diff --git a/clusters/cl01tl/applications/immich/Chart.yaml b/clusters/cl01tl/applications/immich/Chart.yaml new file mode 100644 index 000000000..a13b02027 --- /dev/null +++ b/clusters/cl01tl/applications/immich/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +name: immich +version: 1.0.0 +description: Immich +keywords: + - immich + - photos +home: https://wiki.alexlebens.dev/doc/immich-AVxvAWeWQ5 +sources: + - https://github.com/immich-app/immich + - https://github.com/valkey-io/valkey + - https://github.com/cloudnative-pg/cloudnative-pg + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/bitnami/charts/tree/main/bitnami/valkey + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: immich + repository: https://bjw-s.github.io/helm-charts/ + version: 3.4.0 + - name: valkey + version: 1.0.0 + repository: https://charts.bitnami.com/bitnami + - name: postgres-cluster + alias: postgres-16-cluster + version: 3.12.1 + repository: http://alexlebens.github.io/helm-charts +icon: https://raw.githubusercontent.com/immich-app/immich/main/design/immich-logo.svg +appVersion: v1.106.1 diff --git a/clusters/cl01tl/applications/immich/templates/external-secrets.yaml b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml new file mode 100644 index 000000000..8911a9213 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml @@ -0,0 +1,55 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: immich-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: config + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: immich-config.yaml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/immich/config + metadataPolicy: None + property: immich-config.yaml + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: immich-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-immich-postgresql + metadataPolicy: None + property: access_key + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-immich-postgresql + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..1cdc938d9 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: immich-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml b/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml new file mode 100644 index 000000000..f7548d5a8 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: immich-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Photos + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/immich/values.yaml b/clusters/cl01tl/applications/immich/values.yaml new file mode 100644 index 000000000..f3d8f5e3e --- /dev/null +++ b/clusters/cl01tl/applications/immich/values.yaml @@ -0,0 +1,249 @@ +immich: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/immich-app/immich-server + tag: v1.106.1 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + - name: IMMICH_METRICS + value: true + - name: IMMICH_CONFIG_FILE + value: /config/immich-config.yaml + - name: IMMICH_MACHINE_LEARNING_URL + value: http://immich-machine-learning.immich:3003 + - name: REDIS_HOSTNAME + value: immich-valkey-master + - name: DB_VECTOR_EXTENSION + value: pgvecto.rs + - name: DB_HOSTNAME + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: host + - name: DB_DATABASE_NAME + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: dbname + - name: DB_PORT + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: port + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: password + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /api/server-info/ping + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /api/server-info/ping + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + startup: + enabled: true + custom: true + spec: + httpGet: + path: /api/server-info/ping + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 30 + resources: + requests: + gpu.intel.com/i915: 1 + cpu: 100m + memory: 256Mi + machine-learning: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/immich-app/immich-machine-learning + tag: v1.106.1 + pullPolicy: IfNotPresent + env: + - name: TRANSFORMERS_CACHE + value: /cache + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + startup: + enabled: false + resources: + requests: + gpu.intel.com/i915: 1 + cpu: 100m + memory: 256Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 3001 + targetPort: 3001 + protocol: TCP + metrics-api: + port: 8081 + targetPort: 8081 + protocol: TCP + metrics-ms: + port: 8082 + targetPort: 8082 + protocol: TCP + machine-learning: + controller: machine-learning + ports: + http: + port: 3003 + targetPort: 3003 + protocol: TCP + serviceMonitor: + main: + serviceName: immich-main + endpoints: + - port: metrics-api + scheme: http + - port: metrics-ms + scheme: http + ingress: + main: + enabled: true + className: tailscale + hosts: + - host: immich-cl01tl + paths: + - path: / + pathType: Prefix + service: + name: immich-main + port: 3001 + tls: + - hosts: + - immich-cl01tl + persistence: + config: + enabled: true + type: secret + name: immich-config-secret + advancedMounts: + main: + main: + - path: /config/immich-config.yaml + readOnly: true + mountPropagation: None + subPath: immich-config.yaml + media: + existingClaim: immich-nfs-storage + advancedMounts: + main: + main: + - path: /usr/src/app/upload + readOnly: true + cache: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 10Gi + retain: true + advancedMounts: + machine-learning: + main: + - path: /cache + readOnly: false +valkey: + architecture: standalone + auth: + enabled: false +postgres-16-cluster: + # Tensorchord + #--- https://github.com/immich-app/immich/discussions/9060 + #--- https://docs.pgvecto.rs/admin/kubernetes.html + #--- https://github.com/tensorchord/cloudnative-pgvecto.rs + type: tensorchord + mode: standalone + cluster: + image: + repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs + tag: 16.4-v0.3.0 + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + prometheusRule: + enabled: false + postgresql: + parameters: + shared_buffers: 256MB + backup: + enabled: false + endpointURL: https://s3.us-east-2.amazonaws.com + destinationPath: s3://cl01tl-postgresql-backups/immich + endpointCredentials: immich-postgresql-16-cluster-backup-secret + backupIndex: 1 + tags: + backupRetentionPolicy: "expire" + user: "cl01tl-immich-postgresql" + historyTags: + backupRetentionPolicy: "keep" + user: "cl01tl-immich-postgresql"