apiVersion: batch/v1 kind: CronJob metadata: name: immich-db-backup namespace: immich labels: app: immich-backup spec: schedule: "0 3 * * *" concurrencyPolicy: Forbid successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 jobTemplate: spec: template: metadata: labels: app: immich-backup spec: restartPolicy: OnFailure initContainers: - name: pg-dump image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0 env: - name: PGHOST value: immich-db - name: PGUSER valueFrom: secretKeyRef: name: immich-credentials key: DB_USERNAME - name: PGPASSWORD valueFrom: secretKeyRef: name: immich-credentials key: DB_PASSWORD - name: PGDATABASE valueFrom: secretKeyRef: name: immich-credentials key: DB_DATABASE_NAME command: - sh - -c - pg_dump --clean --if-exists > /backup/dump.sql volumeMounts: - name: backup-tmp mountPath: /backup containers: - name: resticprofile image: creativeprojects/resticprofile:0.32.0 command: - sh - -c - | resticprofile -c /secrets/profiles.yaml -n immich-db backup resticprofile -c /secrets/profiles.yaml -n immich-db copy env: - name: B2_ACCOUNT_ID valueFrom: secretKeyRef: name: immich-backup-config key: B2_ACCOUNT_ID - name: B2_ACCOUNT_KEY valueFrom: secretKeyRef: name: immich-backup-config key: B2_ACCOUNT_KEY volumeMounts: - name: secrets mountPath: /secrets readOnly: true - name: backup-tmp mountPath: /backup volumes: - name: secrets secret: secretName: immich-backup-config - name: backup-tmp emptyDir: {} --- apiVersion: batch/v1 kind: CronJob metadata: name: immich-library-backup namespace: immich labels: app: immich-backup spec: schedule: "0 4 * * *" concurrencyPolicy: Forbid successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 jobTemplate: spec: template: metadata: labels: app: immich-backup spec: restartPolicy: OnFailure containers: - name: resticprofile image: creativeprojects/resticprofile:0.32.0 command: - sh - -c - | resticprofile -c /secrets/profiles.yaml -n immich-library backup resticprofile -c /secrets/profiles.yaml -n immich-library copy env: - name: B2_ACCOUNT_ID valueFrom: secretKeyRef: name: immich-backup-config key: B2_ACCOUNT_ID - name: B2_ACCOUNT_KEY valueFrom: secretKeyRef: name: immich-backup-config key: B2_ACCOUNT_KEY volumeMounts: - name: secrets mountPath: /secrets readOnly: true - name: library mountPath: /data readOnly: true resources: requests: cpu: 100m memory: 256Mi limits: memory: 1Gi volumes: - name: secrets secret: secretName: immich-backup-config - name: library persistentVolumeClaim: claimName: immich-library