migrate and backup data

clusters/cl01tl/helm/immich/templates/external-secrets.yaml

@@ -20,6 +20,177 @@ spec:
         metadataPolicy: None
         property: immich.json
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: immich-data-backup-secret-local
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: immich-data-backup-secret-local
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/immich/immich"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: immich-data-backup-secret-remote
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: immich-data-backup-secret-remote
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/immich/immich"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: immich-data-backup-secret-external
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: immich-data-backup-secret-external
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/immich/immich"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/digital-ocean
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/digital-ocean
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: AWS_DEFAULT_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: AWS_ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: AWS_SECRET_ACCESS_KEY
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret

clusters/cl01tl/helm/immich/templates/persistent-volume-claim.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: immich-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: immich-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: immich-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi

clusters/cl01tl/helm/immich/templates/persistent-volume.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: immich-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: immich-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Immich
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac

clusters/cl01tl/helm/immich/templates/replication-source.yaml

@@ -1,82 +1,82 @@
-# apiVersion: volsync.backube/v1alpha1
+apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
+kind: ReplicationSource
-# metadata:
+metadata:
-#   name: immich-data-backup-source-local
+  name: immich-data-backup-source-local
-#   namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
-#   labels:
+  labels:
-#     app.kubernetes.io/name: immich-data-backup-source-local
+    app.kubernetes.io/name: immich-data-backup-source-local
-#     app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
+spec:
-#   sourcePVC: immich-data
+  sourcePVC: immich
-#   trigger:
+  trigger:
-#     schedule: 0 2 * * *
+    schedule: 0 2 * * *
-#   restic:
+  restic:
-#     pruneIntervalDays: 7
+    pruneIntervalDays: 7
-#     repository: immich-data-backup-secret-local
+    repository: immich-data-backup-secret-local
-#     retain:
+    retain:
-#       hourly: 1
+      hourly: 1
-#       daily: 3
+      daily: 3
-#       weekly: 2
+      weekly: 2
-#       monthly: 2
+      monthly: 2
-#       yearly: 4
+      yearly: 4
-#     copyMethod: Snapshot
+    copyMethod: Snapshot
-#     storageClassName: ceph-block
+    storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
+    volumeSnapshotClassName: ceph-blockpool-snapshot
-#     cacheCapacity: 10Gi
+    cacheCapacity: 50Gi
 
-# ---
+---
-# apiVersion: volsync.backube/v1alpha1
+apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
+kind: ReplicationSource
-# metadata:
+metadata:
-#   name: immich-data-backup-source-remote
+  name: immich-data-backup-source-remote
-#   namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
-#   labels:
+  labels:
-#     app.kubernetes.io/name: immich-data-backup-source-remote
+    app.kubernetes.io/name: immich-data-backup-source-remote
-#     app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
+spec:
-#   sourcePVC: immich-data
+  sourcePVC: immich
-#   trigger:
+  trigger:
-#     schedule: 0 3 * * *
+    schedule: 0 3 * * *
-#   restic:
+  restic:
-#     pruneIntervalDays: 7
+    pruneIntervalDays: 7
-#     repository: immich-data-backup-secret-remote
+    repository: immich-data-backup-secret-remote
-#     retain:
+    retain:
-#       hourly: 1
+      hourly: 1
-#       daily: 3
+      daily: 3
-#       weekly: 2
+      weekly: 2
-#       monthly: 2
+      monthly: 2
-#       yearly: 4
+      yearly: 4
-#     copyMethod: Snapshot
+    copyMethod: Snapshot
-#     storageClassName: ceph-block
+    storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
+    volumeSnapshotClassName: ceph-blockpool-snapshot
-#     cacheCapacity: 10Gi
+    cacheCapacity: 50Gi
 
-# ---
+---
-# apiVersion: volsync.backube/v1alpha1
+apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
+kind: ReplicationSource
-# metadata:
+metadata:
-#   name: immich-data-backup-source-external
+  name: immich-data-backup-source-external
-#   namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
-#   labels:
+  labels:
-#     app.kubernetes.io/name: immich-data-backup-source-external
+    app.kubernetes.io/name: immich-data-backup-source-external
-#     app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
+spec:
-#   sourcePVC: immich-data
+  sourcePVC: immich
-#   trigger:
+  trigger:
-#     schedule: 0 4 * * *
+    schedule: 0 4 * * *
-#   restic:
+  restic:
-#     pruneIntervalDays: 7
+    pruneIntervalDays: 7
-#     repository: immich-data-backup-secret-external
+    repository: immich-data-backup-secret-external
-#     retain:
+    retain:
-#       hourly: 1
+      hourly: 1
-#       daily: 3
+      daily: 3
-#       weekly: 2
+      weekly: 2
-#       monthly: 2
+      monthly: 2
-#       yearly: 4
+      yearly: 4
-#     copyMethod: Snapshot
+    copyMethod: Snapshot
-#     storageClassName: ceph-block
+    storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
+    volumeSnapshotClassName: ceph-blockpool-snapshot
-#     cacheCapacity: 10Gi
+    cacheCapacity: 50Gi

clusters/cl01tl/helm/immich/values.yaml

@@ -126,13 +126,6 @@ immich:
           main:
             - path: /usr/src/app/upload
               readOnly: false
-    media:
-      existingClaim: immich-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /usr/src/app/upload-old
-              readOnly: false
 postgres-18-cluster:
   mode: recovery
   cluster: