⚡️ immich v1.1 / redis-lb

2025-09-17 18:24:14 +02:00 · 2023-01-20 23:02:19 +01:00
parent 2329193d1e
commit 3af0e2f965
20 changed files with 306 additions and 179 deletions
--- a/kubernetes/apps/default/immich/app/configmap.yaml
+++ b/kubernetes/apps/default/immich/app/configmap.yaml
@@ -10,9 +10,9 @@ data:
  ENABLE_MAPBOX: "false"
  LOG_LEVEL: verbose
  NODE_ENV: "production"
+  REDIS_HOSTNAME: redis-lb.default.svc.cluster.local
  REDIS_PORT: "6379"
-  REDIS_DBINDEX: "0"
-  UPLOAD_LOCATION: /usr/src/app/upload
+  REDIS_DBINDEX: "10"
  IMMICH_WEB_URL: http://immich-web.default.svc.cluster.local:3000
  IMMICH_SERVER_URL: http://immich-server.default.svc.cluster.local:3001
  IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.default.svc.cluster.local:3003
--- a/kubernetes/apps/default/immich/app/kustomization.yaml
+++ b/kubernetes/apps/default/immich/app/kustomization.yaml
@@ -7,8 +7,6 @@ resources:
  - ./configmap.yaml
  - ./microservices
  - ./machine-learning
-  - ./proxy
-  - ./redis
  - ./secret.sops.yaml
  - ./server
  - ./volume.yaml
--- a/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml
@@ -3,7 +3,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
-  name: immich-machine-learning
+  name: &app immich-machine-learning
  namespace: default
 spec:
  interval: 15m
@@ -30,11 +30,13 @@ spec:
    - name: immich-server
  values:
    controller:
+      replicas: 3
+      strategy: RollingUpdate
      annotations:
        reloader.stakater.com/auto: "true"
    image:
      repository: ghcr.io/immich-app/immich-machine-learning
-      tag: v1.41.1_64-dev
+      tag: v1.42.0_65-dev
    command: /bin/sh
    args:
      - ./entrypoint.sh
@@ -53,9 +55,16 @@ spec:
        enabled: true
        existingClaim: immich-nfs
        mountPath: /usr/src/app/upload
+    topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: DoNotSchedule
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/name: *app
    resources:
      requests:
        cpu: 100m
        memory: 250Mi
      limits:
-        memory: 2000Mi
+        memory: 1000Mi
--- a/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml
@@ -3,7 +3,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
-  name: immich-microservices
+  name: &app immich-microservices
  namespace: default
 spec:
  interval: 15m
@@ -26,15 +26,15 @@ spec:
      retries: 3
  uninstall:
    keepHistory: false
-  dependsOn:
-    - name: immich-server
  values:
    controller:
+      replicas: 3
+      strategy: RollingUpdate
      annotations:
        reloader.stakater.com/auto: "true"
    image:
      repository: ghcr.io/immich-app/immich-server
-      tag: v1.41.1_64-dev
+      tag: v1.42.0_65-dev
    command: /bin/sh
    args:
      - ./start-microservices.sh
@@ -51,9 +51,16 @@ spec:
        enabled: true
        existingClaim: immich-nfs
        mountPath: /usr/src/app/upload
+    topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: DoNotSchedule
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/name: *app
    resources:
      requests:
-        cpu: 100m
-        memory: 250Mi
+        cpu: 10m
+        memory: 100Mi
      limits:
-        memory: 2000Mi
+        memory: 500Mi
--- a/kubernetes/apps/default/immich/app/proxy/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/proxy/helmrelease.yaml
@@ -1,69 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: immich-proxy
-  namespace: default
-spec:
-  interval: 15m
-  chart:
-    spec:
-      chart: app-template
-      version: 1.2.1
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  maxHistory: 3
-  install:
-    createNamespace: true
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  uninstall:
-    keepHistory: false
-  dependsOn:
-    - name: immich-server
-  values:
-    controller:
-      annotations:
-        reloader.stakater.com/auto: "true"
-    image:
-      repository: ghcr.io/immich-app/immich-proxy
-      tag: v1.41.1_64-dev
-    envFrom:
-      - secretRef:
-          name: immich-secret
-      - configMapRef:
-          name: immich-configmap
-    service:
-      main:
-        ports:
-          http:
-            port: 8080
-    ingress:
-      main:
-        enabled: true
-        ingressClassName: nginx
-        annotations:
-          nginx.ingress.kubernetes.io/proxy-body-size: "0"
-          hajimari.io/appName: "Immich"
-          hajimari.io/icon: heroicons:photo
-        hosts:
-          - host: &host photos.${SECRET_CLUSTER_DOMAIN}
-            paths:
-              - path: /
-                pathType: Prefix
-        tls:
-          - hosts:
-              - *host
-    resources:
-      requests:
-        cpu: 100m
-        memory: 250Mi
-      limits:
-        memory: 2000Mi
--- a/kubernetes/apps/default/immich/app/proxy/kustomization.yaml
+++ b/kubernetes/apps/default/immich/app/proxy/kustomization.yaml
@@ -1,6 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
--- a/kubernetes/apps/default/immich/app/redis/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/redis/helmrelease.yaml
@@ -1,52 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: immich-redis
-  namespace: default
-spec:
-  interval: 15m
-  chart:
-    spec:
-      chart: app-template
-      version: 1.2.1
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  maxHistory: 3
-  install:
-    createNamespace: true
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  uninstall:
-    keepHistory: false
-  values:
-    controller:
-      annotations:
-        reloader.stakater.com/auto: "true"
-    image:
-      repository: public.ecr.aws/docker/library/redis
-      tag: 7.0.7
-    env:
-      REDIS_REPLICATION_MODE: master
-    envFrom:
-      - secretRef:
-          name: immich-secret
-    command: ["redis-server", "--requirepass", "$(REDIS_PASSWORD)"]
-    service:
-      main:
-        ports:
-          http:
-            port: 6379
-    resources:
-      requests:
-        cpu: 10m
-        memory: 10Mi
-      limits:
-        memory: 100Mi
--- a/kubernetes/apps/default/immich/app/redis/kustomization.yaml
+++ b/kubernetes/apps/default/immich/app/redis/kustomization.yaml
@@ -1,6 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
--- a/kubernetes/apps/default/immich/app/secret.sops.yaml
+++ b/kubernetes/apps/default/immich/app/secret.sops.yaml
@@ -12,8 +12,6 @@ stringData:
    DB_PASSWORD: ENC[AES256_GCM,data:xGc/+0jUa2FcMKSFyjaxYia1ZnU=,iv:A0i5vPLMXLmqNicsQI6vrlOnR8lEJXOMomABnGMOLAQ=,tag:RXPncaj3YxgdK4UpOp2oCw==,type:str]
    DB_USERNAME: ENC[AES256_GCM,data:usQAPAXx,iv:/dG1qJr2i1uwarjTn9RcxPt12DbY/gAO+rUdSDqeWNA=,tag:JM3zv0xI+rlX+1ju7kyVxw==,type:str]
    JWT_SECRET: ENC[AES256_GCM,data:177xddBgbYp4B1xLlfHsGqm1SdW6W7S7Z53ExG3dYw==,iv:LAX2iW9hj/fX7n1g6yWAZOtZNH3xXMSXn9nFoffCkvU=,tag:76Kxh3v7pqazzDJDuVcpNQ==,type:str]
-    REDIS_HOSTNAME: ENC[AES256_GCM,data:MjZKUZTEBTLkPh3f4DoK2cbvg7dVhWse5EE4C8ptvGlvC/XP49Y=,iv:9QHpHezHlccOFOIUXiZd2iqJZO6Z7lHoDdlRtyW2f68=,tag:vGdhYsqS3aBLVVc7m7x8wA==,type:str]
-    REDIS_PASSWORD: ENC[AES256_GCM,data:KSzXwFU1lnpaRKusVjnUhuHTy68=,iv:qe4nhzMOXrSKxjI32tL8fcEqDU7pmzOaryJI4O2U1nc=,tag:2WXAsx/9u8ty8bl47txorA==,type:str]
    #ENC[AES256_GCM,data:1+sGdHMiMe3clIg6KVo=,iv:II/LS19frtCXo/niP5/HPaVF6IcYr/FBqddAlKFytA0=,tag:IubpMI5HxdnxZB8mSezASA==,type:comment]
    POSTGRES_DB: ENC[AES256_GCM,data:NMVSQmNi,iv:/5aMX5er4zqsOVidsnaArmBwRreVPLBE9hn5jNSDkso=,tag:vGJDIQgfCOqUOtYFtlL51w==,type:str]
    POSTGRES_HOST: ENC[AES256_GCM,data:TpU9sKI32nQJ3pFnas9FjLXNlnAzX73heXQ7EwYVuur5AKQwdw==,iv:/SdWujct0FaDNMpUwk9ImuKDwDKL2oun8I6kPfU+P6s=,tag:LUqHoWf8wMkBM4sKri+5Ew==,type:str]
@@ -35,8 +33,8 @@ sops:
            MGN2VjZaRzhTM3JxeWlVelhvQUhlcTgKIQnk7XcpuK9ZWinZf9s/rYFAeFbF2yXX
            +afSzOZKXq6ENcnTY/Or0A76wXVpYAJ3yaNsfFhXY0QQw/wwE14cMA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-01-04T21:16:40Z"
-    mac: ENC[AES256_GCM,data:mWyyhgs0zkHxwQzdGPQf+9uJB3H3GRDS0PcRfBt5J/cMQ3/UEHWBi07boxJoFZOyljW9wxFu4z0rt7Eo9FFJPRq0hddNbgRoEU17xoEn4BkzbKcvMmSsJLw0dLVHXvzm69sxAPwfWEB8+44Oan9xA78MUtNlHbZf/CpOW+WZ/ik=,iv:68cPaccLy2CqYxWvJ4EM+DT9VJMY2QH9NawyjveYiZg=,tag:Rjchcl/LqaDKAbEMPoVggQ==,type:str]
+    lastmodified: "2023-01-20T22:21:49Z"
+    mac: ENC[AES256_GCM,data:4zfSBXGF24tFS1ZCnIXIbINKTjhIpX3apg/XlYAS2rfWbJY32eT3d7v+qjwzVzDB/YOMcTHDE1QjRheJKSB5HyM6i4abJrnxlza7asdcpFdFmPpn28nOwl6O6iRunKFp/Z/ha9WQIZMlW/X6ePNVT1N9ctgKxW5pQrI6c4Xzq2Y=,iv:NO8wfTB754LnKKy0YTpkWQVLrHzyZpuvQaqZSeaQSPg=,tag:tdPPzJ4cOSBB9CeK97IZdg==,type:str]
    pgp: []
    encrypted_regex: ^(data|stringData)$
    version: 3.7.3
--- a/kubernetes/apps/default/immich/app/server/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/server/helmrelease.yaml
@@ -3,7 +3,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
-  name: immich-server
+  name: &app immich-server
  namespace: default
 spec:
  interval: 15m
@@ -26,8 +26,6 @@ spec:
      retries: 3
  uninstall:
    keepHistory: false
-  dependsOn:
-    - name: immich-redis
  values:
    initContainers:
      init-db:
@@ -36,11 +34,13 @@ spec:
          - secretRef:
              name: immich-secret
    controller:
+      replicas: 3
+      strategy: RollingUpdate
      annotations:
        reloader.stakater.com/auto: "true"
    image:
      repository: ghcr.io/immich-app/immich-server
-      tag: v1.41.1_64-dev
+      tag: v1.42.0_65-dev
    command: /bin/sh
    args:
      - ./start-server.sh
@@ -59,9 +59,16 @@ spec:
        enabled: true
        existingClaim: immich-nfs
        mountPath: /usr/src/app/upload
+    topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: DoNotSchedule
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/name: *app
    resources:
      requests:
-        cpu: 100m
-        memory: 250Mi
+        cpu: 10m
+        memory: 100Mi
      limits:
-        memory: 2000Mi
+        memory: 500Mi
--- a/kubernetes/apps/default/immich/app/volume.yaml
+++ b/kubernetes/apps/default/immich/app/volume.yaml
@@ -13,11 +13,6 @@ spec:
  nfs:
    server: ${LOCAL_LAN_TRUENAS}
    path: /mnt/storage/apps/immich
-  mountOptions:
-    - nfsvers=4.2
-    - nconnect=8
-    - hard
-    - noatime
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
--- a/kubernetes/apps/default/immich/app/web/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/web/helmrelease.yaml
@@ -3,7 +3,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
-  name: immich-web
+  name: &app immich-web
  namespace: default
 spec:
  interval: 15m
@@ -30,11 +30,13 @@ spec:
    - name: immich-server
  values:
    controller:
+      replicas: 3
+      strategy: RollingUpdate
      annotations:
        reloader.stakater.com/auto: "true"
    image:
      repository: ghcr.io/immich-app/immich-web
-      tag: v1.41.1_64-dev
+      tag: v1.42.0_65-dev
    command: /bin/sh
    args:
      - ./entrypoint.sh
@@ -48,14 +50,46 @@ spec:
        ports:
          http:
            port: 3000
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: nginx
+        annotations:
+          external-dns.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/configuration-snippet: |
+            rewrite /api/(.*) /$1 break;
+          nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
+          nginx.ingress.kubernetes.io/proxy-body-size: "0"
+          hajimari.io/appName: Immich
+          hajimari.io/icon: heroicons:photo
+        hosts:
+          - host: &host photos.${SECRET_CLUSTER_DOMAIN}
+            paths:
+              - path: /
+                pathType: Prefix
+              - path: /api
+                pathType: Prefix
+                service:
+                  name: immich-server
+                  port: 3001
+        tls:
+          - hosts:
+              - *host
    persistence:
      library:
        enabled: true
        existingClaim: immich-nfs
        mountPath: /usr/src/app/upload
+    topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: DoNotSchedule
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/name: *app
    resources:
      requests:
-        cpu: 100m
-        memory: 250Mi
+        cpu: 10m
+        memory: 100Mi
      limits:
-        memory: 2000Mi
+        memory: 500Mi