Automated Manifest Update (#2430)

This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.

Reviewed-on: #2430
Co-authored-by: gitea-bot <gitea-bot@alexlebens.net>
Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>

clusters/cl01tl/manifests/immich/Deployment-immich.yaml

@@ -112,8 +112,6 @@ spec:
               subPath: immich.json
             - mountPath: /usr/src/app/upload
               name: data
-            - mountPath: /usr/src/app/upload-old
-              name: media
       volumes:
         - name: config
           secret:
@@ -121,6 +119,3 @@ spec:
         - name: data
           persistentVolumeClaim:
             claimName: immich
-        - name: media
-          persistentVolumeClaim:
-            claimName: immich-nfs-storage

clusters/cl01tl/manifests/immich/ExternalSecret-immich-data-backup-secret-external.yaml

@@ -0,0 +1,55 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: immich-data-backup-secret-external
+  namespace: immich
+  labels:
+    app.kubernetes.io/name: immich-data-backup-secret-external
+    app.kubernetes.io/instance: immich
+    app.kubernetes.io/part-of: immich
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/immich/immich"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/digital-ocean
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/digital-ocean
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: AWS_DEFAULT_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: AWS_ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: AWS_SECRET_ACCESS_KEY

clusters/cl01tl/manifests/immich/ExternalSecret-immich-data-backup-secret-local.yaml

@@ -0,0 +1,55 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: immich-data-backup-secret-local
+  namespace: immich
+  labels:
+    app.kubernetes.io/name: immich-data-backup-secret-local
+    app.kubernetes.io/instance: immich
+    app.kubernetes.io/part-of: immich
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/immich/immich"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY

clusters/cl01tl/manifests/immich/ExternalSecret-immich-data-backup-secret-remote.yaml

@@ -0,0 +1,55 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: immich-data-backup-secret-remote
+  namespace: immich
+  labels:
+    app.kubernetes.io/name: immich-data-backup-secret-remote
+    app.kubernetes.io/instance: immich
+    app.kubernetes.io/part-of: immich
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/immich/immich"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY

clusters/cl01tl/manifests/immich/PersistentVolume-immich-nfs-storage.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: immich-nfs-storage
-  namespace: immich
-  labels:
-    app.kubernetes.io/name: immich-nfs-storage
-    app.kubernetes.io/instance: immich
-    app.kubernetes.io/part-of: immich
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Immich
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac

clusters/cl01tl/manifests/immich/PersistentVolumeClaim-immich-nfs-storage.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: immich-nfs-storage
-  namespace: immich
-  labels:
-    app.kubernetes.io/name: immich-nfs-storage
-    app.kubernetes.io/instance: immich
-    app.kubernetes.io/part-of: immich
-spec:
-  volumeName: immich-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi

clusters/cl01tl/manifests/immich/ReplicationSource-immich-data-backup-source-external.yaml

@@ -0,0 +1,26 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: immich-data-backup-source-external
+  namespace: immich
+  labels:
+    app.kubernetes.io/name: immich-data-backup-source-external
+    app.kubernetes.io/instance: immich
+    app.kubernetes.io/part-of: immich
+spec:
+  sourcePVC: immich
+  trigger:
+    schedule: 0 4 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: immich-data-backup-secret-external
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 50Gi

clusters/cl01tl/manifests/immich/ReplicationSource-immich-data-backup-source-local.yaml

@@ -0,0 +1,26 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: immich-data-backup-source-local
+  namespace: immich
+  labels:
+    app.kubernetes.io/name: immich-data-backup-source-local
+    app.kubernetes.io/instance: immich
+    app.kubernetes.io/part-of: immich
+spec:
+  sourcePVC: immich
+  trigger:
+    schedule: 0 2 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: immich-data-backup-secret-local
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 50Gi

clusters/cl01tl/manifests/immich/ReplicationSource-immich-data-backup-source-remote.yaml

@@ -0,0 +1,26 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: immich-data-backup-source-remote
+  namespace: immich
+  labels:
+    app.kubernetes.io/name: immich-data-backup-source-remote
+    app.kubernetes.io/instance: immich
+    app.kubernetes.io/part-of: immich
+spec:
+  sourcePVC: immich
+  trigger:
+    schedule: 0 3 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: immich-data-backup-secret-remote
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 50Gi