From eee68d208bf97b8de20ac29940a8edfa0337c5ec Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Mon, 3 Mar 2025 17:30:05 -0600 Subject: [PATCH] add immich --- .../cl01tl/applications/immich/Chart.yaml | 31 +++ .../immich/templates/external-secrets.yaml | 55 ++++ .../immich/templates/http-route.yaml | 30 +++ .../templates/persistent-volume-claim.yaml | 19 ++ .../immich/templates/persistent-volume.yaml | 25 ++ .../immich/templates/service-monitor.yaml | 25 ++ .../cl01tl/applications/immich/values.yaml | 240 ++++++++++++++++++ 7 files changed, 425 insertions(+) create mode 100644 clusters/cl01tl/applications/immich/Chart.yaml create mode 100644 clusters/cl01tl/applications/immich/templates/external-secrets.yaml create mode 100644 clusters/cl01tl/applications/immich/templates/http-route.yaml create mode 100644 clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml create mode 100644 clusters/cl01tl/applications/immich/templates/persistent-volume.yaml create mode 100644 clusters/cl01tl/applications/immich/templates/service-monitor.yaml create mode 100644 clusters/cl01tl/applications/immich/values.yaml diff --git a/clusters/cl01tl/applications/immich/Chart.yaml b/clusters/cl01tl/applications/immich/Chart.yaml new file mode 100644 index 000000000..58cb3b7ae --- /dev/null +++ b/clusters/cl01tl/applications/immich/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +name: immich +version: 1.0.0 +description: Immich +keywords: + - immich + - photos +home: https://wiki.alexlebens.dev/doc/immich-AVxvAWeWQ5 +sources: + - https://github.com/immich-app/immich + - https://github.com/valkey-io/valkey + - https://github.com/cloudnative-pg/cloudnative-pg + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/bitnami/charts/tree/main/bitnami/valkey + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: immich + repository: https://bjw-s.github.io/helm-charts/ + version: 3.7.1 + - name: valkey + version: 2.4.0 + repository: https://charts.bitnami.com/bitnami + - name: postgres-cluster + alias: postgres-16-cluster + version: 4.2.0 + repository: http://alexlebens.github.io/helm-charts +icon: https://raw.githubusercontent.com/immich-app/immich/main/design/immich-logo.svg +appVersion: v1.123.0 diff --git a/clusters/cl01tl/applications/immich/templates/external-secrets.yaml b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml new file mode 100644 index 000000000..005b7cfc1 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml @@ -0,0 +1,55 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: immich-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: config + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: immich.json + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/immich/config + metadataPolicy: None + property: immich.json + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: immich-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: access + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: secret diff --git a/clusters/cl01tl/applications/immich/templates/http-route.yaml b/clusters/cl01tl/applications/immich/templates/http-route.yaml new file mode 100644 index 000000000..f4e72d4c5 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/http-route.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-route-immich + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: http-route-immich + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - immich.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: immich-main + port: 2283 + weight: 100 diff --git a/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..1cdc938d9 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: immich-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml b/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml new file mode 100644 index 000000000..9a7c071c2 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: immich-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Immich + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/immich/templates/service-monitor.yaml b/clusters/cl01tl/applications/immich/templates/service-monitor.yaml new file mode 100644 index 000000000..353c1c2f2 --- /dev/null +++ b/clusters/cl01tl/applications/immich/templates/service-monitor.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: immich + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: immich + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: metrics-api + interval: 3m + scrapeTimeout: 1m + path: /metrics + - port: metrics-ms + interval: 3m + scrapeTimeout: 1m + path: /metrics diff --git a/clusters/cl01tl/applications/immich/values.yaml b/clusters/cl01tl/applications/immich/values.yaml new file mode 100644 index 000000000..d76dee4b6 --- /dev/null +++ b/clusters/cl01tl/applications/immich/values.yaml @@ -0,0 +1,240 @@ +immich: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/immich-app/immich-server + tag: v1.128.0 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + - name: IMMICH_TELEMETRY_INCLUDE + value: all + - name: IMMICH_CONFIG_FILE + value: /config/immich.json + - name: IMMICH_MACHINE_LEARNING_URL + value: http://immich-machine-learning.immich:3003 + - name: REDIS_HOSTNAME + value: immich-valkey-primary + - name: DB_VECTOR_EXTENSION + value: pgvecto.rs + - name: DB_HOSTNAME + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: host + - name: DB_DATABASE_NAME + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: dbname + - name: DB_PORT + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: port + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: immich-postgresql-16-cluster-app + key: password + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /api/server/ping + port: 2283 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /api/server/ping + port: 2283 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + startup: + enabled: true + custom: true + spec: + httpGet: + path: /api/server/ping + port: 2283 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 30 + resources: + requests: + gpu.intel.com/i915: 1 + cpu: 10m + memory: 512Mi + limits: + gpu.intel.com/i915: 1 + cpu: 2 + machine-learning: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/immich-app/immich-machine-learning + tag: v1.128.0 + pullPolicy: IfNotPresent + env: + - name: TRANSFORMERS_CACHE + value: /cache + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: 3003 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: 3003 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + startup: + enabled: false + resources: + requests: + gpu.intel.com/i915: 1 + cpu: 10m + memory: 256Mi + limits: + gpu.intel.com/i915: 1 + cpu: 8 + memory: 10Gi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 2283 + targetPort: 2283 + protocol: TCP + metrics-api: + port: 8081 + targetPort: 8081 + protocol: TCP + metrics-ms: + port: 8082 + targetPort: 8082 + protocol: TCP + machine-learning: + controller: machine-learning + ports: + http: + port: 3003 + targetPort: 3003 + protocol: TCP + persistence: + config: + enabled: true + type: secret + name: immich-config-secret + advancedMounts: + main: + main: + - path: /config/immich.json + readOnly: true + mountPropagation: None + subPath: immich.json + media: + existingClaim: immich-nfs-storage + advancedMounts: + main: + main: + - path: /usr/src/app/upload + readOnly: false + cache: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 10Gi + retain: true + advancedMounts: + machine-learning: + main: + - path: /cache + readOnly: false +valkey: + architecture: standalone + auth: + enabled: false + usePasswordFiles: false + primary: + persistence: + enabled: false + replica: + persistence: + enabled: false +postgres-16-cluster: + # Tensorchord + #--- https://github.com/immich-app/immich/discussions/9060 + #--- https://docs.pgvecto.rs/admin/kubernetes.html + #--- https://github.com/tensorchord/cloudnative-pgvecto.rs + type: tensorchord + mode: recovery + cluster: + image: + repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs + tag: 16.3-v0.2.1 + walStorage: + storageClass: local-path + storage: + storageClass: local-path + resources: + requests: + memory: 384Mi + cpu: 200m + monitoring: + enabled: true + postgresql: + parameters: + shared_buffers: 256MB + recovery: + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-16-cluster + endpointCredentials: immich-postgresql-16-cluster-backup-secret + backup: + enabled: false + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-16-cluster + endpointCredentials: immich-postgresql-16-cluster-backup-secret + backupIndex: 2