Homelab
Longhorn Upgrade
Upgrading Longhorn: 1.7.x to 1.9.x for Encryption Support
Overview
This article upgrades Longhorn from 1.7.x to 1.9.x through the required intermediate version 1.8.x. The upgrade fixes a bug where volume encryption fails on Talos 1.9+ due to cryptsetup receiving -d /dev/stdin instead of -d -1.
| Tip: | Having trouble? See v1.7.2 for what your setup should look like after completing this article. |
Before You Begin
Prerequisites
- Longhorn Hardening completed
Why Sequential Upgrades
Longhorn only supports upgrading one minor version at a time2. Skipping versions (e.g., 1.7.x directly to 1.9.x) is not supported.
Upgrade path: 1.7.x → 1.8.x → 1.9.x
Version Requirements
| Version | Kubernetes Required |
|---|---|
| 1.8.x | v1.25+ |
| 1.9.x | v1.25+ |
Check your Kubernetes version:
kubectl versionUpgrade to 1.8.x
HelmRelease: Upgrade to 1.8.1
k8s/core/longhorn/helmrelease.yaml:
# ... existing header ...
spec:
interval: 1h
chart:
spec:
chart: longhorn
version: "1.8.1" # CHANGE from "1.7.3"
sourceRef:
kind: HelmRepository
name: longhorn
namespace: flux-system
# ... existing install, upgrade, values ...Git: Commit 1.8 Upgrade
git add k8s/core/longhorn/helmrelease.yaml
git commit -m "feat(longhorn): upgrade to 1.8.1"
git pushFlux: Sync 1.8 Upgrade
flux reconcile source git flux-system
flux reconcile kustomization syncVerify: 1.8 Installation
Watch pods restart with the new version:
kubectl get pods -n longhorn-system -wExpected: All pods eventually reach Running state. The upgrade takes 2-3 minutes as components roll out.
Verify the version:
kubectl get helmrelease -n longhorn-system longhorn -o jsonpath='{.spec.chart.spec.version}'Expected: 1.8.1
Upgrade to 1.9.x
HelmRelease: Upgrade to 1.9.2
k8s/core/longhorn/helmrelease.yaml:
# ... existing header ...
spec:
interval: 1h
chart:
spec:
chart: longhorn
version: "1.9.2" # CHANGE from "1.8.1"
sourceRef:
kind: HelmRepository
name: longhorn
namespace: flux-system
# ... existing install, upgrade, values ...Git: Commit 1.9 Upgrade
git add k8s/core/longhorn/helmrelease.yaml
git commit -m "feat(longhorn): upgrade to 1.9.2"
git pushFlux: Sync 1.9 Upgrade
flux reconcile source git flux-system
flux reconcile kustomization syncVerify: 1.9 Installation
Watch pods restart:
kubectl get pods -n longhorn-system -wExpected: All pods eventually reach Running state.
Verify the version:
kubectl get helmrelease -n longhorn-system longhorn -o jsonpath='{.spec.chart.spec.version}'Expected: 1.9.2
Next Steps
With Longhorn upgraded to 1.9.x, encrypted volumes now work on Talos 1.9+. Continue with application hardening.
See: Minecraft Hardening
Resources
Footnotes
Sidero Labs, "Longhorn Encrypted Volume Not Working," github.com. Accessed: Feb. 28, 2026. [Online]. Available: https://github.com/siderolabs/talos/issues/10171 ↩
Longhorn, "Upgrade Longhorn," longhorn.io. Accessed: Feb. 28, 2026. [Online]. Available: https://longhorn.io/docs/1.9.0/deploy/upgrade/ ↩