🔧 adapt immich config to 1.88

2025-10-01 16:05:55 +02:00 · 2023-11-26 18:02:01 +01:00
parent 234f5dc559
commit 5f377ab245
8 changed files with 133 additions and 115 deletions
--- a/kubernetes/apps/default/immich/app/configmap.yaml
+++ b/kubernetes/apps/default/immich/app/configmap.yaml
@@ -5,10 +5,8 @@ metadata:
  name: immich-configmap
  namespace: default
 data:
-  DB_PORT: "5432"
  IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.default.svc.cluster.local:3003
  IMMICH_SERVER_URL: http://immich-server.default.svc.cluster.local:3001
-  IMMICH_WEB_URL: http://immich-web.default.svc.cluster.local:3000
  LOG_LEVEL: verbose
  # REDIS_HOSTNAME: redis-master.default.svc.cluster.local.
  # REDIS_DBINDEX: "15"
--- a/kubernetes/apps/default/immich/app/externalsecret.yaml
+++ b/kubernetes/apps/default/immich/app/externalsecret.yaml
@@ -20,6 +20,7 @@ spec:
        DB_HOSTNAME: &dbHost postgres-rw.default.svc.cluster.local
        DB_USERNAME: &dbUser "{{ .POSTGRES_USER }}"
        DB_PASSWORD: &dbPass "{{ .POSTGRES_PASS }}"
+        DB_PORT: "5432"
        JWT_SECRET: "{{ .IMMICH_JWT_SECRET }}"
        TYPESENSE_API_KEY: "{{ .IMMICH_TYPESENSE_API_KEY }}"
        # Postgres Init
--- a/kubernetes/apps/default/immich/app/kustomization.yaml
+++ b/kubernetes/apps/default/immich/app/kustomization.yaml
@@ -13,4 +13,3 @@ resources:
  - ./typesense
  - ./volsync.yaml
  - ./volumes.yaml
-  - ./web
--- a/kubernetes/apps/default/immich/app/server/config/immich-config.json
+++ b/kubernetes/apps/default/immich/app/server/config/immich-config.json
@@ -0,0 +1,92 @@
+{
+  "ffmpeg": {
+    "crf": 23,
+    "threads": 0,
+    "preset": "ultrafast",
+    "targetVideoCodec": "h264",
+    "targetAudioCodec": "aac",
+    "targetResolution": "720",
+    "maxBitrate": "0",
+    "twoPass": false,
+    "transcode": "required",
+    "tonemap": "hable",
+    "accel": "disabled"
+  },
+  "job": {
+    "backgroundTask": {
+      "concurrency": 5
+    },
+    "clipEncoding": {
+      "concurrency": 2
+    },
+    "metadataExtraction": {
+      "concurrency": 5
+    },
+    "objectTagging": {
+      "concurrency": 2
+    },
+    "recognizeFaces": {
+      "concurrency": 2
+    },
+    "search": {
+      "concurrency": 5
+    },
+    "sidecar": {
+      "concurrency": 5
+    },
+    "storageTemplateMigration": {
+      "concurrency": 5
+    },
+    "thumbnailGeneration": {
+      "concurrency": 5
+    },
+    "videoConversion": {
+      "concurrency": 1
+    }
+  },
+  "machineLearning": {
+    "classification": {
+      "minScore": 0.7,
+      "enabled": true,
+      "modelName": "microsoft/resnet-50"
+    },
+    "enabled": true,
+    "url": "http://immich-machine-learning.default.svc.cluster.local:3003",
+    "clip": {
+      "enabled": true,
+      "modelName": "ViT-B-32::openai"
+    },
+    "facialRecognition": {
+      "enabled": true,
+      "modelName": "buffalo_l",
+      "minScore": 0.7,
+      "maxDistance": 0.6,
+      "minFaces": 1
+    }
+  },
+  "oauth": {
+    "enabled": true,
+    "issuerUrl": "https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration",
+    "clientId": "immich",
+    "clientSecret": "${SECRET_IMMICH_OAUTH_CLIENT_SECRET}",
+    "mobileOverrideEnabled": false,
+    "mobileRedirectUri": "",
+    "scope": "openid email profile",
+    "storageLabelClaim": "preferred_username",
+    "buttonText": "Login with Authelia",
+    "autoRegister": true,
+    "autoLaunch": true
+  },
+  "passwordLogin": {
+    "enabled": true
+  },
+  "storageTemplate": {
+    "template": "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}"
+  },
+  "thumbnail": {
+    "webpSize": 250,
+    "jpegSize": 1440,
+    "quality": 90,
+    "colorspace": "p3"
+  }
+}
--- a/kubernetes/apps/default/immich/app/server/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/server/helmrelease.yaml
@@ -49,6 +49,7 @@ spec:
      main:
        strategy: RollingUpdate
        annotations:
+          reloader.stakater.com/auto: "true"
          configmap.reloader.stakater.com/reload: &configMap immich-configmap
          secret.reloader.stakater.com/reload: &secret immich-secret
        initContainers:
@@ -69,6 +70,11 @@ spec:
              tag: v1.88.2
            args: ["start-server.sh"]
            envFrom: *envFrom
+            env:
+              LOG_LEVEL: log
+              # IMMICH_CONFIG_FILE: /config/immich-config.json
+              IMMICH_MEDIA_LOCATION: &mediaLocation /usr/src/app/upload
+              SERVER_PORT: &port 3001
            resources:
              requests:
                cpu: 100m
@@ -77,12 +83,38 @@ spec:
      main:
        ports:
          http:
-            port: 3001
+            port: *port
+    ingress:
+      main:
+        enabled: true
+        className: nginx
+        annotations:
+          external-dns.home.arpa/enabled: "true"
+          hajimari.io/appName: Immich
+          nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
+          nginx.ingress.kubernetes.io/proxy-body-size: "0"
+          nginx.ingress.kubernetes.io/upstream-hash-by: "$client_ip"
+        hosts:
+          - host: &host photos.${SECRET_CLUSTER_DOMAIN}
+            paths:
+              - path: /
+                service:
+                  name: main
+                  port: http
+        tls:
+          - hosts:
+              - *host
    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: immich-server-config
+        globalMounts:
+          - path: /config
      library:
        existingClaim: immich-nfs
        globalMounts:
-          - path: /usr/src/app/upload
+          - path: *mediaLocation
      geocoding-dump:
        type: emptyDir
        globalMounts:
--- a/kubernetes/apps/default/immich/app/server/kustomization.yaml
+++ b/kubernetes/apps/default/immich/app/server/kustomization.yaml
@@ -4,3 +4,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./helmrelease.yaml
+configMapGenerator:
+  - name: immich-server-config
+    files:
+      - ./config/immich-config.json
+generatorOptions:
+  disableNameSuffixHash: true
--- a/kubernetes/apps/default/immich/app/web/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/web/helmrelease.yaml
@@ -1,104 +0,0 @@
---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: &app immich-web
-  namespace: default
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: app-template
-      version: 2.3.0
-      interval: 30m
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  maxHistory: 2
-  install:
-    createNamespace: true
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  uninstall:
-    keepHistory: false
-  dependsOn:
-    - name: immich-server
-  values:
-    defaultPodOptions:
-      securityContext:
-        runAsUser: 568
-        runAsGroup: 568
-        fsGroup: 568
-        fsGroupChangePolicy: OnRootMismatch
-      topologySpreadConstraints:
-        - maxSkew: 1
-          topologyKey: kubernetes.io/hostname
-          whenUnsatisfiable: DoNotSchedule
-          labelSelector:
-            matchLabels:
-              app.kubernetes.io/name: *app
-    controllers:
-      main:
-        strategy: RollingUpdate
-        annotations:
-          configmap.reloader.stakater.com/reload: &configMap immich-configmap
-          secret.reloader.stakater.com/reload: &secret immich-secret
-        containers:
-          main:
-            image:
-              repository: ghcr.io/immich-app/immich-web
-              tag: v1.87.0
-            envFrom:
-              - configMapRef:
-                  name: *configMap
-              - secretRef:
-                  name: *secret
-            resources:
-              requests:
-                cpu: 100m
-                memory: 250Mi
-    service:
-      main:
-        ports:
-          http:
-            port: 3000
-    ingress:
-      main:
-        enabled: true
-        className: nginx
-        annotations:
-          external-dns.home.arpa/enabled: "true"
-          hajimari.io/appName: Immich
-          nginx.ingress.kubernetes.io/configuration-snippet: |
-            rewrite /api/(.*) /$1 break;
-            set $forwarded_client_ip "";
-            if ($http_x_forwarded_for ~ "^([^,]+)") {
-              set $forwarded_client_ip $1;
-            }
-            set $client_ip $remote_addr;
-            if ($forwarded_client_ip != "") {
-              set $client_ip $forwarded_client_ip;
-            }
-          nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
-          nginx.ingress.kubernetes.io/proxy-body-size: "0"
-          nginx.ingress.kubernetes.io/upstream-hash-by: "$client_ip"
-        hosts:
-          - host: &host photos.${SECRET_CLUSTER_DOMAIN}
-            paths:
-              - path: /
-                service:
-                  name: main
-                  port: http
-              - path: /api
-                service:
-                  name: immich-server
-                  port: 3001
-        tls:
-          - hosts:
-              - *host
--- a/kubernetes/apps/default/immich/app/web/kustomization.yaml
+++ b/kubernetes/apps/default/immich/app/web/kustomization.yaml
@@ -1,6 +0,0 @@
---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml