alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

add immich

Browse Source
This commit is contained in:
Alex Lebens
2024-09-28 16:49:01 -05:00
parent e2d9f3a727
commit 329b1533ff
5 changed files with 379 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
clusters/cl01tl/applications/immich/Chart.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: v2
name: immich
version: 1.0.0
description: Immich
keywords:
- immich
- photos
home: https://wiki.alexlebens.dev/doc/immich-AVxvAWeWQ5
sources:
- https://github.com/immich-app/immich
- https://github.com/valkey-io/valkey
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: immich
repository: https://bjw-s.github.io/helm-charts/
version: 3.4.0
- name: valkey
version: 1.0.0
repository: https://charts.bitnami.com/bitnami
- name: postgres-cluster
alias: postgres-16-cluster
version: 3.12.1
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/immich-app/immich/main/design/immich-logo.svg
appVersion: v1.106.1

55
clusters/cl01tl/applications/immich/templates/external-secrets.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: immich-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: config
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: immich-config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/immich/config
metadataPolicy: None
property: immich-config.yaml
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: immich-postgresql-16-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-postgresql-16-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-immich-postgresql
metadataPolicy: None
property: access_key
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-immich-postgresql
metadataPolicy: None
property: secret_key

19
clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: immich-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl/applications/immich/templates/persistent-volume.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: immich-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Photos
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

249
clusters/cl01tl/applications/immich/values.yaml Normal file
View File

@@ -0,0 +1,249 @@
immich:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.106.1
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: IMMICH_METRICS
value: true
- name: IMMICH_CONFIG_FILE
value: /config/immich-config.yaml
- name: IMMICH_MACHINE_LEARNING_URL
value: http://immich-machine-learning.immich:3003
- name: REDIS_HOSTNAME
value: immich-valkey-master
- name: DB_VECTOR_EXTENSION
value: pgvecto.rs
- name: DB_HOSTNAME
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: host
- name: DB_DATABASE_NAME
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: dbname
- name: DB_PORT
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: port
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: password
probes:
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /api/server-info/ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness:
enabled: true
custom: true
spec:
httpGet:
path: /api/server-info/ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
startup:
enabled: true
custom: true
spec:
httpGet:
path: /api/server-info/ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 30
resources:
requests:
gpu.intel.com/i915: 1
cpu: 100m
memory: 256Mi
machine-learning:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/immich-app/immich-machine-learning
tag: v1.106.1
pullPolicy: IfNotPresent
env:
- name: TRANSFORMERS_CACHE
value: /cache
probes:
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness:
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
startup:
enabled: false
resources:
requests:
gpu.intel.com/i915: 1
cpu: 100m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 3001
targetPort: 3001
protocol: TCP
metrics-api:
port: 8081
targetPort: 8081
protocol: TCP
metrics-ms:
port: 8082
targetPort: 8082
protocol: TCP
machine-learning:
controller: machine-learning
ports:
http:
port: 3003
targetPort: 3003
protocol: TCP
serviceMonitor:
main:
serviceName: immich-main
endpoints:
- port: metrics-api
scheme: http
- port: metrics-ms
scheme: http
ingress:
main:
enabled: true
className: tailscale
hosts:
- host: immich-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: immich-main
port: 3001
tls:
- hosts:
- immich-cl01tl
persistence:
config:
enabled: true
type: secret
name: immich-config-secret
advancedMounts:
main:
main:
- path: /config/immich-config.yaml
readOnly: true
mountPropagation: None
subPath: immich-config.yaml
media:
existingClaim: immich-nfs-storage
advancedMounts:
main:
main:
- path: /usr/src/app/upload
readOnly: true
cache:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
machine-learning:
main:
- path: /cache
readOnly: false
valkey:
architecture: standalone
auth:
enabled: false
postgres-16-cluster:
# Tensorchord
#--- https://github.com/immich-app/immich/discussions/9060
#--- https://docs.pgvecto.rs/admin/kubernetes.html
#--- https://github.com/tensorchord/cloudnative-pgvecto.rs
type: tensorchord
mode: standalone
cluster:
image:
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
tag: 16.4-v0.3.0
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: false
postgresql:
parameters:
shared_buffers: 256MB
backup:
enabled: false
endpointURL: https://s3.us-east-2.amazonaws.com
destinationPath: s3://cl01tl-postgresql-backups/immich
endpointCredentials: immich-postgresql-16-cluster-backup-secret
backupIndex: 1
tags:
backupRetentionPolicy: "expire"
user: "cl01tl-immich-postgresql"
historyTags:
backupRetentionPolicy: "keep"
user: "cl01tl-immich-postgresql"