Erich Blume
431d538ab1
Row counts verified equal between source (minikube) and replica (ringtail) across asset (12681), user (1), album (28), smart_search (9624), activity (0), asset_face (3917). Source immich is scaled to 0 — no writes since the basebackup completed. Flipping replica.enabled=false to promote. The externalClusters and bootstrap.pg_basebackup blocks are left in place as documentation (CNPG ignores them after initialization). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
85 lines
2.3 KiB
YAML
85 lines
2.3 KiB
YAML
# PostgreSQL Cluster for Immich on ringtail k3s.
|
|
#
|
|
# Initial bring-up is via CNPG pg_basebackup against the minikube
|
|
# immich-pg cluster (reachable on the tailnet at
|
|
# immich-pg.tail8d86e.ts.net). Once the basebackup completes and
|
|
# the replica catches up, set replica.enabled=false to promote.
|
|
#
|
|
# After promotion, the externalClusters and bootstrap blocks can be
|
|
# left in place (CNPG ignores them once initialized) or pruned in a
|
|
# follow-up commit. See [[immich-pg-data-migration]] for procedure.
|
|
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: immich-pg
|
|
namespace: databases
|
|
spec:
|
|
instances: 1
|
|
imageName: ghcr.io/tensorchord/cloudnative-vectorchord:17-0.5.0
|
|
|
|
storage:
|
|
size: 10Gi
|
|
storageClass: local-path
|
|
|
|
# Promoted away from the minikube source on 2026-05-13.
|
|
# The externalClusters + bootstrap.pg_basebackup blocks below are
|
|
# ignored by CNPG once the cluster is initialized; left in place
|
|
# so the manifest documents how this cluster came to exist. Remove
|
|
# in a follow-up once the minikube source is decommissioned.
|
|
replica:
|
|
enabled: false
|
|
source: source-immich-pg
|
|
|
|
# Bootstrap from the source via pg_basebackup.
|
|
bootstrap:
|
|
pg_basebackup:
|
|
source: source-immich-pg
|
|
|
|
externalClusters:
|
|
- name: source-immich-pg
|
|
connectionParameters:
|
|
host: immich-pg.tail8d86e.ts.net
|
|
user: streaming_replica
|
|
sslmode: verify-ca
|
|
dbname: postgres
|
|
sslCert:
|
|
name: source-immich-pg-replication
|
|
key: tls.crt
|
|
sslKey:
|
|
name: source-immich-pg-replication
|
|
key: tls.key
|
|
sslRootCert:
|
|
name: source-immich-pg-ca
|
|
key: ca.crt
|
|
|
|
# Managed roles (applied after promotion)
|
|
managed:
|
|
roles:
|
|
- name: borgmatic
|
|
login: true
|
|
connectionLimit: -1
|
|
ensure: present
|
|
inherit: true
|
|
inRoles:
|
|
- pg_read_all_data
|
|
passwordSecret:
|
|
name: immich-pg-borgmatic
|
|
|
|
resources:
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1Gi"
|
|
cpu: "500m"
|
|
|
|
postgresql:
|
|
shared_preload_libraries:
|
|
- "vchord.so"
|
|
parameters:
|
|
max_connections: "50"
|
|
shared_buffers: "128MB"
|
|
password_encryption: "scram-sha-256"
|
|
pg_hba:
|
|
- host all all 0.0.0.0/0 scram-sha-256
|
|
- host all all ::/0 scram-sha-256
|