From 60e1d119c194c42f05fc9ca1cae940a237835623 Mon Sep 17 00:00:00 2001
From: Christopher Hase <Christopher.Hase@telekom.de>
Date: Wed, 25 Jun 2025 10:00:25 +0200
Subject: [PATCH] feat(observability): encrypt persistent data

---
 .../observability/victoria-k8s-stack/manifests/vlogs.yaml    | 3 +++
 template/stacks/observability/victoria-k8s-stack/values.yaml | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/template/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml b/template/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
index b74e71a..67aed84 100644
--- a/template/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
+++ b/template/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
@@ -7,6 +7,9 @@ spec:
   retentionPeriod: "12"
   removePvcAfterDelete: true
   storage:
+    metadata:
+      annotations:
+        everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}       
     accessModes:
       - ReadWriteOnce
     resources:
diff --git a/template/stacks/observability/victoria-k8s-stack/values.yaml b/template/stacks/observability/victoria-k8s-stack/values.yaml
index 2299ee5..cbac506 100644
--- a/template/stacks/observability/victoria-k8s-stack/values.yaml
+++ b/template/stacks/observability/victoria-k8s-stack/values.yaml
@@ -292,6 +292,9 @@ vmsingle:
       resources:
         requests:
           storage: 20Gi
+      metadata:
+        annotations:
+          everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}                
   ingress:
     # -- Enable deployment of ingress for server component
     enabled: false
@@ -346,7 +349,7 @@ vmcluster:
           spec:
             resources:
               requests:
-                storage: 10Gi
+                storage: 10Gi     
       resources:
         {}
         # limits: