From 0a9f0e12c34fd7218da18f1747ea59b61190ffd8 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 11 Dec 2025 22:53:11 -0600 Subject: [PATCH] migrate and backup data --- .../immich/templates/external-secrets.yaml | 171 ++++++++++++++++++ .../templates/persistent-volume-claim.yaml | 17 -- .../immich/templates/persistent-volume.yaml | 23 --- .../immich/templates/replication-source.yaml | 160 ++++++++-------- clusters/cl01tl/helm/immich/values.yaml | 7 - 5 files changed, 251 insertions(+), 127 deletions(-) delete mode 100644 clusters/cl01tl/helm/immich/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/immich/templates/persistent-volume.yaml diff --git a/clusters/cl01tl/helm/immich/templates/external-secrets.yaml b/clusters/cl01tl/helm/immich/templates/external-secrets.yaml index 418f75a44..8229e7e3d 100644 --- a/clusters/cl01tl/helm/immich/templates/external-secrets.yaml +++ b/clusters/cl01tl/helm/immich/templates/external-secrets.yaml @@ -20,6 +20,177 @@ spec: metadataPolicy: None property: immich.json +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: immich-data-backup-secret-local + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-data-backup-secret-local + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/immich/immich" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: immich-data-backup-secret-remote + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-data-backup-secret-remote + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/immich/immich" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: immich-data-backup-secret-external + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-data-backup-secret-external + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/immich/immich" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_SECRET_ACCESS_KEY + --- apiVersion: external-secrets.io/v1 kind: ExternalSecret diff --git a/clusters/cl01tl/helm/immich/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/immich/templates/persistent-volume-claim.yaml deleted file mode 100644 index a830f81c3..000000000 --- a/clusters/cl01tl/helm/immich/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: immich-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: immich-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/immich/templates/persistent-volume.yaml b/clusters/cl01tl/helm/immich/templates/persistent-volume.yaml deleted file mode 100644 index 489121a70..000000000 --- a/clusters/cl01tl/helm/immich/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: immich-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Immich - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/immich/templates/replication-source.yaml b/clusters/cl01tl/helm/immich/templates/replication-source.yaml index 4d88e137f..78758f1ed 100644 --- a/clusters/cl01tl/helm/immich/templates/replication-source.yaml +++ b/clusters/cl01tl/helm/immich/templates/replication-source.yaml @@ -1,82 +1,82 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: immich-data-backup-source-local -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: immich-data-backup-source-local -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: immich-data -# trigger: -# schedule: 0 2 * * * -# restic: -# pruneIntervalDays: 7 -# repository: immich-data-backup-secret-local -# retain: -# hourly: 1 -# daily: 3 -# weekly: 2 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot -# cacheCapacity: 10Gi +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: immich-data-backup-source-local + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-data-backup-source-local + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: immich + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: immich-data-backup-secret-local + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 50Gi -# --- -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: immich-data-backup-source-remote -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: immich-data-backup-source-remote -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: immich-data -# trigger: -# schedule: 0 3 * * * -# restic: -# pruneIntervalDays: 7 -# repository: immich-data-backup-secret-remote -# retain: -# hourly: 1 -# daily: 3 -# weekly: 2 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot -# cacheCapacity: 10Gi +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: immich-data-backup-source-remote + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-data-backup-source-remote + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: immich + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: immich-data-backup-secret-remote + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 50Gi -# --- -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: immich-data-backup-source-external -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: immich-data-backup-source-external -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: immich-data -# trigger: -# schedule: 0 4 * * * -# restic: -# pruneIntervalDays: 7 -# repository: immich-data-backup-secret-external -# retain: -# hourly: 1 -# daily: 3 -# weekly: 2 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot -# cacheCapacity: 10Gi +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: immich-data-backup-source-external + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-data-backup-source-external + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: immich + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: immich-data-backup-secret-external + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 50Gi diff --git a/clusters/cl01tl/helm/immich/values.yaml b/clusters/cl01tl/helm/immich/values.yaml index 24c621023..4ded86bc8 100644 --- a/clusters/cl01tl/helm/immich/values.yaml +++ b/clusters/cl01tl/helm/immich/values.yaml @@ -126,13 +126,6 @@ immich: main: - path: /usr/src/app/upload readOnly: false - media: - existingClaim: immich-nfs-storage - advancedMounts: - main: - main: - - path: /usr/src/app/upload-old - readOnly: false postgres-18-cluster: mode: recovery cluster: