longhorn: add b2 backup target

2026-02-06 18:28:05 -03:00 · 2026-02-06 18:28:05 -03:00 · e3ab256336
commit e3ab256336
parent dd02a49626
5 changed files with 35 additions and 0 deletions
--- a/infrastructure/longhorn/core/backup-target.yaml
+++ b/infrastructure/longhorn/core/backup-target.yaml
@ -0,0 +1,10 @@
+# infrastructure/longhorn/core/backup-target.yaml
+apiVersion: longhorn.io/v1beta2
+kind: BackupTarget
+metadata:
+  name: default
+  namespace: longhorn-system
+spec:
+  backupTargetURL: "s3://atlas-soteria@us-west-004/"
+  credentialSecret: longhorn-backup-b2
+  pollInterval: 5m0s
--- a/infrastructure/longhorn/core/kustomization.yaml
+++ b/infrastructure/longhorn/core/kustomization.yaml
@ -6,6 +6,7 @@ resources:
  - vault-serviceaccount.yaml
  - secretproviderclass.yaml
  - vault-sync-deployment.yaml
+  - backup-target.yaml
  - helmrelease.yaml
  - longhorn-settings-ensure-job.yaml

--- a/infrastructure/longhorn/core/secretproviderclass.yaml
+++ b/infrastructure/longhorn/core/secretproviderclass.yaml
@ -13,9 +13,27 @@ spec:
      - objectName: "harbor-pull__dockerconfigjson"
        secretPath: "kv/data/atlas/shared/harbor-pull"
        secretKey: "dockerconfigjson"
+      - objectName: "longhorn_backup__AWS_ACCESS_KEY_ID"
+        secretPath: "kv/data/atlas/longhorn/backup-b2"
+        secretKey: "AWS_ACCESS_KEY_ID"
+      - objectName: "longhorn_backup__AWS_SECRET_ACCESS_KEY"
+        secretPath: "kv/data/atlas/longhorn/backup-b2"
+        secretKey: "AWS_SECRET_ACCESS_KEY"
+      - objectName: "longhorn_backup__AWS_ENDPOINTS"
+        secretPath: "kv/data/atlas/longhorn/backup-b2"
+        secretKey: "AWS_ENDPOINTS"
  secretObjects:
    - secretName: longhorn-registry
      type: kubernetes.io/dockerconfigjson
      data:
        - objectName: harbor-pull__dockerconfigjson
          key: .dockerconfigjson
+    - secretName: longhorn-backup-b2
+      type: Opaque
+      data:
+        - objectName: longhorn_backup__AWS_ACCESS_KEY_ID
+          key: AWS_ACCESS_KEY_ID
+        - objectName: longhorn_backup__AWS_SECRET_ACCESS_KEY
+          key: AWS_SECRET_ACCESS_KEY
+        - objectName: longhorn_backup__AWS_ENDPOINTS
+          key: AWS_ENDPOINTS
--- a/services/maintenance/soteria-configmap.yaml
+++ b/services/maintenance/soteria-configmap.yaml
@ -5,6 +5,9 @@ metadata:
  name: soteria
  namespace: maintenance
 data:
+  SOTERIA_BACKUP_DRIVER: "longhorn"
+  SOTERIA_LONGHORN_URL: "http://longhorn-backend.longhorn-system.svc:9500"
+  SOTERIA_LONGHORN_BACKUP_MODE: "incremental"
  SOTERIA_RESTIC_REPOSITORY: "s3:s3.us-west-004.backblazeb2.com/atlas-soteria"
  SOTERIA_S3_ENDPOINT: "s3.us-west-004.backblazeb2.com"
  SOTERIA_S3_REGION: "us-west-004"
--- a/services/maintenance/soteria-rbac.yaml
+++ b/services/maintenance/soteria-rbac.yaml
@ -7,6 +7,9 @@ rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "create", "update", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims", "persistentvolumes"]
+    verbs: ["get", "list"]
  - apiGroups: ["batch"]
    resources: ["jobs"]
    verbs: ["get", "list", "create"]