0.5.0: Longhorn local snapshots + async S3 backup (#347 phase 5)

2026-05-02 23:14:15 +03:00
parent 8fca9aadfa
commit 3e642dd7a1
3 changed files with 87 additions and 17 deletions
--- a/values.yaml
+++ b/values.yaml
@@ -144,23 +144,36 @@ csiSnapshotter:
 longhorn:
  enabled: false
  # Replicas per Longhorn volume. Standard tier (single server) =
-  # 1 — durability story is hourly S3 backup, not local replicas.
+  # 1 — durability story is async S3 backup, not local replicas.
  # HA-Active sets this to 2 across the cluster's worker nodes.
  replicas: 1
-  # Default data path. k3s nodes get `/var/lib/longhorn` by default;
-  # production servers may want this on a separate disk for IOPS
-  # isolation from the OS root volume.
-  defaultDataPath: /var/lib/longhorn
-  # S3 backup target for Longhorn's own block-level backups (DR
-  # layer alongside Tower's application-level pg_dump path). When
-  # set, Longhorn writes block-incremental backups to this prefix
-  # daily. Empty = block-level backup disabled, application backup
-  # only.
-  backupTarget: ""
-  # Same S3 secret Tower's application backup already uses.
-  backupCredsSecret:
-    namespace: tenants
-    name: s3-backup-creds
+  # Phase 5 of ADR 0003 — Longhorn's own settings, passed straight
+  # through to the subchart's `defaultSettings`. The two-layer design:
+  #
+  #   1. Local CoW snapshots (Longhorn `task: snapshot`) — instant,
+  #      zero-blocking, hourly retention. Used for fast undo.
+  #   2. Async S3 backup (Longhorn `task: backup`) — block-incremental
+  #      upload to tenant's bucket, gradual, never blocks workflow.
+  #      Daily retention. The DR layer alongside Tower's existing
+  #      application-level pg_dump backup (which is for cross-cluster
+  #      migration; Longhorn-S3 is for fast same-cluster restore).
+  #
+  # The RecurringJob CRDs that drive both layers live in
+  # templates/longhorn-recurringjobs.yaml and bind to all volumes
+  # via the `default` group automatically.
+  defaultSettings:
+    defaultDataPath: /var/lib/longhorn
+    # backupTarget — set this per-server via the Argo App's helm
+    # parameters to enable the async S3 backup channel. Format:
+    # `s3://<bucket>@<region>/<prefix>/`. Empty = local snapshots
+    # only (local layer still works; just no off-cluster copy).
+    backupTarget: ""
+    # backupTargetCredentialSecret — name of K8s Secret in the
+    # `longhorn-system` namespace carrying AWS_ACCESS_KEY_ID +
+    # AWS_SECRET_ACCESS_KEY. Operator kubectl-applies it once per
+    # cluster (same pattern as cloudflare-api-token). Cross-namespace
+    # Secret references aren't allowed by Longhorn.
+    backupTargetCredentialSecret: ""
  # Disable the Helm pre-upgrade checker Job. It's annotated as a
  # `helm.sh/hook: pre-upgrade,pre-install` which Argo translates to
  # PreSync — but the Job's ServiceAccount lives in the regular sync