161 lines
4.7 KiB
YAML
161 lines
4.7 KiB
YAML
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: immich-backup-cache
|
|
namespace: immich
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
storageClassName: nfs-synology-ssd
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: immich-db-backup
|
|
namespace: immich
|
|
labels:
|
|
app: immich-backup
|
|
spec:
|
|
schedule: "0 3 * * *"
|
|
concurrencyPolicy: Forbid
|
|
successfulJobsHistoryLimit: 3
|
|
failedJobsHistoryLimit: 3
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: immich-backup
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
initContainers:
|
|
- name: pg-dump
|
|
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
|
|
env:
|
|
- name: PGHOST
|
|
value: immich-db
|
|
- name: PGUSER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: immich-credentials
|
|
key: DB_USERNAME
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: immich-credentials
|
|
key: DB_PASSWORD
|
|
- name: PGDATABASE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: immich-credentials
|
|
key: DB_DATABASE_NAME
|
|
command:
|
|
- sh
|
|
- -c
|
|
- pg_dump --clean --if-exists > /backup/dump.sql
|
|
volumeMounts:
|
|
- name: backup-tmp
|
|
mountPath: /backup
|
|
containers:
|
|
- name: resticprofile
|
|
image: creativeprojects/resticprofile:0.32.0
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
resticprofile -c /secrets/profiles.yaml -n immich-db backup
|
|
resticprofile -c /secrets/profiles.yaml -n immich-db copy
|
|
env:
|
|
- name: B2_ACCOUNT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: immich-backup-config
|
|
key: B2_ACCOUNT_ID
|
|
- name: B2_ACCOUNT_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: immich-backup-config
|
|
key: B2_ACCOUNT_KEY
|
|
volumeMounts:
|
|
- name: secrets
|
|
mountPath: /secrets
|
|
readOnly: true
|
|
- name: backup-tmp
|
|
mountPath: /backup
|
|
volumes:
|
|
- name: secrets
|
|
secret:
|
|
secretName: immich-backup-config
|
|
- name: backup-tmp
|
|
emptyDir: {}
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: immich-library-backup
|
|
namespace: immich
|
|
labels:
|
|
app: immich-backup
|
|
spec:
|
|
schedule: "0 4 * * *"
|
|
concurrencyPolicy: Forbid
|
|
successfulJobsHistoryLimit: 3
|
|
failedJobsHistoryLimit: 3
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: immich-backup
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: resticprofile
|
|
image: creativeprojects/resticprofile:0.32.0
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
resticprofile -c /secrets/profiles.yaml -n immich-library backup
|
|
resticprofile -c /secrets/profiles.yaml -n immich-library copy
|
|
env:
|
|
- name: B2_ACCOUNT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: immich-backup-config
|
|
key: B2_ACCOUNT_ID
|
|
- name: B2_ACCOUNT_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: immich-backup-config
|
|
key: B2_ACCOUNT_KEY
|
|
- name: RESTIC_CACHE_DIR
|
|
value: /cache
|
|
volumeMounts:
|
|
- name: secrets
|
|
mountPath: /secrets
|
|
readOnly: true
|
|
- name: library
|
|
mountPath: /data
|
|
readOnly: true
|
|
- name: cache
|
|
mountPath: /cache
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
memory: 1Gi
|
|
volumes:
|
|
- name: secrets
|
|
secret:
|
|
secretName: immich-backup-config
|
|
- name: library
|
|
persistentVolumeClaim:
|
|
claimName: immich-library
|
|
- name: cache
|
|
persistentVolumeClaim:
|
|
claimName: immich-backup-cache
|