chore: set default storage class to csi-disk driver

feat(forgejo): updated secret ref for a bucket name
feat(forgejo): backup s3 directly to pvc
2025-08-08 15:24:04 +02:00 · 2025-08-01 10:18:38 +02:00 · 2025-07-31 15:59:25 +02:00 · 2025-07-31 15:24:39 +02:00 · 2025-07-30 14:35:42 +02:00
5 changed files with 96 additions and 2 deletions
--- a/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
+++ b/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
@ -0,0 +1,83 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+spec:
+  schedule: "0 1 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: rclone
+            image: rclone/rclone:1.70
+            imagePullPolicy: IfNotPresent
+            env:
+            - name: SOURCE_BUCKET
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: bucket-name
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: access-key
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: secret-key
+            volumeMounts:
+            - name: rclone-config
+              mountPath: /config/rclone
+              readOnly: true
+            - name: backup-dir
+              mountPath: /backup
+              readOnly: false
+            command:
+            - /bin/sh
+            - -c
+            - |
+              rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum
+          restartPolicy: OnFailure
+          volumes:
+          - name: rclone-config
+            secret:
+              secretName: forgejo-s3-backup
+          - name: backup-dir
+            persistentVolumeClaim:
+              claimName: s3-backup
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: s3-backup
+  namespace: gitea
+  annotations:
+    everest.io/disk-volume-type: SATA
+    everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
+spec:
+  storageClassName: csi-disk
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+type: Opaque
+stringData:
+  rclone.conf: |
+    [source]
+    type = s3
+    provider = HuaweiOBS
+    env_auth = true
+    endpoint = obs.eu-de.otc.t-systems.com
+    region = eu-de
+    acl = private
--- a/template/stacks/forgejo/forgejo-server/values.yaml
+++ b/template/stacks/forgejo/forgejo-server/values.yaml
@ -1,3 +1,4 @@
+# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules
 {{{- define "BUCKET_NAME" -}}}
 {{{- if (getenv "FORGEJO_BUCKET_NAME") -}}}
 {{{ getenv "FORGEJO_BUCKET_NAME" }}}
@ -27,8 +28,10 @@ postgresql-ha:
 persistence:
  enabled: true
  size: 200Gi
+  storageClass: csi-disk
  annotations:
    everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
+    everest.io/disk-volume-type: SATA

 test:
  enabled: false
--- a/template/stacks/observability/grafana-operator/manifests/grafana.yaml
+++ b/template/stacks/observability/grafana-operator/manifests/grafana.yaml
@ -6,7 +6,11 @@ metadata:
    dashboards: "grafana"
 spec:
  persistentVolumeClaim:
+    metadata:
+      annotations:
+        everest.io/disk-volume-type: SATA
    spec:
+      storageClassName: csi-disk
      accessModes:
        - ReadWriteOnce
      resources:
--- a/template/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
+++ b/template/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
@ -9,7 +9,9 @@ spec:
  storageMetadata:
    annotations:
      everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
+      everest.io/disk-volume-type: SATA
  storage:
+    storageClassName: csi-disk
    accessModes:
      - ReadWriteOnce
    resources:
@ -21,4 +23,4 @@ spec:
      cpu: 500m
    limits:
      memory: 10Gi
-      cpu: 2
+      cpu: 2
--- a/template/stacks/observability/victoria-k8s-stack/values.yaml
+++ b/template/stacks/observability/victoria-k8s-stack/values.yaml
@ -289,7 +289,9 @@ vmsingle:
    storageMetadata:
      annotations:
        everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
+        everest.io/disk-volume-type: SATA
    storage:
+      storageClassName: csi-disk
      accessModes:
        - ReadWriteOnce
      resources:
@ -880,7 +882,7 @@ grafana:
  enabled: false
  # all values for grafana helm chart can be specified here
  persistence:
-    enabled: true
+    enabled: false
    type: pvc
    storageClassName: "default"
  grafana.ini:
Author	SHA1	Message	Date
Fritz-Leo.Ochsmann	ddc7ed4905	chore: set default storage class to csi-disk driver	2025-08-08 15:24:04 +02:00
evdo	ccd9d08ec2	feat(forgejo): updated secret ref for a bucket name	2025-08-01 10:18:38 +02:00
Fritz-Leo.Ochsmann	414054b466	feat(forgejo): backup s3 directly to pvc	2025-07-31 15:59:25 +02:00
Richard Robert Reitz	a87633f2e5	fix(s3backup): doing a local backup first and then push it to remote, which is still on the same OBS store	2025-07-31 15:24:39 +02:00
Daniel Sy	64d4bf9c0b	feat(manifest): 🎉 WIP Add CronJob and Secret for S3 backups Adds a new CronJob for scheduled S3 backups using rclone, along with a corresponding Secret for AWS credentials. This introduces automated backup functionality for the Forgejo server, enhancing data protection and recovery capabilities.	2025-07-30 14:35:42 +02:00