From 07539b26e726c4184b6f5854e8691e5dffafc708 Mon Sep 17 00:00:00 2001
From: Automated pipeline <email@nowhere.com>
Date: Fri, 1 Aug 2025 08:54:11 +0000
Subject: [PATCH] Automated upload for observability.t09.de

---
 .../manifests/forgejo-s3-backup-cronjob.yaml  | 79 +++++++++++++++++++
 .../stacks/forgejo/forgejo-server/values.yaml |  2 +-
 2 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 otc/observability.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml

diff --git a/otc/observability.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/otc/observability.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
new file mode 100644
index 0000000..ba0aebd
--- /dev/null
+++ b/otc/observability.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
@@ -0,0 +1,79 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+spec:
+  schedule: "0 1 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: rclone
+            image: rclone/rclone:1.70
+            imagePullPolicy: IfNotPresent
+            env:
+            - name: SOURCE_BUCKET
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: bucket-name
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: access-key
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: secret-key
+            volumeMounts:
+            - name: rclone-config
+              mountPath: /config/rclone
+              readOnly: true
+            - name: backup-dir
+              mountPath: /backup
+              readOnly: false
+            command:
+            - /bin/sh
+            - -c
+            - |
+              rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum
+          restartPolicy: OnFailure
+          volumes:
+          - name: rclone-config
+            secret:
+              secretName: forgejo-s3-backup
+          - name: backup-dir
+            persistentVolumeClaim:
+              claimName: s3-backup
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: s3-backup
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+type: Opaque
+stringData:
+  rclone.conf: |
+    [source]
+    type = s3
+    provider = HuaweiOBS
+    env_auth = true
+    endpoint = obs.eu-de.otc.t-systems.com
+    region = eu-de
+    acl = private
diff --git a/otc/observability.t09.de/stacks/forgejo/forgejo-server/values.yaml b/otc/observability.t09.de/stacks/forgejo/forgejo-server/values.yaml
index edbb6c7..ba131a4 100644
--- a/otc/observability.t09.de/stacks/forgejo/forgejo-server/values.yaml
+++ b/otc/observability.t09.de/stacks/forgejo/forgejo-server/values.yaml
@@ -1,4 +1,4 @@
-# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. 
+# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. 
 strategy:
   type: Recreate