redaction (#1)
Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
This commit was merged in pull request #1.
This commit is contained in:
128
.cursor/rules/longhorn-storage-template.yaml
Normal file
128
.cursor/rules/longhorn-storage-template.yaml
Normal file
@@ -0,0 +1,128 @@
|
||||
# Longhorn Storage Templates
|
||||
# Persistent volume configurations with backup labels
|
||||
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: app-storage-pvc
|
||||
namespace: app-namespace
|
||||
labels:
|
||||
# S3 backup inclusion labels
|
||||
recurring-job.longhorn.io/backup: enabled
|
||||
recurring-job-group.longhorn.io/backup: enabled
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany # Default for applications that may scale horizontally
|
||||
# Use ReadWriteOnce for:
|
||||
# - Single-instance applications (databases, stateful apps)
|
||||
# - CloudNativePG (manages its own storage replication)
|
||||
# - Applications with file locking requirements
|
||||
storageClassName: longhorn-retain # Data preservation on deletion
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
|
||||
---
|
||||
# Longhorn StorageClass with retain policy
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: longhorn-retain
|
||||
provisioner: driver.longhorn.io
|
||||
allowVolumeExpansion: true
|
||||
reclaimPolicy: Retain # Preserves data on PVC deletion
|
||||
volumeBindingMode: Immediate
|
||||
parameters:
|
||||
numberOfReplicas: "2" # 2-replica redundancy
|
||||
staleReplicaTimeout: "2880" # 48 hours
|
||||
fromBackup: ""
|
||||
fsType: "xfs"
|
||||
dataLocality: "disabled" # Allow cross-node placement
|
||||
|
||||
---
|
||||
# Longhorn Backup Target Configuration
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: longhorn-backup-target
|
||||
namespace: longhorn-system
|
||||
type: Opaque
|
||||
data:
|
||||
# Backblaze B2 credentials (base64 encoded, encrypted by SOPS)
|
||||
AWS_ACCESS_KEY_ID: base64-encoded-key-id
|
||||
AWS_SECRET_ACCESS_KEY: base64-encoded-secret-key
|
||||
AWS_ENDPOINTS: aHR0cHM6Ly9zMy5ldS1jZW50cmFsLTAwMy5iYWNrYmxhemViMi5jb20= # Base64: https://s3.eu-central-003.backblazeb2.com
|
||||
|
||||
---
|
||||
# Longhorn RecurringJob for S3 Backup
|
||||
apiVersion: longhorn.io/v1beta2
|
||||
kind: RecurringJob
|
||||
metadata:
|
||||
name: backup-to-s3
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
cron: "0 2 * * *" # Daily at 2 AM
|
||||
task: "backup"
|
||||
groups:
|
||||
- backup
|
||||
retain: 7 # Keep 7 daily backups
|
||||
concurrency: 2 # Concurrent backup jobs
|
||||
labels:
|
||||
recurring-job: backup-to-s3
|
||||
|
||||
---
|
||||
# Volume labeling example for backup inclusion
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: example-pv
|
||||
labels:
|
||||
# These labels ensure volume is included in S3 backup jobs
|
||||
recurring-job.longhorn.io/backup: enabled
|
||||
recurring-job-group.longhorn.io/backup: enabled
|
||||
spec:
|
||||
capacity:
|
||||
storage: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: longhorn-retain
|
||||
csi:
|
||||
driver: driver.longhorn.io
|
||||
volumeHandle: example-volume-id
|
||||
|
||||
# Example: Database storage (ReadWriteOnce required)
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: postgres-storage-pvc
|
||||
namespace: postgresql-system
|
||||
labels:
|
||||
recurring-job.longhorn.io/backup: enabled
|
||||
recurring-job-group.longhorn.io/backup: enabled
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce # Required for databases - single writer only
|
||||
storageClassName: longhorn-retain
|
||||
resources:
|
||||
requests:
|
||||
storage: 50Gi
|
||||
|
||||
# Access Mode Guidelines:
|
||||
# - ReadWriteMany (RWX): Default for horizontally scalable applications
|
||||
# * Web applications that can run multiple pods
|
||||
# * Shared file storage for multiple containers
|
||||
# * Applications without file locking conflicts
|
||||
#
|
||||
# - ReadWriteOnce (RWO): Required for specific use cases
|
||||
# * Database storage (PostgreSQL, Redis) - single writer required
|
||||
# * Applications with file locking (SQLite, local file databases)
|
||||
# * StatefulSets that manage their own replication
|
||||
# * Single-instance applications by design
|
||||
|
||||
# Backup Strategy Notes:
|
||||
# - Cost: $6/TB storage with $0 egress fees via Cloudflare partnership
|
||||
# - Selection: Label-based tagging system for selective volume backup
|
||||
# - Recovery: Automated backup scheduling and restore capabilities
|
||||
# - Target: @/longhorn backup location in Backblaze B2
|
||||
Reference in New Issue
Block a user