diff --git a/kubernetes/apps/default/authelia/ks.yaml b/kubernetes/apps/default/authelia/ks.yaml index 2e24fbab5..18103f194 100644 --- a/kubernetes/apps/default/authelia/ks.yaml +++ b/kubernetes/apps/default/authelia/ks.yaml @@ -11,7 +11,7 @@ spec: dependsOn: - name: cluster-apps-cloudnative-pg-app - name: cluster-apps-glauth - - name: cluster-apps-redis-app + - name: cluster-apps-redis - name: cluster-apps-smtp-relay path: ./kubernetes/apps/default/authelia/app prune: true diff --git a/kubernetes/apps/default/immich/app/configmap.yaml b/kubernetes/apps/default/immich/app/configmap.yaml index 3ebd02909..a64fbdbb2 100644 --- a/kubernetes/apps/default/immich/app/configmap.yaml +++ b/kubernetes/apps/default/immich/app/configmap.yaml @@ -10,9 +10,9 @@ data: ENABLE_MAPBOX: "false" LOG_LEVEL: verbose NODE_ENV: "production" + REDIS_HOSTNAME: redis-lb.default.svc.cluster.local REDIS_PORT: "6379" - REDIS_DBINDEX: "0" - UPLOAD_LOCATION: /usr/src/app/upload + REDIS_DBINDEX: "10" IMMICH_WEB_URL: http://immich-web.default.svc.cluster.local:3000 IMMICH_SERVER_URL: http://immich-server.default.svc.cluster.local:3001 IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.default.svc.cluster.local:3003 diff --git a/kubernetes/apps/default/immich/app/kustomization.yaml b/kubernetes/apps/default/immich/app/kustomization.yaml index ea845c6a3..9f642e57f 100644 --- a/kubernetes/apps/default/immich/app/kustomization.yaml +++ b/kubernetes/apps/default/immich/app/kustomization.yaml @@ -7,8 +7,6 @@ resources: - ./configmap.yaml - ./microservices - ./machine-learning - - ./proxy - - ./redis - ./secret.sops.yaml - ./server - ./volume.yaml diff --git a/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml b/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml index cdba62d13..3cabf5c97 100644 --- a/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: immich-machine-learning + name: &app immich-machine-learning namespace: default spec: interval: 15m @@ -30,11 +30,13 @@ spec: - name: immich-server values: controller: + replicas: 3 + strategy: RollingUpdate annotations: reloader.stakater.com/auto: "true" image: repository: ghcr.io/immich-app/immich-machine-learning - tag: v1.41.1_64-dev + tag: v1.42.0_65-dev command: /bin/sh args: - ./entrypoint.sh @@ -53,9 +55,16 @@ spec: enabled: true existingClaim: immich-nfs mountPath: /usr/src/app/upload + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app resources: requests: cpu: 100m memory: 250Mi limits: - memory: 2000Mi + memory: 1000Mi diff --git a/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml b/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml index 53d8e1831..b624d224c 100644 --- a/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: immich-microservices + name: &app immich-microservices namespace: default spec: interval: 15m @@ -26,15 +26,15 @@ spec: retries: 3 uninstall: keepHistory: false - dependsOn: - - name: immich-server values: controller: + replicas: 3 + strategy: RollingUpdate annotations: reloader.stakater.com/auto: "true" image: repository: ghcr.io/immich-app/immich-server - tag: v1.41.1_64-dev + tag: v1.42.0_65-dev command: /bin/sh args: - ./start-microservices.sh @@ -51,9 +51,16 @@ spec: enabled: true existingClaim: immich-nfs mountPath: /usr/src/app/upload + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app resources: requests: - cpu: 100m - memory: 250Mi + cpu: 10m + memory: 100Mi limits: - memory: 2000Mi + memory: 500Mi diff --git a/kubernetes/apps/default/immich/app/proxy/helmrelease.yaml b/kubernetes/apps/default/immich/app/proxy/helmrelease.yaml deleted file mode 100644 index 05dac8359..000000000 --- a/kubernetes/apps/default/immich/app/proxy/helmrelease.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: immich-proxy - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - dependsOn: - - name: immich-server - values: - controller: - annotations: - reloader.stakater.com/auto: "true" - image: - repository: ghcr.io/immich-app/immich-proxy - tag: v1.41.1_64-dev - envFrom: - - secretRef: - name: immich-secret - - configMapRef: - name: immich-configmap - service: - main: - ports: - http: - port: 8080 - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "0" - hajimari.io/appName: "Immich" - hajimari.io/icon: heroicons:photo - hosts: - - host: &host photos.${SECRET_CLUSTER_DOMAIN} - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - resources: - requests: - cpu: 100m - memory: 250Mi - limits: - memory: 2000Mi diff --git a/kubernetes/apps/default/immich/app/proxy/kustomization.yaml b/kubernetes/apps/default/immich/app/proxy/kustomization.yaml deleted file mode 100644 index 17cbc72b2..000000000 --- a/kubernetes/apps/default/immich/app/proxy/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/kubernetes/apps/default/immich/app/redis/helmrelease.yaml b/kubernetes/apps/default/immich/app/redis/helmrelease.yaml deleted file mode 100644 index 9ef808767..000000000 --- a/kubernetes/apps/default/immich/app/redis/helmrelease.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: immich-redis - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - annotations: - reloader.stakater.com/auto: "true" - image: - repository: public.ecr.aws/docker/library/redis - tag: 7.0.7 - env: - REDIS_REPLICATION_MODE: master - envFrom: - - secretRef: - name: immich-secret - command: ["redis-server", "--requirepass", "$(REDIS_PASSWORD)"] - service: - main: - ports: - http: - port: 6379 - resources: - requests: - cpu: 10m - memory: 10Mi - limits: - memory: 100Mi diff --git a/kubernetes/apps/default/immich/app/redis/kustomization.yaml b/kubernetes/apps/default/immich/app/redis/kustomization.yaml deleted file mode 100644 index 17cbc72b2..000000000 --- a/kubernetes/apps/default/immich/app/redis/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/kubernetes/apps/default/immich/app/secret.sops.yaml b/kubernetes/apps/default/immich/app/secret.sops.yaml index d8b36e37d..7c236f567 100644 --- a/kubernetes/apps/default/immich/app/secret.sops.yaml +++ b/kubernetes/apps/default/immich/app/secret.sops.yaml @@ -12,8 +12,6 @@ stringData: DB_PASSWORD: ENC[AES256_GCM,data:xGc/+0jUa2FcMKSFyjaxYia1ZnU=,iv:A0i5vPLMXLmqNicsQI6vrlOnR8lEJXOMomABnGMOLAQ=,tag:RXPncaj3YxgdK4UpOp2oCw==,type:str] DB_USERNAME: ENC[AES256_GCM,data:usQAPAXx,iv:/dG1qJr2i1uwarjTn9RcxPt12DbY/gAO+rUdSDqeWNA=,tag:JM3zv0xI+rlX+1ju7kyVxw==,type:str] JWT_SECRET: ENC[AES256_GCM,data:177xddBgbYp4B1xLlfHsGqm1SdW6W7S7Z53ExG3dYw==,iv:LAX2iW9hj/fX7n1g6yWAZOtZNH3xXMSXn9nFoffCkvU=,tag:76Kxh3v7pqazzDJDuVcpNQ==,type:str] - REDIS_HOSTNAME: ENC[AES256_GCM,data:MjZKUZTEBTLkPh3f4DoK2cbvg7dVhWse5EE4C8ptvGlvC/XP49Y=,iv:9QHpHezHlccOFOIUXiZd2iqJZO6Z7lHoDdlRtyW2f68=,tag:vGdhYsqS3aBLVVc7m7x8wA==,type:str] - REDIS_PASSWORD: ENC[AES256_GCM,data:KSzXwFU1lnpaRKusVjnUhuHTy68=,iv:qe4nhzMOXrSKxjI32tL8fcEqDU7pmzOaryJI4O2U1nc=,tag:2WXAsx/9u8ty8bl47txorA==,type:str] #ENC[AES256_GCM,data:1+sGdHMiMe3clIg6KVo=,iv:II/LS19frtCXo/niP5/HPaVF6IcYr/FBqddAlKFytA0=,tag:IubpMI5HxdnxZB8mSezASA==,type:comment] POSTGRES_DB: ENC[AES256_GCM,data:NMVSQmNi,iv:/5aMX5er4zqsOVidsnaArmBwRreVPLBE9hn5jNSDkso=,tag:vGJDIQgfCOqUOtYFtlL51w==,type:str] POSTGRES_HOST: ENC[AES256_GCM,data:TpU9sKI32nQJ3pFnas9FjLXNlnAzX73heXQ7EwYVuur5AKQwdw==,iv:/SdWujct0FaDNMpUwk9ImuKDwDKL2oun8I6kPfU+P6s=,tag:LUqHoWf8wMkBM4sKri+5Ew==,type:str] @@ -35,8 +33,8 @@ sops: MGN2VjZaRzhTM3JxeWlVelhvQUhlcTgKIQnk7XcpuK9ZWinZf9s/rYFAeFbF2yXX +afSzOZKXq6ENcnTY/Or0A76wXVpYAJ3yaNsfFhXY0QQw/wwE14cMA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-04T21:16:40Z" - mac: ENC[AES256_GCM,data:mWyyhgs0zkHxwQzdGPQf+9uJB3H3GRDS0PcRfBt5J/cMQ3/UEHWBi07boxJoFZOyljW9wxFu4z0rt7Eo9FFJPRq0hddNbgRoEU17xoEn4BkzbKcvMmSsJLw0dLVHXvzm69sxAPwfWEB8+44Oan9xA78MUtNlHbZf/CpOW+WZ/ik=,iv:68cPaccLy2CqYxWvJ4EM+DT9VJMY2QH9NawyjveYiZg=,tag:Rjchcl/LqaDKAbEMPoVggQ==,type:str] + lastmodified: "2023-01-20T22:21:49Z" + mac: ENC[AES256_GCM,data:4zfSBXGF24tFS1ZCnIXIbINKTjhIpX3apg/XlYAS2rfWbJY32eT3d7v+qjwzVzDB/YOMcTHDE1QjRheJKSB5HyM6i4abJrnxlza7asdcpFdFmPpn28nOwl6O6iRunKFp/Z/ha9WQIZMlW/X6ePNVT1N9ctgKxW5pQrI6c4Xzq2Y=,iv:NO8wfTB754LnKKy0YTpkWQVLrHzyZpuvQaqZSeaQSPg=,tag:tdPPzJ4cOSBB9CeK97IZdg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/kubernetes/apps/default/immich/app/server/helmrelease.yaml b/kubernetes/apps/default/immich/app/server/helmrelease.yaml index ec840988f..4541e71ba 100644 --- a/kubernetes/apps/default/immich/app/server/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/server/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: immich-server + name: &app immich-server namespace: default spec: interval: 15m @@ -26,8 +26,6 @@ spec: retries: 3 uninstall: keepHistory: false - dependsOn: - - name: immich-redis values: initContainers: init-db: @@ -36,11 +34,13 @@ spec: - secretRef: name: immich-secret controller: + replicas: 3 + strategy: RollingUpdate annotations: reloader.stakater.com/auto: "true" image: repository: ghcr.io/immich-app/immich-server - tag: v1.41.1_64-dev + tag: v1.42.0_65-dev command: /bin/sh args: - ./start-server.sh @@ -59,9 +59,16 @@ spec: enabled: true existingClaim: immich-nfs mountPath: /usr/src/app/upload + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app resources: requests: - cpu: 100m - memory: 250Mi + cpu: 10m + memory: 100Mi limits: - memory: 2000Mi + memory: 500Mi diff --git a/kubernetes/apps/default/immich/app/volume.yaml b/kubernetes/apps/default/immich/app/volume.yaml index cd6a58ece..dd3abbcea 100644 --- a/kubernetes/apps/default/immich/app/volume.yaml +++ b/kubernetes/apps/default/immich/app/volume.yaml @@ -13,11 +13,6 @@ spec: nfs: server: ${LOCAL_LAN_TRUENAS} path: /mnt/storage/apps/immich - mountOptions: - - nfsvers=4.2 - - nconnect=8 - - hard - - noatime --- apiVersion: v1 kind: PersistentVolumeClaim diff --git a/kubernetes/apps/default/immich/app/web/helmrelease.yaml b/kubernetes/apps/default/immich/app/web/helmrelease.yaml index 9489b7fbb..5b4fcc682 100644 --- a/kubernetes/apps/default/immich/app/web/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/web/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: immich-web + name: &app immich-web namespace: default spec: interval: 15m @@ -30,11 +30,13 @@ spec: - name: immich-server values: controller: + replicas: 3 + strategy: RollingUpdate annotations: reloader.stakater.com/auto: "true" image: repository: ghcr.io/immich-app/immich-web - tag: v1.41.1_64-dev + tag: v1.42.0_65-dev command: /bin/sh args: - ./entrypoint.sh @@ -48,14 +50,46 @@ spec: ports: http: port: 3000 + ingress: + main: + enabled: true + ingressClassName: nginx + annotations: + external-dns.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite /api/(.*) /$1 break; + nignx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + hajimari.io/appName: Immich + hajimari.io/icon: heroicons:photo + hosts: + - host: &host photos.${SECRET_CLUSTER_DOMAIN} + paths: + - path: / + pathType: Prefix + - path: /api + pathType: Prefix + service: + name: immich-server + port: 3001 + tls: + - hosts: + - *host persistence: library: enabled: true existingClaim: immich-nfs mountPath: /usr/src/app/upload + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app resources: requests: - cpu: 100m - memory: 250Mi + cpu: 10m + memory: 100Mi limits: - memory: 2000Mi + memory: 500Mi diff --git a/kubernetes/apps/default/immich/ks.yaml b/kubernetes/apps/default/immich/ks.yaml index b0c482f9e..9647915a0 100644 --- a/kubernetes/apps/default/immich/ks.yaml +++ b/kubernetes/apps/default/immich/ks.yaml @@ -10,7 +10,7 @@ metadata: spec: dependsOn: - name: cluster-apps-cloudnative-pg-app - - name: cluster-apps-volsync-app + - name: cluster-apps-redis-lb path: ./kubernetes/apps/default/immich/app prune: true sourceRef: @@ -21,14 +21,6 @@ spec: kind: HelmRelease name: immich-microservices namespace: default - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: immich-proxy - namespace: default - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: immich-redis - namespace: default - apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease name: immich-server diff --git a/kubernetes/apps/default/redis/ks.yaml b/kubernetes/apps/default/redis/ks.yaml index 305d24bfa..7728c15cd 100644 --- a/kubernetes/apps/default/redis/ks.yaml +++ b/kubernetes/apps/default/redis/ks.yaml @@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: - name: cluster-apps-redis-app + name: cluster-apps-redis namespace: flux-system labels: substitution.flux.home.arpa/enabled: "true" @@ -23,3 +23,28 @@ spec: interval: 30m retryInterval: 1m timeout: 3m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: cluster-apps-redis-lb + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + dependsOn: + - name: cluster-apps-redis + path: ./kubernetes/apps/default/redis/lb + prune: true + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: redis-lb + namespace: default + interval: 30m + retryInterval: 1m + timeout: 3m diff --git a/kubernetes/apps/default/redis/lb/config/haproxy.cfg b/kubernetes/apps/default/redis/lb/config/haproxy.cfg new file mode 100644 index 000000000..8ada4a51f --- /dev/null +++ b/kubernetes/apps/default/redis/lb/config/haproxy.cfg @@ -0,0 +1,88 @@ +global + daemon + maxconn 256 + +defaults + mode tcp + timeout connect 4s + timeout client 30s + timeout server 30s + retry-on all-retryable-errors + +resolvers cluster_ns + parse-resolv-conf + + hold valid 10s + hold other 30s + hold refused 30s + hold nx 30s + hold timeout 30s + hold obsolete 30s + + resolve_retries 3 + timeout retry 1s + timeout resolve 1s + +frontend http + bind :8080 + http-request use-service prometheus-exporter if { path /metrics } + default_backend stats + +backend stats + mode http + stats enable + stats uri / + stats refresh 5s + stats show-legends + stats admin if TRUE + +resolvers k8s + parse-resolv-conf + hold other 10s + hold refused 10s + hold nx 10s + hold timeout 10s + hold valid 10s + hold obsolete 10s + +frontend redis-read + bind *:6380 + default_backend redis-online + +frontend redis-write + bind *:6379 + default_backend redis-primary + +frontend redis-sentinel + bind *:26379 + default_backend redis-sentinel + +backend redis-primary + balance first + option tcp-check + tcp-check connect port 6379 + tcp-check send info\ replication\r\n + tcp-check expect string role:master + server redis-0 redis-node-0.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns + server redis-1 redis-node-1.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns + server redis-2 redis-node-2.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns + +backend redis-online + balance roundrobin + option tcp-check + tcp-check connect port 6379 + tcp-check send PING\r\n + tcp-check expect string +PONG + server redis-0 redis-node-0.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns + server redis-1 redis-node-1.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns + server redis-2 redis-node-2.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns + +backend redis-sentinel + balance roundrobin + option tcp-check + tcp-check connect port 26379 + tcp-check send PING\r\n + tcp-check expect string +PONG + server redis-0 redis-node-0.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns + server redis-1 redis-node-1.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns + server redis-2 redis-node-2.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns diff --git a/kubernetes/apps/default/redis/lb/helmrelease.yaml b/kubernetes/apps/default/redis/lb/helmrelease.yaml new file mode 100644 index 000000000..904881d70 --- /dev/null +++ b/kubernetes/apps/default/redis/lb/helmrelease.yaml @@ -0,0 +1,86 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: redis-lb + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 3 + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controller: + replicas: 3 + strategy: RollingUpdate + image: + repository: public.ecr.aws/docker/library/haproxy + tag: 2.7.1-alpine + service: + main: + type: LoadBalancer + loadBalacerIP: "${CLUSTER_LB_REDIS}" + externalTrafficPolicy: Local + ports: + http: + port: 8080 + targetPort: 8080 + redis-write: + port: 6379 + targetPort: 6379 + redis-read: + port: 6380 + targetPort: 6380 + redis-sentinel: + port: 26379 + targetPort: 26379 + serviceMonitor: + main: + enabled: true + endpoints: + - port: http + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + ingress: + main: + enabled: true + ingressClassName: nginx + annotations: + hajimari.io/icon: simple-icons:redis + hosts: + - host: redis-lb.${SECRET_CLUSTER_DOMAIN} + paths: + - path: / + pathType: Prefix + podSecurityContext: + runAsUser: 99 + runAsGroup: 99 + fsGroup: 99 + fsGroupChangePolicy: "OnRootMismatch" + persistence: + config: + enabled: true + type: configMap + name: redis-lb-configmap # overriden by kustomizeconfig + mountPath: /usr/local/etc/haproxy/haproxy.cfg + subPath: haproxy.cfg + readOnly: true diff --git a/kubernetes/apps/default/redis/lb/kustomization.yaml b/kubernetes/apps/default/redis/lb/kustomization.yaml new file mode 100644 index 000000000..11e867b66 --- /dev/null +++ b/kubernetes/apps/default/redis/lb/kustomization.yaml @@ -0,0 +1,13 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - helmrelease.yaml +configMapGenerator: + - name: redis-lb-configmap + files: + - haproxy.cfg=./config/haproxy.cfg +configurations: + - ./patches/kustomizeconfig.yaml diff --git a/kubernetes/apps/default/redis/lb/patches/kustomizeconfig.yaml b/kubernetes/apps/default/redis/lb/patches/kustomizeconfig.yaml new file mode 100644 index 000000000..1779c2837 --- /dev/null +++ b/kubernetes/apps/default/redis/lb/patches/kustomizeconfig.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/values/persistence/config/name + kind: HelmRelease diff --git a/kubernetes/flux/vars/cluster-settings.yaml b/kubernetes/flux/vars/cluster-settings.yaml index 3b27c1e4b..2e0918f9e 100644 --- a/kubernetes/flux/vars/cluster-settings.yaml +++ b/kubernetes/flux/vars/cluster-settings.yaml @@ -20,6 +20,7 @@ data: CLUSTER_LB_JELLYFIN: 192.168.169.110 CLUSTER_LB_RESILIOSYNC_HELENE: 192.168.169.111 CLUSTER_LB_MAILRISE: 192.168.169.112 + CLUSTER_LB_REDIS: 192.168.169.113 LOCAL_LAN: 192.168.8.0/22 LOCAL_LAN_OPNSENSE: 192.168.8.1 LOCAL_LAN_TRUENAS: 192.168.9.10