From e3ab25633615c9f6b0de5e84f5ba6d6ee515121f Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Fri, 6 Feb 2026 18:28:05 -0300 Subject: [PATCH] longhorn: add b2 backup target --- .../longhorn/core/backup-target.yaml | 10 ++++++++++ .../longhorn/core/kustomization.yaml | 1 + .../longhorn/core/secretproviderclass.yaml | 18 ++++++++++++++++++ services/maintenance/soteria-configmap.yaml | 3 +++ services/maintenance/soteria-rbac.yaml | 3 +++ 5 files changed, 35 insertions(+) create mode 100644 infrastructure/longhorn/core/backup-target.yaml diff --git a/infrastructure/longhorn/core/backup-target.yaml b/infrastructure/longhorn/core/backup-target.yaml new file mode 100644 index 0000000..da80447 --- /dev/null +++ b/infrastructure/longhorn/core/backup-target.yaml @@ -0,0 +1,10 @@ +# infrastructure/longhorn/core/backup-target.yaml +apiVersion: longhorn.io/v1beta2 +kind: BackupTarget +metadata: + name: default + namespace: longhorn-system +spec: + backupTargetURL: "s3://atlas-soteria@us-west-004/" + credentialSecret: longhorn-backup-b2 + pollInterval: 5m0s diff --git a/infrastructure/longhorn/core/kustomization.yaml b/infrastructure/longhorn/core/kustomization.yaml index deb5308..dc123c2 100644 --- a/infrastructure/longhorn/core/kustomization.yaml +++ b/infrastructure/longhorn/core/kustomization.yaml @@ -6,6 +6,7 @@ resources: - vault-serviceaccount.yaml - secretproviderclass.yaml - vault-sync-deployment.yaml + - backup-target.yaml - helmrelease.yaml - longhorn-settings-ensure-job.yaml diff --git a/infrastructure/longhorn/core/secretproviderclass.yaml b/infrastructure/longhorn/core/secretproviderclass.yaml index e292b86..065e595 100644 --- a/infrastructure/longhorn/core/secretproviderclass.yaml +++ b/infrastructure/longhorn/core/secretproviderclass.yaml @@ -13,9 +13,27 @@ spec: - objectName: "harbor-pull__dockerconfigjson" secretPath: "kv/data/atlas/shared/harbor-pull" secretKey: "dockerconfigjson" + - objectName: "longhorn_backup__AWS_ACCESS_KEY_ID" + secretPath: "kv/data/atlas/longhorn/backup-b2" + secretKey: "AWS_ACCESS_KEY_ID" + - objectName: "longhorn_backup__AWS_SECRET_ACCESS_KEY" + secretPath: "kv/data/atlas/longhorn/backup-b2" + secretKey: "AWS_SECRET_ACCESS_KEY" + - objectName: "longhorn_backup__AWS_ENDPOINTS" + secretPath: "kv/data/atlas/longhorn/backup-b2" + secretKey: "AWS_ENDPOINTS" secretObjects: - secretName: longhorn-registry type: kubernetes.io/dockerconfigjson data: - objectName: harbor-pull__dockerconfigjson key: .dockerconfigjson + - secretName: longhorn-backup-b2 + type: Opaque + data: + - objectName: longhorn_backup__AWS_ACCESS_KEY_ID + key: AWS_ACCESS_KEY_ID + - objectName: longhorn_backup__AWS_SECRET_ACCESS_KEY + key: AWS_SECRET_ACCESS_KEY + - objectName: longhorn_backup__AWS_ENDPOINTS + key: AWS_ENDPOINTS diff --git a/services/maintenance/soteria-configmap.yaml b/services/maintenance/soteria-configmap.yaml index 34ba7ca..cb3d630 100644 --- a/services/maintenance/soteria-configmap.yaml +++ b/services/maintenance/soteria-configmap.yaml @@ -5,6 +5,9 @@ metadata: name: soteria namespace: maintenance data: + SOTERIA_BACKUP_DRIVER: "longhorn" + SOTERIA_LONGHORN_URL: "http://longhorn-backend.longhorn-system.svc:9500" + SOTERIA_LONGHORN_BACKUP_MODE: "incremental" SOTERIA_RESTIC_REPOSITORY: "s3:s3.us-west-004.backblazeb2.com/atlas-soteria" SOTERIA_S3_ENDPOINT: "s3.us-west-004.backblazeb2.com" SOTERIA_S3_REGION: "us-west-004" diff --git a/services/maintenance/soteria-rbac.yaml b/services/maintenance/soteria-rbac.yaml index 66e2d13..3896c96 100644 --- a/services/maintenance/soteria-rbac.yaml +++ b/services/maintenance/soteria-rbac.yaml @@ -7,6 +7,9 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "create", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims", "persistentvolumes"] + verbs: ["get", "list"] - apiGroups: ["batch"] resources: ["jobs"] verbs: ["get", "list", "create"]