Longhorn
Longhorn is a lightweight, reliable, and powerful distributed block storage system for Kubernetes.
Table of Contents
Installation
Prerequisites
- Kubernetes cluster with sufficient resources
- Storage class support
- Open-iSCSI installed on nodes
Install Longhorn
just longhorn::install
This command will:
- Add Longhorn Helm repository
- Install Longhorn via Helm with custom values
- Configure storage class with single replica
- Apply resource limits to all Longhorn components (via
patch-resourcesrecipe)
Verify Installation
# Check Longhorn pods
kubectl get pods -n longhorn
# Check storage class
kubectl get storageclass
Resource Configuration
Why We Use Kubernetes Patch Instead of Helm Values
Longhorn Helm chart does not support configuring resource requests/limits for most components through values.yaml.
Known Issues:
- The
resources: {}field exists invalues.yamlbut is not used in chart templates - GitHub Issue: #1502 - Add resource requests/limits to default deployment/controller rollouts
- Related Issues:
Pull Request Status:
- PR #10187 - Allow setting requests and limits for LonghornUI, LonghornDriver and LonghornManager was opened in January 2025 but closed without merging in April 2025.
Our Approach: Post-Install Patching
Since Helm values don't work, we apply resource configurations after installation using kubectl patch:
just longhorn::patch-resources
This recipe is automatically called by just longhorn::install.
Resource Values
All resource values are based on Goldilocks/VPA recommendations and rounded to clean values following resource management best practices.
The patch-resources recipe configures resources for the following components:
- CSI Components (csi-attacher, csi-provisioner, csi-resizer, csi-snapshotter): Guaranteed QoS for stable CSI operations
- Engine Image DaemonSet (engine-image-ei-*): Guaranteed QoS
- CSI Plugin DaemonSet (longhorn-csi-plugin): 3 containers, Guaranteed QoS for critical CSI plugin
- Driver Deployer (longhorn-driver-deployer): Guaranteed QoS
- Longhorn Manager DaemonSet (longhorn-manager): Core component with Burstable QoS to allow CPU bursts during intensive storage operations. Includes 2 containers: main manager and pre-pull-share-manager-image
- Longhorn UI (longhorn-ui): Guaranteed QoS
For specific resource values, refer to the patch-resources recipe in longhorn/justfile.
Manual Resource Updates
If you need to update resource configurations:
-
Edit the justfile:
vim longhorn/justfile # Modify the patch-resources recipe -
Apply changes:
just longhorn::patch-resources -
Verify:
kubectl get deployment <name> -n longhorn -o jsonpath='{.spec.template.spec.containers[0].resources}' | jq
Future: When Helm Support is Added
If Longhorn adds Helm values support in future versions:
- Move resource configurations from
patch-resourcesrecipe tolonghorn-values.yaml - Remove or deprecate the
patch-resourcesrecipe - Update this documentation
Monitor these GitHub issues for updates:
OAuth2-Proxy Integration
Longhorn UI can be protected with OAuth2-Proxy for Keycloak authentication.
Setup OAuth2-Proxy
just longhorn::oauth2-proxy-install
This will:
- Prompt for Longhorn hostname (FQDN)
- Create Keycloak client
- Deploy OAuth2-Proxy with IngressRoute
- Apply resource limits to OAuth2-Proxy based on VPA recommendations
Resource Configuration:
OAuth2-Proxy resources are configured in the gomplate template (oauth2-proxy/oauth2-proxy-deployment.gomplate.yaml) with Guaranteed QoS based on Goldilocks/VPA recommendations.
Access Longhorn UI
After setup, access the Longhorn UI at:
https://<LONGHORN_HOST>
You'll be redirected to Keycloak for authentication.
Remove OAuth2-Proxy
just longhorn::oauth2-proxy-uninstall