soteria/README.md

# soteria

Soteria is the backup and restore console for Atlas PVCs.

Right now it is mainly built around Longhorn. It lists bound PVCs, starts backups, restores a backup into a new PVC, runs namespace-wide backup/restore jobs, and exposes backup health metrics for Grafana. It also has a small React UI so the common restore path does not require remembering the API by hand.

Soteria never overwrites an existing target PVC. Restore work is meant to be explicit and reversible.

## How it works

The service runs in-cluster and talks to Kubernetes plus the Longhorn backend. For each PVC it resolves the backing volume, asks Longhorn to snapshot/backup it, and records enough inventory for humans and dashboards to see whether the backup is fresh.

Policies are stored in a Kubernetes secret and evaluated on a timer. Metrics are published at `/metrics`; the UI and API share the same backend.

The following are notes for future Brad.

Main endpoints:

- `GET /healthz`, `GET /readyz`, `GET /metrics`
- `GET /v1/inventory`
- `GET /v1/backups?namespace=<ns>&pvc=<name>`
- `POST /v1/backup`
- `POST /v1/backup/namespace`
- `POST /v1/restores`
- `POST /v1/restores/namespace`
- `GET|POST|DELETE /v1/policies`
- `GET /v1/b2`

When auth is enabled, Soteria expects trusted headers from the fronting proxy and checks `SOTERIA_ALLOWED_GROUPS`.

## Development

```bash
go test ./...
./scripts/check.sh
```

The local deploy manifests live in `deploy/`. Production wiring should still go through the Flux repo, not one-off cluster edits.
init soteria service 2026-01-31 03:34:34 -03:00			`# soteria`

docs: shorten soteria README 2026-06-19 15:46:22 -03:00			`Soteria is the backup and restore console for Atlas PVCs.`
init soteria service 2026-01-31 03:34:34 -03:00
Update README.md 2026-06-19 20:46:24 +00:00			`Right now it is mainly built around Longhorn. It lists bound PVCs, starts backups, restores a backup into a new PVC, runs namespace-wide backup/restore jobs, and exposes backup health metrics for Grafana. It also has a small React UI so the common restore path does not require remembering the API by hand.`
init soteria service 2026-01-31 03:34:34 -03:00
Update README.md 2026-06-19 20:46:24 +00:00			`Soteria never overwrites an existing target PVC. Restore work is meant to be explicit and reversible.`
init soteria service 2026-01-31 03:34:34 -03:00
docs: shorten soteria README 2026-06-19 15:46:22 -03:00			`## How it works`
init soteria service 2026-01-31 03:34:34 -03:00
Update README.md 2026-06-19 20:46:24 +00:00			`The service runs in-cluster and talks to Kubernetes plus the Longhorn backend. For each PVC it resolves the backing volume, asks Longhorn to snapshot/backup it, and records enough inventory for humans and dashboards to see whether the backup is fresh.`
backup: add pvc inventory, restore UI, and metrics baseline 2026-04-12 11:09:49 -03:00
Update README.md 2026-06-19 20:46:24 +00:00			Policies are stored in a Kubernetes secret and evaluated on a timer. Metrics are published at `/metrics`; the UI and API share the same backend.

			`The following are notes for future Brad.`
backup: add pvc inventory, restore UI, and metrics baseline 2026-04-12 11:09:49 -03:00
docs: shorten soteria README 2026-06-19 15:46:22 -03:00			`Main endpoints:`
backup: add pvc inventory, restore UI, and metrics baseline 2026-04-12 11:09:49 -03:00
docs: shorten soteria README 2026-06-19 15:46:22 -03:00			- `GET /healthz`, `GET /readyz`, `GET /metrics`
backup: add pvc inventory, restore UI, and metrics baseline 2026-04-12 11:09:49 -03:00			- `GET /v1/inventory`
			- `GET /v1/backups?namespace=<ns>&pvc=<name>`
			- `POST /v1/backup`
backup: add policy scheduler and namespace bulk operations 2026-04-12 14:32:39 -03:00			- `POST /v1/backup/namespace`
backup: add pvc inventory, restore UI, and metrics baseline 2026-04-12 11:09:49 -03:00			- `POST /v1/restores`
backup: add policy scheduler and namespace bulk operations 2026-04-12 14:32:39 -03:00			- `POST /v1/restores/namespace`
docs: shorten soteria README 2026-06-19 15:46:22 -03:00			- `GET\|POST\|DELETE /v1/policies`
ui: migrate soteria console to react and add b2 telemetry 2026-04-12 19:45:23 -03:00			- `GET /v1/b2`
backup: add pvc inventory, restore UI, and metrics baseline 2026-04-12 11:09:49 -03:00
Update README.md 2026-06-19 20:46:24 +00:00			When auth is enabled, Soteria expects trusted headers from the fronting proxy and checks `SOTERIA_ALLOWED_GROUPS`.
backup: add pvc inventory, restore UI, and metrics baseline 2026-04-12 11:09:49 -03:00
docs: shorten soteria README 2026-06-19 15:46:22 -03:00			`## Development`
init soteria service 2026-01-31 03:34:34 -03:00
docs: shorten soteria README 2026-06-19 15:46:22 -03:00			```bash
			`go test ./...`
			`./scripts/check.sh`
init soteria service 2026-01-31 03:34:34 -03:00			```

Update README.md 2026-06-19 20:46:24 +00:00			The local deploy manifests live in `deploy/`. Production wiring should still go through the Flux repo, not one-off cluster edits.