Critical: Migrate pal-e-mail Postgres to CNPG shared cluster #190

New issue

Closed

opened 2026-03-27 00:48:32 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented 2026-03-27 00:48:32 +00:00

Owner

Copy link

Type

Bug

Lineage

standalone — discovered scope from #187 review. Same vulnerability as basketball-api.

Repo

forgejo_admin/pal-e-platform

What Broke

pal-e-mail Postgres is a standalone Deployment pod with local-path PVC, zero backups, zero replication — identical to the basketball-api vulnerability documented in #187. Same fix: migrate to CNPG shared cluster.

Repro Steps

1. kubectl get pvc -n pal-e-mail — standalone postgres-data PVC
2. kubectl get backups -n pal-e-mail — no resources found

Expected Behavior

pal-e-mail database on CNPG with daily Barman backups, WAL archiving, restore verification.

Environment

• Namespace: pal-e-mail
• DB: PostgreSQL 16 (Alpine), standalone Deployment

Acceptance Criteria

• pal-e-mail database exists on CNPG shared cluster
• Daily Barman backup covers pal-e-mail data
• Old standalone postgres removed after verification

Related

• #187 — basketball-api migration (do first, pattern established)
• project-pal-e-mail

### Type Bug ### Lineage standalone — discovered scope from #187 review. Same vulnerability as basketball-api. ### Repo `forgejo_admin/pal-e-platform` ### What Broke pal-e-mail Postgres is a standalone Deployment pod with local-path PVC, zero backups, zero replication — identical to the basketball-api vulnerability documented in #187. Same fix: migrate to CNPG shared cluster. ### Repro Steps 1. `kubectl get pvc -n pal-e-mail` — standalone postgres-data PVC 2. `kubectl get backups -n pal-e-mail` — no resources found ### Expected Behavior pal-e-mail database on CNPG with daily Barman backups, WAL archiving, restore verification. ### Environment - Namespace: pal-e-mail - DB: PostgreSQL 16 (Alpine), standalone Deployment ### Acceptance Criteria - [ ] pal-e-mail database exists on CNPG shared cluster - [ ] Daily Barman backup covers pal-e-mail data - [ ] Old standalone postgres removed after verification ### Related - `#187` — basketball-api migration (do first, pattern established) - `project-pal-e-mail`

forgejo_admin referenced this issue 2026-03-27 00:48:58 +00:00

Critical: Migrate basketball-api Postgres to CNPG shared cluster #187

forgejo_admin closed this issue 2026-03-27 01:40:12 +00:00

forgejo_admin referenced this issue 2026-03-28 17:42:32 +00:00

fix: allow basketball-api ingress to postgres namespace (#187) #212

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

188-cross-repo-worktree-isolation-for-parall

111-fix-keycloak-probe

86-fix-rotate-woodpecker-api-token-in-salt

71-feat-deploy-pyrra-slo-manager-with-servi

64-hotfix-woodpecker-oauth-login-broken-for

18-fix-grafana-duplicate-default-datasource-v2

18-fix-grafana-duplicate-default-datasource

13-fix-cnpg-all-parameters

No results found.

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

  

status:approved

QA passed, awaiting merge approval

  

status:in-progress

Dev agent is actively working

  

status:needs-fix

QA found issues, back to dev

  

status:qa

PR submitted, awaiting QA review

  

type:bug

Bug fix

  

type:devops

Infrastructure/CI/config work

  

type:feature

New functionality

No labels

domain:backend

domain:devops

domain:frontend

status:approved

status:in-progress

status:needs-fix

status:qa

type:bug

type:devops

type:feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/pal-e-platform#190

No description provided.