shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

️ immich v1.1 / redis-lb

Browse Source
This commit is contained in:
auricom
2023-01-20 23:02:19 +01:00
parent 2329193d1e
commit 3af0e2f965
20 changed files with 306 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kubernetes/apps/default/authelia/ks.yaml
View File

@@ -11,7 +11,7 @@ spec:
dependsOn:
- name: cluster-apps-cloudnative-pg-app
- name: cluster-apps-glauth
- name: cluster-apps-redis-app
- name: cluster-apps-redis
- name: cluster-apps-smtp-relay
path: ./kubernetes/apps/default/authelia/app
prune: true

4
kubernetes/apps/default/immich/app/configmap.yaml
View File

@@ -10,9 +10,9 @@ data:
ENABLE_MAPBOX: "false"
LOG_LEVEL: verbose
NODE_ENV: "production"
REDIS_HOSTNAME: redis-lb.default.svc.cluster.local
REDIS_PORT: "6379"
REDIS_DBINDEX: "0"
UPLOAD_LOCATION: /usr/src/app/upload
REDIS_DBINDEX: "10"
IMMICH_WEB_URL: http://immich-web.default.svc.cluster.local:3000
IMMICH_SERVER_URL: http://immich-server.default.svc.cluster.local:3001
IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.default.svc.cluster.local:3003

2
kubernetes/apps/default/immich/app/kustomization.yaml
View File

@@ -7,8 +7,6 @@ resources:
- ./configmap.yaml
- ./microservices
- ./machine-learning
- ./proxy
- ./redis
- ./secret.sops.yaml
- ./server
- ./volume.yaml

15
kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml
View File

@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: immich-machine-learning
name: &app immich-machine-learning
namespace: default
spec:
interval: 15m
@@ -30,11 +30,13 @@ spec:
- name: immich-server
values:
controller:
replicas: 3
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
image:
repository: ghcr.io/immich-app/immich-machine-learning
tag: v1.41.1_64-dev
tag: v1.42.0_65-dev
command: /bin/sh
args:
- ./entrypoint.sh
@@ -53,9 +55,16 @@ spec:
enabled: true
existingClaim: immich-nfs
mountPath: /usr/src/app/upload
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
resources:
requests:
cpu: 100m
memory: 250Mi
limits:
memory: 2000Mi
memory: 1000Mi

21
kubernetes/apps/default/immich/app/microservices/helmrelease.yaml
View File

@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: immich-microservices
name: &app immich-microservices
namespace: default
spec:
interval: 15m
@@ -26,15 +26,15 @@ spec:
retries: 3
uninstall:
keepHistory: false
dependsOn:
- name: immich-server
values:
controller:
replicas: 3
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.41.1_64-dev
tag: v1.42.0_65-dev
command: /bin/sh
args:
- ./start-microservices.sh
@@ -51,9 +51,16 @@ spec:
enabled: true
existingClaim: immich-nfs
mountPath: /usr/src/app/upload
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
resources:
requests:
cpu: 100m
memory: 250Mi
cpu: 10m
memory: 100Mi
limits:
memory: 2000Mi
memory: 500Mi

69
kubernetes/apps/default/immich/app/proxy/helmrelease.yaml
View File

@@ -1,69 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: immich-proxy
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.2.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 3
install:
createNamespace: true
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
dependsOn:
- name: immich-server
values:
controller:
annotations:
reloader.stakater.com/auto: "true"
image:
repository: ghcr.io/immich-app/immich-proxy
tag: v1.41.1_64-dev
envFrom:
- secretRef:
name: immich-secret
- configMapRef:
name: immich-configmap
service:
main:
ports:
http:
port: 8080
ingress:
main:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hajimari.io/appName: "Immich"
hajimari.io/icon: heroicons:photo
hosts:
- host: &host photos.${SECRET_CLUSTER_DOMAIN}
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
resources:
requests:
cpu: 100m
memory: 250Mi
limits:
memory: 2000Mi

6
kubernetes/apps/default/immich/app/proxy/kustomization.yaml
View File

@@ -1,6 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml

52
kubernetes/apps/default/immich/app/redis/helmrelease.yaml
View File

@@ -1,52 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: immich-redis
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.2.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 3
install:
createNamespace: true
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
controller:
annotations:
reloader.stakater.com/auto: "true"
image:
repository: public.ecr.aws/docker/library/redis
tag: 7.0.7
env:
REDIS_REPLICATION_MODE: master
envFrom:
- secretRef:
name: immich-secret
command: ["redis-server", "--requirepass", "$(REDIS_PASSWORD)"]
service:
main:
ports:
http:
port: 6379
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
memory: 100Mi

6
kubernetes/apps/default/immich/app/redis/kustomization.yaml
View File

@@ -1,6 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml

6
kubernetes/apps/default/immich/app/secret.sops.yaml
View File

@@ -12,8 +12,6 @@ stringData:
DB_PASSWORD: ENC[AES256_GCM,data:xGc/+0jUa2FcMKSFyjaxYia1ZnU=,iv:A0i5vPLMXLmqNicsQI6vrlOnR8lEJXOMomABnGMOLAQ=,tag:RXPncaj3YxgdK4UpOp2oCw==,type:str]
DB_USERNAME: ENC[AES256_GCM,data:usQAPAXx,iv:/dG1qJr2i1uwarjTn9RcxPt12DbY/gAO+rUdSDqeWNA=,tag:JM3zv0xI+rlX+1ju7kyVxw==,type:str]
JWT_SECRET: ENC[AES256_GCM,data:177xddBgbYp4B1xLlfHsGqm1SdW6W7S7Z53ExG3dYw==,iv:LAX2iW9hj/fX7n1g6yWAZOtZNH3xXMSXn9nFoffCkvU=,tag:76Kxh3v7pqazzDJDuVcpNQ==,type:str]
REDIS_HOSTNAME: ENC[AES256_GCM,data:MjZKUZTEBTLkPh3f4DoK2cbvg7dVhWse5EE4C8ptvGlvC/XP49Y=,iv:9QHpHezHlccOFOIUXiZd2iqJZO6Z7lHoDdlRtyW2f68=,tag:vGdhYsqS3aBLVVc7m7x8wA==,type:str]
REDIS_PASSWORD: ENC[AES256_GCM,data:KSzXwFU1lnpaRKusVjnUhuHTy68=,iv:qe4nhzMOXrSKxjI32tL8fcEqDU7pmzOaryJI4O2U1nc=,tag:2WXAsx/9u8ty8bl47txorA==,type:str]
#ENC[AES256_GCM,data:1+sGdHMiMe3clIg6KVo=,iv:II/LS19frtCXo/niP5/HPaVF6IcYr/FBqddAlKFytA0=,tag:IubpMI5HxdnxZB8mSezASA==,type:comment]
POSTGRES_DB: ENC[AES256_GCM,data:NMVSQmNi,iv:/5aMX5er4zqsOVidsnaArmBwRreVPLBE9hn5jNSDkso=,tag:vGJDIQgfCOqUOtYFtlL51w==,type:str]
POSTGRES_HOST: ENC[AES256_GCM,data:TpU9sKI32nQJ3pFnas9FjLXNlnAzX73heXQ7EwYVuur5AKQwdw==,iv:/SdWujct0FaDNMpUwk9ImuKDwDKL2oun8I6kPfU+P6s=,tag:LUqHoWf8wMkBM4sKri+5Ew==,type:str]
@@ -35,8 +33,8 @@ sops:
MGN2VjZaRzhTM3JxeWlVelhvQUhlcTgKIQnk7XcpuK9ZWinZf9s/rYFAeFbF2yXX
+afSzOZKXq6ENcnTY/Or0A76wXVpYAJ3yaNsfFhXY0QQw/wwE14cMA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-04T21:16:40Z"
mac: ENC[AES256_GCM,data:mWyyhgs0zkHxwQzdGPQf+9uJB3H3GRDS0PcRfBt5J/cMQ3/UEHWBi07boxJoFZOyljW9wxFu4z0rt7Eo9FFJPRq0hddNbgRoEU17xoEn4BkzbKcvMmSsJLw0dLVHXvzm69sxAPwfWEB8+44Oan9xA78MUtNlHbZf/CpOW+WZ/ik=,iv:68cPaccLy2CqYxWvJ4EM+DT9VJMY2QH9NawyjveYiZg=,tag:Rjchcl/LqaDKAbEMPoVggQ==,type:str]
lastmodified: "2023-01-20T22:21:49Z"
mac: ENC[AES256_GCM,data:4zfSBXGF24tFS1ZCnIXIbINKTjhIpX3apg/XlYAS2rfWbJY32eT3d7v+qjwzVzDB/YOMcTHDE1QjRheJKSB5HyM6i4abJrnxlza7asdcpFdFmPpn28nOwl6O6iRunKFp/Z/ha9WQIZMlW/X6ePNVT1N9ctgKxW5pQrI6c4Xzq2Y=,iv:NO8wfTB754LnKKy0YTpkWQVLrHzyZpuvQaqZSeaQSPg=,tag:tdPPzJ4cOSBB9CeK97IZdg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

21
kubernetes/apps/default/immich/app/server/helmrelease.yaml
View File

@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: immich-server
name: &app immich-server
namespace: default
spec:
interval: 15m
@@ -26,8 +26,6 @@ spec:
retries: 3
uninstall:
keepHistory: false
dependsOn:
- name: immich-redis
values:
initContainers:
init-db:
@@ -36,11 +34,13 @@ spec:
- secretRef:
name: immich-secret
controller:
replicas: 3
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.41.1_64-dev
tag: v1.42.0_65-dev
command: /bin/sh
args:
- ./start-server.sh
@@ -59,9 +59,16 @@ spec:
enabled: true
existingClaim: immich-nfs
mountPath: /usr/src/app/upload
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
resources:
requests:
cpu: 100m
memory: 250Mi
cpu: 10m
memory: 100Mi
limits:
memory: 2000Mi
memory: 500Mi

5
kubernetes/apps/default/immich/app/volume.yaml
View File

@@ -13,11 +13,6 @@ spec:
nfs:
server: ${LOCAL_LAN_TRUENAS}
path: /mnt/storage/apps/immich
mountOptions:
- nfsvers=4.2
- nconnect=8
- hard
- noatime
---
apiVersion: v1
kind: PersistentVolumeClaim

44
kubernetes/apps/default/immich/app/web/helmrelease.yaml
View File

@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: immich-web
name: &app immich-web
namespace: default
spec:
interval: 15m
@@ -30,11 +30,13 @@ spec:
- name: immich-server
values:
controller:
replicas: 3
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
image:
repository: ghcr.io/immich-app/immich-web
tag: v1.41.1_64-dev
tag: v1.42.0_65-dev
command: /bin/sh
args:
- ./entrypoint.sh
@@ -48,14 +50,46 @@ spec:
ports:
http:
port: 3000
ingress:
main:
enabled: true
ingressClassName: nginx
annotations:
external-dns.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite /api/(.*) /$1 break;
nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hajimari.io/appName: Immich
hajimari.io/icon: heroicons:photo
hosts:
- host: &host photos.${SECRET_CLUSTER_DOMAIN}
paths:
- path: /
pathType: Prefix
- path: /api
pathType: Prefix
service:
name: immich-server
port: 3001
tls:
- hosts:
- *host
persistence:
library:
enabled: true
existingClaim: immich-nfs
mountPath: /usr/src/app/upload
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
resources:
requests:
cpu: 100m
memory: 250Mi
cpu: 10m
memory: 100Mi
limits:
memory: 2000Mi
memory: 500Mi

10
kubernetes/apps/default/immich/ks.yaml
View File

@@ -10,7 +10,7 @@ metadata:
spec:
dependsOn:
- name: cluster-apps-cloudnative-pg-app
- name: cluster-apps-volsync-app
- name: cluster-apps-redis-lb
path: ./kubernetes/apps/default/immich/app
prune: true
sourceRef:
@@ -21,14 +21,6 @@ spec:
kind: HelmRelease
name: immich-microservices
namespace: default
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: immich-proxy
namespace: default
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: immich-redis
namespace: default
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: immich-server

27
kubernetes/apps/default/redis/ks.yaml
View File

@@ -3,7 +3,7 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: cluster-apps-redis-app
name: cluster-apps-redis
namespace: flux-system
labels:
substitution.flux.home.arpa/enabled: "true"
@@ -23,3 +23,28 @@ spec:
interval: 30m
retryInterval: 1m
timeout: 3m
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: cluster-apps-redis-lb
namespace: flux-system
labels:
substitution.flux.home.arpa/enabled: "true"
spec:
dependsOn:
- name: cluster-apps-redis
path: ./kubernetes/apps/default/redis/lb
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: redis-lb
namespace: default
interval: 30m
retryInterval: 1m
timeout: 3m

88
kubernetes/apps/default/redis/lb/config/haproxy.cfg Normal file
View File

@@ -0,0 +1,88 @@
global
daemon
maxconn 256
defaults
mode tcp
timeout connect 4s
timeout client 30s
timeout server 30s
retry-on all-retryable-errors
resolvers cluster_ns
parse-resolv-conf
hold valid 10s
hold other 30s
hold refused 30s
hold nx 30s
hold timeout 30s
hold obsolete 30s
resolve_retries 3
timeout retry 1s
timeout resolve 1s
frontend http
bind :8080
http-request use-service prometheus-exporter if { path /metrics }
default_backend stats
backend stats
mode http
stats enable
stats uri /
stats refresh 5s
stats show-legends
stats admin if TRUE
resolvers k8s
parse-resolv-conf
hold other 10s
hold refused 10s
hold nx 10s
hold timeout 10s
hold valid 10s
hold obsolete 10s
frontend redis-read
bind *:6380
default_backend redis-online
frontend redis-write
bind *:6379
default_backend redis-primary
frontend redis-sentinel
bind *:26379
default_backend redis-sentinel
backend redis-primary
balance first
option tcp-check
tcp-check connect port 6379
tcp-check send info\ replication\r\n
tcp-check expect string role:master
server redis-0 redis-node-0.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns
server redis-1 redis-node-1.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns
server redis-2 redis-node-2.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns
backend redis-online
balance roundrobin
option tcp-check
tcp-check connect port 6379
tcp-check send PING\r\n
tcp-check expect string +PONG
server redis-0 redis-node-0.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns
server redis-1 redis-node-1.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns
server redis-2 redis-node-2.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns
backend redis-sentinel
balance roundrobin
option tcp-check
tcp-check connect port 26379
tcp-check send PING\r\n
tcp-check expect string +PONG
server redis-0 redis-node-0.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns
server redis-1 redis-node-1.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns
server redis-2 redis-node-2.redis-headless.default.svc.cluster.local check inter 5s resolvers cluster_ns

86
kubernetes/apps/default/redis/lb/helmrelease.yaml Normal file
View File

@@ -0,0 +1,86 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: redis-lb
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.2.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 3
install:
createNamespace: true
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
controller:
replicas: 3
strategy: RollingUpdate
image:
repository: public.ecr.aws/docker/library/haproxy
tag: 2.7.1-alpine
service:
main:
type: LoadBalancer
loadBalacerIP: "${CLUSTER_LB_REDIS}"
externalTrafficPolicy: Local
ports:
http:
port: 8080
targetPort: 8080
redis-write:
port: 6379
targetPort: 6379
redis-read:
port: 6380
targetPort: 6380
redis-sentinel:
port: 26379
targetPort: 26379
serviceMonitor:
main:
enabled: true
endpoints:
- port: http
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
ingress:
main:
enabled: true
ingressClassName: nginx
annotations:
hajimari.io/icon: simple-icons:redis
hosts:
- host: redis-lb.${SECRET_CLUSTER_DOMAIN}
paths:
- path: /
pathType: Prefix
podSecurityContext:
runAsUser: 99
runAsGroup: 99
fsGroup: 99
fsGroupChangePolicy: "OnRootMismatch"
persistence:
config:
enabled: true
type: configMap
name: redis-lb-configmap # overriden by kustomizeconfig
mountPath: /usr/local/etc/haproxy/haproxy.cfg
subPath: haproxy.cfg
readOnly: true

13
kubernetes/apps/default/redis/lb/kustomization.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- helmrelease.yaml
configMapGenerator:
- name: redis-lb-configmap
files:
- haproxy.cfg=./config/haproxy.cfg
configurations:
- ./patches/kustomizeconfig.yaml

7
kubernetes/apps/default/redis/lb/patches/kustomizeconfig.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
nameReference:
- kind: ConfigMap
version: v1
fieldSpecs:
- path: spec/values/persistence/config/name
kind: HelmRelease

1
kubernetes/flux/vars/cluster-settings.yaml
View File

@@ -20,6 +20,7 @@ data:
CLUSTER_LB_JELLYFIN: 192.168.169.110
CLUSTER_LB_RESILIOSYNC_HELENE: 192.168.169.111
CLUSTER_LB_MAILRISE: 192.168.169.112
CLUSTER_LB_REDIS: 192.168.169.113
LOCAL_LAN: 192.168.8.0/22
LOCAL_LAN_OPNSENSE: 192.168.8.1
LOCAL_LAN_TRUENAS: 192.168.9.10