying to get Longhorn working on my cluster. Turns out the problem was really stupid and I need to explain what's going on so you can properly commiserate. 12 + 13 + Talos Linux sets a default security policy that blocks the Longhorn manager from running. This is because the Longhorn manager runs as root and Talos Linux is paranoid about security. In order to get Longhorn running, I had to add the following annotations to the Longhorn namespace: 14 + 15 + ```yaml 16 + apiVersion: v1 17 + kind: Namespace 18 + metadata: 19 + name: longhorn-system 20 + labels: 21 + pod-security.kubernetes.io/enforce: privileged 22 + pod-security.kubernetes.io/enforce-version: latest 23 + pod-security.kubernetes.io/audit: privileged 24 + pod-security.kubernetes.io/audit-version: latest 25 + pod-security.kubernetes.io/warn: privileged 26 + pod-security.kubernetes.io/warn-version: latest 27 + ``` 28 + 29 + Then you can create a PersistentVolumeClaim and attach it to a pod: 30 + 31 + ```yaml 32 + apiVersion: v1 33 + kind: PersistentVolumeClaim 34 + metadata: 35 + name: longhorn-volv-pvc 36 + namespace: default 37 + spec: 38 + accessModes: 39 + - ReadWriteOnce 40 + storageClassName: longhorn 41 + resources: 42 + requests: 43 + storage: 2Gi 44 + --- 45 + apiVersion: v1 46 + kind: Pod 47 + metadata: 48 + name: volume-test 49 + namespace: default 50 + spec: 51 + restartPolicy: Always 52 + containers: 53 + - name: volume-test 54 + image: nginx:stable-alpine 55 + imagePullPolicy: IfNotPresent 56 + livenessProbe: 57 + exec: 58 + command: 59 + - ls 60 + - /data/lost+found 61 + initialDelaySeconds: 5 62 + periodSeconds: 5 63 + volumeMounts: 64 + - name: volv 65 + mountPath: /data 66 + ports: 67 + - containerPort: 80 68 + volumes: 69 + - name: volv 70 + persistentVolumeClaim: 71 + claimName: longhorn-volv-pvc 72 + ``` 73 + 74 + <Conv name="Cadey" mood="facepalm"> 75 + I feel so dumb right now. It was just a security policy mismatch. 76 + </Conv>