2424 wal_compression : " on"
2525 pg_hba :
2626 - host all all 0.0.0.0/0 md5
27- # === NORMAL OPERATION ===
28- # bootstrap:
29- # initdb:
30- # database: immich
31- # owner: immich
32- # secret:
33- # name: immich-app-secret
34- # postInitApplicationSQL:
35- # - CREATE EXTENSION IF NOT EXISTS vchord CASCADE;
36- # - CREATE EXTENSION IF NOT EXISTS vector;
37- # - CREATE EXTENSION IF NOT EXISTS earthdistance CASCADE;
38- # - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "immich";
39- # - GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO "immich";
40- # - ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "immich";
41- # - ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO "immich";
42- # === DISASTER RECOVERY ===
43- # 1. Comment out the initdb bootstrap above
44- # 2. Uncomment the recovery bootstrap + externalClusters below
45- # 3. Update serverName in externalClusters to match CURRENT backup.serverName (immich-database-v3)
46- # 4. Bump backup.serverName to next version (e.g. immich-database-v3)
47- # 5. Apply directly with: kubectl kustomize ... | kubectl create -f -
48- # (ArgoCD SSA + CNPG webhook = initdb always wins, must bypass ArgoCD)
49- # 6. After recovery completes, revert to initdb and push
50- # IMPORTANT: keep backup.serverName at the bumped value (e.g. v3), do NOT revert to v2.
51- # For the next DR event, recovery source becomes v3 and backup target becomes v4.
52- #
5327 bootstrap :
5428 initdb :
5529 database : immich
@@ -64,15 +38,11 @@ spec:
6438 - GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO "immich";
6539 - ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "immich";
6640 - ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO "immich";
67- # === DISASTER RECOVERY REFERENCE (DO NOT UNCOMMENT BOTH BOOTSTRAP METHODS) ===
68- # For next recovery, see docs/cnpg-disaster-recovery.md#recovery-procedure
69- # Step 1: Comment out initdb block above
70- # Step 2: Uncomment recovery block and externalClusters below
71- # Step 3: Update serverName to CURRENT backup target (currently: immich-database-v3)
72- # Step 4: Bump backup.serverName below to next version (e.g. v4)
73- # Step 5: Manual kubectl create bypass required (webhook blocks > 1 bootstrap method)
74- # Step 6: After recovery succeeds, revert to initdb and keep bumped serverName
75- # IMPORTANT: Keep bootstrap methods mutually exclusive! CNPG webhook enforces this.
41+ # === DISASTER RECOVERY ===
42+ # See docs/cnpg-disaster-recovery.md for full procedure
43+ # Recovery source: immich-database-v4 (current backup lineage)
44+ # Next recovery target: immich-database-v5
45+ # IMPORTANT: Recovery code must NOT be committed to Git (CNPG webhook rejects dual bootstrap)
7646 storage :
7747 size : 20Gi
7848 storageClass : longhorn
8454 enablePodMonitor : true
8555 backup :
8656 barmanObjectStore :
87- serverName : immich-database-v3
57+ serverName : immich-database-v4
8858 destinationPath : s3://postgres-backups/cnpg/immich
8959 endpointURL : http://192.168.10.133:30293
9060 s3Credentials :
0 commit comments