diff --git a/clusters/cl01tl/applications/immich/Chart.yaml b/clusters/cl01tl/applications/immich/Chart.yaml new file mode 100644 index 000000000..47910a0c5 --- /dev/null +++ b/clusters/cl01tl/applications/immich/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +name: immich +version: 1.0.0 +description: Immich +keywords: + - immich + - photos +home: https://wiki.alexlebens.dev/doc/immich-AVxvAWeWQ5 +sources: + - https://github.com/immich-app/immich + - https://github.com/valkey-io/valkey + - https://github.com/cloudnative-pg/cloudnative-pg + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/bitnami/charts/tree/main/bitnami/valkey + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: immich + repository: https://bjw-s.github.io/helm-charts/ + version: 3.6.1 + - name: valkey + version: 2.2.3 + repository: https://charts.bitnami.com/bitnami + - name: postgres-cluster + alias: postgres-16-cluster + version: 4.1.4 + repository: http://alexlebens.github.io/helm-charts +icon: https://raw.githubusercontent.com/immich-app/immich/main/design/immich-logo.svg +appVersion: v1.123.0 diff --git a/clusters/cl01tl/applications/immich/templates/external-secrets.yaml b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml new file mode 100644 index 000000000..005b7cfc1 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml @@ -0,0 +1,55 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: immich-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: config + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: immich.json + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/immich/config + metadataPolicy: None + property: immich.json + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: immich-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: access + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: secret diff --git a/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..1cdc938d9 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: immich-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml b/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml new file mode 100644 index 000000000..9a7c071c2 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: immich-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Immich + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/immich/templates/service-monitor.yaml b/clusters/cl01tl/applications/immich/templates/service-monitor.yaml new file mode 100644 index 000000000..353c1c2f2 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/service-monitor.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: immich + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: immich + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: metrics-api + interval: 3m + scrapeTimeout: 1m + path: /metrics + - port: metrics-ms + interval: 3m + scrapeTimeout: 1m + path: /metrics diff --git a/clusters/cl01tl/applications/immich/values.yaml b/clusters/cl01tl/applications/immich/values.yaml new file mode 100644 index 000000000..0a4ed0998 --- /dev/null +++ b/clusters/cl01tl/applications/immich/values.yaml @@ -0,0 +1,250 @@ +immich: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/immich-app/immich-server + tag: v1.125.7 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + - name: IMMICH_TELEMETRY_INCLUDE + value: all + - name: CPU_CORES + value: /config/immich.json + - name: IMMICH_MACHINE_LEARNING_URL + value: http://immich-machine-learning.immich:3003 + - name: REDIS_HOSTNAME + value: immich-valkey-primary + - name: DB_VECTOR_EXTENSION + value: pgvecto.rs + - name: DB_HOSTNAME + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: host + - name: DB_DATABASE_NAME + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: dbname + - name: DB_PORT + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: port + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: password + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /api/server/ping + port: 2283 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /api/server/ping + port: 2283 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + startup: + enabled: true + custom: true + spec: + httpGet: + path: /api/server/ping + port: 2283 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 30 + resources: + requests: + gpu.intel.com/i915: 1 + cpu: 10m + memory: 512Mi + limits: + gpu.intel.com/i915: 1 + cpu: 2 + machine-learning: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/immich-app/immich-machine-learning + tag: v1.125.7 + pullPolicy: IfNotPresent + env: + - name: TRANSFORMERS_CACHE + value: /cache + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: 3003 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: 3003 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + startup: + enabled: false + resources: + requests: + gpu.intel.com/i915: 1 + cpu: 10m + memory: 256Mi + limits: + gpu.intel.com/i915: 1 + cpu: 8 + memory: 10Gi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 2283 + targetPort: 2283 + protocol: TCP + metrics-api: + port: 8081 + targetPort: 8081 + protocol: TCP + metrics-ms: + port: 8082 + targetPort: 8082 + protocol: TCP + machine-learning: + controller: machine-learning + ports: + http: + port: 3003 + targetPort: 3003 + protocol: TCP + ingress: + main: + enabled: true + className: tailscale + hosts: + - host: immich-cl01tl + paths: + - path: / + pathType: Prefix + service: + name: immich-main + port: 2283 + tls: + - hosts: + - immich-cl01tl + persistence: + config: + enabled: true + type: secret + name: immich-config-secret + advancedMounts: + main: + main: + - path: /config/immich.json + readOnly: true + mountPropagation: None + subPath: immich.json + media: + existingClaim: immich-nfs-storage + advancedMounts: + main: + main: + - path: /usr/src/app/upload + readOnly: false + cache: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 10Gi + retain: true + advancedMounts: + machine-learning: + main: + - path: /cache + readOnly: false +valkey: + architecture: standalone + auth: + enabled: false + primary: + persistence: + enabled: false + replica: + persistence: + enabled: false +postgres-16-cluster: + # Tensorchord + #--- https://github.com/immich-app/immich/discussions/9060 + #--- https://docs.pgvecto.rs/admin/kubernetes.html + #--- https://github.com/tensorchord/cloudnative-pgvecto.rs + type: tensorchord + mode: standalone + cluster: + image: + repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs + tag: 16.3-v0.2.1 + walStorage: + storageClass: local-path + storage: + storageClass: local-path + resources: + requests: + memory: 384Mi + cpu: 200m + monitoring: + enabled: true + postgresql: + parameters: + shared_buffers: 256MB + backup: + enabled: false + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-16-cluster + endpointCredentials: immich-postgresql-16-cluster-backup-secret + backupIndex: 1