C2(migrate-immich-to-ringtail): impl add ringtail-side NFS PV/PVC for immich library

Mirrors argocd/manifests/immich/pv-nfs.yaml + pvc.yaml. PV renamed to immich-library-nfs-pv-ringtail to avoid confusion with the minikube side (PVs are cluster-scoped; both can coexist). Initial kustomization.yaml in argocd/manifests/immich-ringtail/ holds just the storage bits today; deployments/services/ingress will be added in immich-app-on-ringtail. Verified: PVC binds to PV on k3s-ringtail; mount test from a busybox pod read existing photo library dirs, wrote and deleted a test file. DNS resolves sifaka to 192.168.1.203 so NFS traffic stays on the LAN, off the tailnet. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 12:42:59 -07:00 · 2026-05-13 12:42:59 -07:00 · a92ce5cee8
commit a92ce5cee8
parent 65a6c9ec3e
3 changed files with 54 additions and 0 deletions
--- a/argocd/manifests/immich-ringtail/kustomization.yaml
+++ b/argocd/manifests/immich-ringtail/kustomization.yaml
@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: immich
+
+# Storage scaffolding for the ringtail-side Immich deployment.
+# The Deployments/Services/Ingress land in immich-app-on-ringtail.
+resources:
+  - pv-nfs.yaml
+  - pvc.yaml
--- a/argocd/manifests/immich-ringtail/pv-nfs.yaml
+++ b/argocd/manifests/immich-ringtail/pv-nfs.yaml
@ -0,0 +1,29 @@
+# NFS PersistentVolume for Immich photo library on ringtail k3s.
+#
+# Mirror of argocd/manifests/immich/pv-nfs.yaml (minikube) but with
+# a distinct name (minikube and ringtail are separate clusters, so PV
+# names don't collide cluster-side, but using the same name in two
+# manifests is confusing).
+#
+# The sifaka NFS export for /volume1/photos already permits
+# 192.168.1.0/24 + 100.64.0.0/10. Ringtail's wired IP (192.168.1.21)
+# falls in the first CIDR, so no DSM rule changes are needed.
+#
+# Verified 2026-05-13: ringtail pod can read existing dirs, write
+# new files, and delete them. DNS resolves sifaka to 192.168.1.203
+# (LAN), so NFS traffic stays off the tailnet — avoids the known
+# sifaka-tailscale-userspace bite.
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: immich-library-nfs-pv-ringtail
+spec:
+  capacity:
+    storage: 2Ti
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: ""
+  nfs:
+    server: sifaka
+    path: /volume1/photos
--- a/argocd/manifests/immich-ringtail/pvc.yaml
+++ b/argocd/manifests/immich-ringtail/pvc.yaml
@ -0,0 +1,15 @@
+# PersistentVolumeClaim for Immich photo library on ringtail.
+# Binds to immich-library-nfs-pv-ringtail (sifaka:/volume1/photos).
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-library
+  namespace: immich
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  volumeName: immich-library-nfs-pv-ringtail
+  resources:
+    requests:
+      storage: 2Ti