Keybard-Vagabond-Demo/.cursor/rules/longhorn-storage-template.yaml

# Longhorn Storage Templates
# Persistent volume configurations with backup labels

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: app-storage-pvc
  namespace: app-namespace
  labels:
    # S3 backup inclusion labels
    recurring-job.longhorn.io/backup: enabled
    recurring-job-group.longhorn.io/backup: enabled
spec:
  accessModes:
    - ReadWriteMany  # Default for applications that may scale horizontally
    # Use ReadWriteOnce for:
    # - Single-instance applications (databases, stateful apps)  
    # - CloudNativePG (manages its own storage replication)
    # - Applications with file locking requirements
  storageClassName: longhorn-retain  # Data preservation on deletion
  resources:
    requests:
      storage: 10Gi

---
# Longhorn StorageClass with retain policy
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: longhorn-retain
provisioner: driver.longhorn.io
allowVolumeExpansion: true
reclaimPolicy: Retain  # Preserves data on PVC deletion
volumeBindingMode: Immediate
parameters:
  numberOfReplicas: "2"  # 2-replica redundancy
  staleReplicaTimeout: "2880"  # 48 hours
  fromBackup: ""
  fsType: "xfs"
  dataLocality: "disabled"  # Allow cross-node placement

---
# Longhorn Backup Target Configuration
apiVersion: v1
kind: Secret
metadata:
  name: longhorn-backup-target
  namespace: longhorn-system
type: Opaque
data:
  # Backblaze B2 credentials (base64 encoded, encrypted by SOPS)
  AWS_ACCESS_KEY_ID: base64-encoded-key-id
  AWS_SECRET_ACCESS_KEY: base64-encoded-secret-key
  AWS_ENDPOINTS: aHR0cHM6Ly9zMy5ldS1jZW50cmFsLTAwMy5iYWNrYmxhemViMi5jb20=  # Base64: https://s3.eu-central-003.backblazeb2.com

---
# Longhorn RecurringJob for S3 Backup
apiVersion: longhorn.io/v1beta2
kind: RecurringJob
metadata:
  name: backup-to-s3
  namespace: longhorn-system
spec:
  cron: "0 2 * * *"  # Daily at 2 AM
  task: "backup"
  groups:
  - backup
  retain: 7  # Keep 7 daily backups
  concurrency: 2  # Concurrent backup jobs
  labels:
    recurring-job: backup-to-s3

---
# Volume labeling example for backup inclusion
apiVersion: v1
kind: PersistentVolume
metadata:
  name: example-pv
  labels:
    # These labels ensure volume is included in S3 backup jobs
    recurring-job.longhorn.io/backup: enabled
    recurring-job-group.longhorn.io/backup: enabled
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: longhorn-retain
  csi:
    driver: driver.longhorn.io
    volumeHandle: example-volume-id

# Example: Database storage (ReadWriteOnce required)
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres-storage-pvc
  namespace: postgresql-system
  labels:
    recurring-job.longhorn.io/backup: enabled
    recurring-job-group.longhorn.io/backup: enabled
spec:
  accessModes:
    - ReadWriteOnce  # Required for databases - single writer only
  storageClassName: longhorn-retain
  resources:
    requests:
      storage: 50Gi

# Access Mode Guidelines:
# - ReadWriteMany (RWX): Default for horizontally scalable applications
#   * Web applications that can run multiple pods
#   * Shared file storage for multiple containers
#   * Applications without file locking conflicts
#
# - ReadWriteOnce (RWO): Required for specific use cases
#   * Database storage (PostgreSQL, Redis) - single writer required
#   * Applications with file locking (SQLite, local file databases)
#   * StatefulSets that manage their own replication
#   * Single-instance applications by design

# Backup Strategy Notes:
# - Cost: $6/TB storage with $0 egress fees via Cloudflare partnership
# - Selection: Label-based tagging system for selective volume backup
# - Recovery: Automated backup scheduling and restore capabilities
# - Target: @/longhorn backup location in Backblaze B2