From bf213234b10ff37d473ad6f8a96460e3bedae521 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= <lukas@trkan.cz>
Date: Sun, 12 Oct 2025 20:14:48 +0200
Subject: [PATCH] feat(infrastructure): add backups

---
 7project/tofu/main.tf                         |  7 ++++
 .../maxscale/charts/maxscale-helm/Chart.yaml  |  2 +-
 .../maxscale-helm/templates/backup.yaml       | 42 +++++++++++++++++++
 .../maxscale-helm/templates/garage.yaml       | 11 +++++
 .../maxscale/charts/maxscale-helm/values.yaml |  8 ++++
 7project/tofu/modules/maxscale/main.tf        | 10 ++++-
 7project/tofu/modules/maxscale/variables.tf   | 38 +++++++++++++++--
 7project/tofu/variables.tf                    | 37 ++++++++++++++++
 8 files changed, 149 insertions(+), 6 deletions(-)
 create mode 100644 7project/tofu/modules/maxscale/charts/maxscale-helm/templates/backup.yaml
 create mode 100644 7project/tofu/modules/maxscale/charts/maxscale-helm/templates/garage.yaml

diff --git a/7project/tofu/main.tf b/7project/tofu/main.tf
index 65d4cd6..2b54f81 100644
--- a/7project/tofu/main.tf
+++ b/7project/tofu/main.tf
@@ -96,6 +96,13 @@ module "database" {
 
   phpmyadmin_enabled = var.phpmyadmin_enabled
   cloudflare_domain  = var.cloudflare_domain
+
+  s3_enabled = var.s3_enabled
+  s3_bucket = var.s3_bucket
+  s3_region = var.s3_region
+  s3_endpoint = var.s3_endpoint
+  s3_key_id = var.s3_key_id
+  s3_key_secret = var.s3_key_secret
 }
 
 #module "argocd" {
diff --git a/7project/tofu/modules/maxscale/charts/maxscale-helm/Chart.yaml b/7project/tofu/modules/maxscale/charts/maxscale-helm/Chart.yaml
index c78c909..e0aa74a 100644
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/Chart.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v2
 name: maxscale-helm
-version: 1.0.8
+version: 1.0.14
 description: Helm chart for MaxScale related Kubernetes manifests
diff --git a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/backup.yaml b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/backup.yaml
new file mode 100644
index 0000000..1ff27e3
--- /dev/null
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/backup.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.s3.enabled }}
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Backup
+metadata:
+  name: backup
+  namespace: mariadb-operator
+spec:
+  mariaDbRef:
+    name: mariadb-repl
+    namespace: mariadb-operator
+  schedule:
+    cron: "0 */3 * * *"
+    suspend: false
+  timeZone: "Europe/Prague"
+  maxRetention: 720h # 30 days
+  compression: bzip2
+  storage:
+    s3:
+      bucket: {{ .Values.s3.bucket | quote }}
+      endpoint: {{ .Values.s3.endpoint | quote }}
+      accessKeyIdSecretKeyRef:
+        name: s3-credentials
+        key: key_id
+      secretAccessKeySecretKeyRef:
+        name: s3-credentials
+        key: secret_key
+      region: {{ .Values.s3.region | quote }}
+      tls:
+        enabled: true
+  # Define a PVC to use as staging area for keeping the backups while they are being processed.
+  stagingStorage:
+    persistentVolumeClaim:
+      resources:
+        requests:
+          storage: 10Gi
+      accessModes:
+        - ReadWriteOnce
+  args:
+    - --single-transaction
+    - --all-databases
+  logLevel: info
+{{- end }}
\ No newline at end of file
diff --git a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/garage.yaml b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/garage.yaml
new file mode 100644
index 0000000..7bb6c2f
--- /dev/null
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/garage.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.s3.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-credentials
+  namespace: mariadb-operator
+type: Opaque
+stringData:
+  key_id: "{{ .Values.s3.key_id }}"
+  secret_key: "{{ .Values.s3.key_secret }}"
+{{- end }}
\ No newline at end of file
diff --git a/7project/tofu/modules/maxscale/charts/maxscale-helm/values.yaml b/7project/tofu/modules/maxscale/charts/maxscale-helm/values.yaml
index f7a4a90..2604e20 100644
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/values.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/values.yaml
@@ -14,4 +14,12 @@ metallb:
 phpmyadmin:
   enabled: true
 
+s3:
+  enabled: false
+  endpoint: ""
+  region: ""
+  bucket: ""
+  key_id: ""
+  key_secret: ""
+
 base_domain: example.com
diff --git a/7project/tofu/modules/maxscale/main.tf b/7project/tofu/modules/maxscale/main.tf
index de78a3f..fe71b90 100644
--- a/7project/tofu/modules/maxscale/main.tf
+++ b/7project/tofu/modules/maxscale/main.tf
@@ -59,7 +59,7 @@ resource "helm_release" "mariadb-operator" {
 resource "helm_release" "maxscale_helm" {
   name       = "maxscale-helm"
   chart      = "${path.module}/charts/maxscale-helm"
-  version    = "1.0.8"
+  version    = "1.0.14"
   depends_on = [helm_release.mariadb-operator-crds, kubectl_manifest.secrets]
   timeout    = 3600
 
@@ -71,6 +71,12 @@ resource "helm_release" "maxscale_helm" {
     { name = "metallb.primary_ip", value = var.primary_ip },
     { name = "metallb.secondary_ip", value = var.secondary_ip },
     { name = "phpmyadmin.enabled", value = tostring(var.phpmyadmin_enabled) },
-    { name = "base_domain", value = var.cloudflare_domain }
+    { name = "base_domain", value = var.cloudflare_domain },
+    { name = "s3.key_id", value = var.s3_key_id },
+    { name = "s3.key_secret", value = var.s3_key_secret },
+    { name = "s3.enabled", value = var.s3_enabled },
+    { name = "s3.endpoint", value = var.s3_endpoint },
+    { name = "s3.region", value = var.s3_region },
+    { name = "s3.bucket", value = var.s3_bucket },
   ]
 }
diff --git a/7project/tofu/modules/maxscale/variables.tf b/7project/tofu/modules/maxscale/variables.tf
index fb8c724..8e5f07f 100644
--- a/7project/tofu/modules/maxscale/variables.tf
+++ b/7project/tofu/modules/maxscale/variables.tf
@@ -52,7 +52,39 @@ variable "mariadb_user_password" {
 }
 
 variable "cloudflare_domain" {
-  type = string
-  default = "Base cloudflare domain, e.g. example.com"
+  type     = string
+  default  = "Base cloudflare domain, e.g. example.com"
   nullable = false
-}
\ No newline at end of file
+}
+
+variable "s3_key_id" {
+  description = "S3 Key ID for backups"
+  type        = string
+  sensitive   = true
+}
+
+variable "s3_key_secret" {
+  description = "S3 Key Secret for backups"
+  type        = string
+  sensitive   = true
+}
+
+variable "s3_enabled" {
+  description = "Enable S3 backups"
+  type        = bool
+}
+
+variable "s3_endpoint" {
+  description = "S3 endpoint for backups"
+  type        = string
+}
+
+variable "s3_region" {
+  description = "S3 region for backups"
+  type        = string
+}
+
+variable "s3_bucket" {
+  description = "S3 bucket name for backups"
+  type        = string
+}
diff --git a/7project/tofu/variables.tf b/7project/tofu/variables.tf
index 3e59d8b..fe42b76 100644
--- a/7project/tofu/variables.tf
+++ b/7project/tofu/variables.tf
@@ -108,3 +108,40 @@ variable "rabbitmq-password" {
   sensitive   = true
   description = "Admin password for RabbitMQ user"
 }
+
+variable "s3_key_id" {
+  description = "S3 Key ID for backups"
+  type        = string
+  sensitive   = true
+  nullable    = false
+}
+
+variable "s3_key_secret" {
+  description = "S3 Key Secret for backups"
+  type        = string
+  sensitive   = true
+  nullable    = false
+}
+
+variable "s3_enabled" {
+  description = "Enable S3 backups"
+  type        = bool
+}
+
+variable "s3_endpoint" {
+  description = "S3 endpoint for backups"
+  type        = string
+}
+
+variable "s3_region" {
+  description = "S3 region for backups"
+  type        = string
+}
+
+variable "s3_bucket" {
+  description = "S3 bucket name for backups"
+  type        = string
+}
+
+
+