Sten
|
dd9819bdbe
|
feat(infra): drop in-cluster minio, add pg backup + PVC protection
AI Code Review / ai-review (pull_request) Successful in 7s
PROD: object storage moves to UpCloud Managed Object Storage (existing
drops bucket) instead of single-node in-cluster MinIO — durable,
UpCloud-replicated, no PVC to back up.
- Remove forte-drop-minio StatefulSet entirely.
- Add forte-drop-pg-backup CronJob: nightly pg_dump -> gzip -> upload to
s3://drops/_pgbackups/ (collision-proof prefix), 30-day retention.
Reuses forte-drop-secrets S3 creds (app user has s3:* on drops).
- PVC prune/delete protection on the postgres volumeClaimTemplate.
|
2026-05-29 09:28:51 +02:00 |
|
Sten
|
3ce93017f9
|
feat(infra): forte-drop postgres + minio for upc-dev
AI Code Review / ai-review (pull_request) Successful in 34s
Two new ArgoCD Applications:
- forte-drop-postgresql: in-cluster Postgres 16 StatefulSet, 5Gi PVC,
POSTGRES_DB=drops, creds from forte-drop-pg-creds SealedSecret.
- forte-drop-minio: in-cluster MinIO StatefulSet, 20Gi PVC, bootstrap
Job creates the 'drops' bucket post-sync, creds from
forte-drop-minio-creds SealedSecret.
Both live in namespace 'forte-drop'. Mirrors the Vaultwarden pattern.
Sealed secrets are added in a follow-up commit by the maintainer:
kubeseal --fetch-cert > pub.pem
kubeseal --cert pub.pem --format yaml < private/forte-drop-pg-creds.yaml > \
infra/overlays/upc-dev/forte-drop-postgresql/resources/forte-drop-pg-creds-sealed.yaml
kubeseal --cert pub.pem --format yaml < private/forte-drop-minio-creds.yaml > \
infra/overlays/upc-dev/forte-drop-minio/resources/forte-drop-minio-creds-sealed.yaml
|
2026-05-28 14:33:19 +02:00 |
|
