diff --git a/kubernetes/apps/default/immich/app/configmap.yaml b/kubernetes/apps/default/immich/app/configmap.yaml index d1a3037ac..b8291e9e3 100644 --- a/kubernetes/apps/default/immich/app/configmap.yaml +++ b/kubernetes/apps/default/immich/app/configmap.yaml @@ -5,10 +5,8 @@ metadata: name: immich-configmap namespace: default data: - DB_PORT: "5432" IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.default.svc.cluster.local:3003 IMMICH_SERVER_URL: http://immich-server.default.svc.cluster.local:3001 - IMMICH_WEB_URL: http://immich-web.default.svc.cluster.local:3000 LOG_LEVEL: verbose # REDIS_HOSTNAME: redis-master.default.svc.cluster.local. # REDIS_DBINDEX: "15" diff --git a/kubernetes/apps/default/immich/app/externalsecret.yaml b/kubernetes/apps/default/immich/app/externalsecret.yaml index 3036be5d1..2dedd1f60 100644 --- a/kubernetes/apps/default/immich/app/externalsecret.yaml +++ b/kubernetes/apps/default/immich/app/externalsecret.yaml @@ -20,6 +20,7 @@ spec: DB_HOSTNAME: &dbHost postgres-rw.default.svc.cluster.local DB_USERNAME: &dbUser "{{ .POSTGRES_USER }}" DB_PASSWORD: &dbPass "{{ .POSTGRES_PASS }}" + DB_PORT: "5432" JWT_SECRET: "{{ .IMMICH_JWT_SECRET }}" TYPESENSE_API_KEY: "{{ .IMMICH_TYPESENSE_API_KEY }}" # Postgres Init diff --git a/kubernetes/apps/default/immich/app/kustomization.yaml b/kubernetes/apps/default/immich/app/kustomization.yaml index 77b9928a4..72d3ef811 100644 --- a/kubernetes/apps/default/immich/app/kustomization.yaml +++ b/kubernetes/apps/default/immich/app/kustomization.yaml @@ -13,4 +13,3 @@ resources: - ./typesense - ./volsync.yaml - ./volumes.yaml - - ./web diff --git a/kubernetes/apps/default/immich/app/server/config/immich-config.json b/kubernetes/apps/default/immich/app/server/config/immich-config.json new file mode 100644 index 000000000..c562dc97e --- /dev/null +++ b/kubernetes/apps/default/immich/app/server/config/immich-config.json @@ -0,0 +1,92 @@ +{ + "ffmpeg": { + "crf": 23, + "threads": 0, + "preset": "ultrafast", + "targetVideoCodec": "h264", + "targetAudioCodec": "aac", + "targetResolution": "720", + "maxBitrate": "0", + "twoPass": false, + "transcode": "required", + "tonemap": "hable", + "accel": "disabled" + }, + "job": { + "backgroundTask": { + "concurrency": 5 + }, + "clipEncoding": { + "concurrency": 2 + }, + "metadataExtraction": { + "concurrency": 5 + }, + "objectTagging": { + "concurrency": 2 + }, + "recognizeFaces": { + "concurrency": 2 + }, + "search": { + "concurrency": 5 + }, + "sidecar": { + "concurrency": 5 + }, + "storageTemplateMigration": { + "concurrency": 5 + }, + "thumbnailGeneration": { + "concurrency": 5 + }, + "videoConversion": { + "concurrency": 1 + } + }, + "machineLearning": { + "classification": { + "minScore": 0.7, + "enabled": true, + "modelName": "microsoft/resnet-50" + }, + "enabled": true, + "url": "http://immich-machine-learning.default.svc.cluster.local:3003", + "clip": { + "enabled": true, + "modelName": "ViT-B-32::openai" + }, + "facialRecognition": { + "enabled": true, + "modelName": "buffalo_l", + "minScore": 0.7, + "maxDistance": 0.6, + "minFaces": 1 + } + }, + "oauth": { + "enabled": true, + "issuerUrl": "https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration", + "clientId": "immich", + "clientSecret": "${SECRET_IMMICH_OAUTH_CLIENT_SECRET}", + "mobileOverrideEnabled": false, + "mobileRedirectUri": "", + "scope": "openid email profile", + "storageLabelClaim": "preferred_username", + "buttonText": "Login with Authelia", + "autoRegister": true, + "autoLaunch": true + }, + "passwordLogin": { + "enabled": true + }, + "storageTemplate": { + "template": "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}" + }, + "thumbnail": { + "webpSize": 250, + "jpegSize": 1440, + "quality": 90, + "colorspace": "p3" + } +} diff --git a/kubernetes/apps/default/immich/app/server/helmrelease.yaml b/kubernetes/apps/default/immich/app/server/helmrelease.yaml index 94df62c20..26d8a6eb1 100644 --- a/kubernetes/apps/default/immich/app/server/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/server/helmrelease.yaml @@ -49,6 +49,7 @@ spec: main: strategy: RollingUpdate annotations: + reloader.stakater.com/auto: "true" configmap.reloader.stakater.com/reload: &configMap immich-configmap secret.reloader.stakater.com/reload: &secret immich-secret initContainers: @@ -69,6 +70,11 @@ spec: tag: v1.88.2 args: ["start-server.sh"] envFrom: *envFrom + env: + LOG_LEVEL: log + # IMMICH_CONFIG_FILE: /config/immich-config.json + IMMICH_MEDIA_LOCATION: &mediaLocation /usr/src/app/upload + SERVER_PORT: &port 3001 resources: requests: cpu: 100m @@ -77,12 +83,38 @@ spec: main: ports: http: - port: 3001 + port: *port + ingress: + main: + enabled: true + className: nginx + annotations: + external-dns.home.arpa/enabled: "true" + hajimari.io/appName: Immich + nignx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/upstream-hash-by: "$client_ip" + hosts: + - host: &host photos.${SECRET_CLUSTER_DOMAIN} + paths: + - path: / + service: + name: main + port: http + tls: + - hosts: + - *host persistence: + config: + enabled: true + type: configMap + name: immich-server-config + globalMounts: + - path: /config library: existingClaim: immich-nfs globalMounts: - - path: /usr/src/app/upload + - path: *mediaLocation geocoding-dump: type: emptyDir globalMounts: diff --git a/kubernetes/apps/default/immich/app/server/kustomization.yaml b/kubernetes/apps/default/immich/app/server/kustomization.yaml index 09bc749a9..fb0a94ba8 100644 --- a/kubernetes/apps/default/immich/app/server/kustomization.yaml +++ b/kubernetes/apps/default/immich/app/server/kustomization.yaml @@ -4,3 +4,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./helmrelease.yaml +configMapGenerator: + - name: immich-server-config + files: + - ./config/immich-config.json +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/default/immich/app/web/helmrelease.yaml b/kubernetes/apps/default/immich/app/web/helmrelease.yaml deleted file mode 100644 index 788c8ffbd..000000000 --- a/kubernetes/apps/default/immich/app/web/helmrelease.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app immich-web - namespace: default -spec: - interval: 30m - chart: - spec: - chart: app-template - version: 2.3.0 - interval: 30m - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 2 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - dependsOn: - - name: immich-server - values: - defaultPodOptions: - securityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - controllers: - main: - strategy: RollingUpdate - annotations: - configmap.reloader.stakater.com/reload: &configMap immich-configmap - secret.reloader.stakater.com/reload: &secret immich-secret - containers: - main: - image: - repository: ghcr.io/immich-app/immich-web - tag: v1.87.0 - envFrom: - - configMapRef: - name: *configMap - - secretRef: - name: *secret - resources: - requests: - cpu: 100m - memory: 250Mi - service: - main: - ports: - http: - port: 3000 - ingress: - main: - enabled: true - className: nginx - annotations: - external-dns.home.arpa/enabled: "true" - hajimari.io/appName: Immich - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite /api/(.*) /$1 break; - set $forwarded_client_ip ""; - if ($http_x_forwarded_for ~ "^([^,]+)") { - set $forwarded_client_ip $1; - } - set $client_ip $remote_addr; - if ($forwarded_client_ip != "") { - set $client_ip $forwarded_client_ip; - } - nignx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/upstream-hash-by: "$client_ip" - hosts: - - host: &host photos.${SECRET_CLUSTER_DOMAIN} - paths: - - path: / - service: - name: main - port: http - - path: /api - service: - name: immich-server - port: 3001 - tls: - - hosts: - - *host diff --git a/kubernetes/apps/default/immich/app/web/kustomization.yaml b/kubernetes/apps/default/immich/app/web/kustomization.yaml deleted file mode 100644 index 09bc749a9..000000000 --- a/kubernetes/apps/default/immich/app/web/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml