eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

P6: Kiwix and Transmission migration planning #35

Merged
eblume merged 3 commits from feature/p6-kiwix-planning into main 2026-01-20 18:42:11 -08:00
Conversation 0 Commits 3 Files changed 1 +32 -23
1 changed files with 32 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit c0a2b100ac - Show all commits

P6: Update plan for dedicated Synology user and mark torrents volume done

Prev Next 
- Mark SMB share creation as DONE (torrents volume already exists)
- Add prerequisite for dedicated k8s-smb Synology user
- Update all 1Password references from synology-smb-torrents to synology-smb-k8s
- Update verification checklist accordingly

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Erich Blume 2026-01-20 17:59:27 -08:00
commit c0a2b100ac

55
plans/k8s-migration/P6_kiwix.md
View file

@ -118,20 +118,28 @@ This allows adding new ZIM archives by:
## Prerequisites (Manual Steps)
### 1. Configure SMB Share on Sifaka (USER ACTION REQUIRED)
### 1. Configure SMB Share on Sifaka
On Synology DSM:
1. Create shared folder: `torrents`
- Location: `/volume1/torrents`
- No compression, no encryption
2. SMB is enabled by default on Synology; verify at Control Panel → File Services → SMB
3. Set permissions on the `torrents` share:
- Give your user (eblume) Read/Write access
4. Create or note credentials for k8s access:
- Can use existing Synology user credentials
- Store in 1Password for later k8s Secret creation
**Status: DONE** - The `torrents` shared folder has been created at `/volume1/torrents`.
### 2. Mirror SMB CSI Driver Helm Chart to Forge (USER ACTION REQUIRED)
### 2. Create Dedicated Synology User for Kubernetes (USER ACTION REQUIRED)
Create a dedicated Synology user for k8s SMB access (do not use personal account):
On Synology DSM (Control Panel → User & Group):
1. Create new user: `k8s-smb` (or similar)
- Set a strong password
- No admin privileges needed
- Deny access to all applications (only needs file services)
2. Set permissions on the `torrents` share:
- Give `k8s-smb` user Read/Write access
- Remove or limit other user access as appropriate
3. Store credentials in 1Password:
- Vault: `vg6xf6vvfmoh5hqjjhlhbeoaie` (blumeops vault)
- Item name: `synology-smb-k8s`
- Fields: `username` (k8s-smb), `password`
### 3. Mirror SMB CSI Driver Helm Chart to Forge (USER ACTION REQUIRED)
Mirror the SMB CSI driver chart to forge for GitOps deployment:
@ -146,7 +154,7 @@ git remote add forge ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/csi-driver
git push forge --all --tags
```
### 3. Copy Existing Downloads to Sifaka
### 4. Copy Existing Downloads to Sifaka
Before migration, copy existing downloads to avoid re-downloading ~138GB:
@ -161,12 +169,12 @@ rsync -avP ~/transmission/ /Volumes/torrents/
ls -la /Volumes/torrents/*.zim
```
### 4. Store SMB Credentials in 1Password
### 5. Store SMB Credentials in 1Password
Create a 1Password item for Synology SMB credentials:
**Note:** This is covered in step 2 above. The 1Password item should be:
- Vault: `vg6xf6vvfmoh5hqjjhlhbeoaie` (blumeops vault)
- Item name: `synology-smb-torrents`
- Fields: `username`, `password`
- Item name: `synology-smb-k8s`
- Fields: `username` (k8s-smb), `password`
---
@ -256,8 +264,8 @@ spec:
# Template - apply manually with credentials from 1Password
# kubectl --context=minikube create secret generic smbcreds \
# --namespace torrent \
# --from-literal=username=$(op read "op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-torrents/username") \
# --from-literal=password=$(op read "op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-torrents/password")
# --from-literal=username=$(op read "op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-k8s/username") \
# --from-literal=password=$(op read "op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-k8s/password")
apiVersion: v1
kind: Secret
metadata:
@ -265,8 +273,8 @@ metadata:
namespace: torrent
type: Opaque
stringData:
username: "{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-torrents/username }}"
password: "{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-torrents/password }}"
username: "{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-k8s/username }}"
password: "{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-k8s/password }}"
```
---
@ -1102,10 +1110,11 @@ If migration fails:
## Verification Checklist
- [ ] SMB share configured on sifaka (`/volume1/torrents`)
- [x] SMB share configured on sifaka (`/volume1/torrents`)
- [ ] Dedicated Synology user (`k8s-smb`) created for k8s access
- [ ] SMB CSI driver deployed to k8s
- [ ] Existing downloads copied to sifaka
- [ ] SMB credentials secret created in k8s
- [ ] SMB credentials secret created in k8s (using `k8s-smb` user)
- [ ] Transmission pod running in k8s (`torrent` namespace)
- [ ] https://torrent.tail8d86e.ts.net accessible (web UI)
- [ ] Can add torrents manually via web UI