Increases memory requests for the IDM and NATS services to enhance stability and performance.
Updates application, service account, and storage UUIDs in configuration maps, reflecting a re-initialization or re-rendering of OIDC settings.
Assigns specific CPU and memory requests and limits to the storageusers service to ensure stable operation and efficient resource utilization.
Introduces pod anti-affinity for storageusers to prevent it from being scheduled on the same node as victoria-metrics-single, improving resilience and preventing potential resource contention.
Introduces a daily Kubernetes CronJob that utilizes rclone to perform compressed backups of oCIS S3 data to a Hetzner Storage Box via SFTP.
This new backup mechanism requires the manual creation of an 'ocis-storagebox-credentials' secret, which holds the Storage Box host, user, and SSH private key. A check is added to the secret initialization job to ensure this essential external secret exists.
Removes the full Nextcloud stack (PostgreSQL/CNPG, Valkey, Caddy) and
deploys oCIS at drive.tr1ceracop.de. oCIS is self-contained — no
external database or cache needed.
Key design decisions:
- S3ng storage backend on Hetzner Object Storage (ocis-tr1ceracop)
- Chart fetched via vendir git source (not published to a Helm repo)
- All secrets generated in-cluster via PreSync init Job (never in git)
- Memory requests on all pods to prevent node overcommit
- Persistence on local-path for metadata (idm, nats, search, storage)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Removes the full Nextcloud stack (PostgreSQL/CNPG, Valkey, Caddy sidecar)
and replaces it with oCIS at drive.tr1ceracop.de. oCIS is self-contained
(no external DB/cache needed) with S3ng storage backend on Hetzner Object
Storage (bucket: ocis-tr1ceracop). Chart sourced from git via vendir since
it is not published to a Helm repo.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
