shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

🐛 immich

Browse Source
This commit is contained in:
auricom
2023-07-07 19:42:48 +02:00
parent 2241c93f85
commit 850fe6baba
7 changed files with 91 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
kubernetes/apps/default/immich/app/configmap.yaml
View File

@@ -6,19 +6,15 @@ metadata:
namespace: default
data:
DB_PORT: "5432"
DISABLE_REVERSE_GEOCODING: "true"
ENABLE_MAPBOX: "false"
IMMICH_WEB_URL: http://immich-web.default.svc.cluster.local:3000
IMMICH_SERVER_URL: http://immich-server.default.svc.cluster.local:3001
IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.default.svc.cluster.local:3003
LOG_LEVEL: verbose
REDIS_DBINDEX: "10"
REDIS_HOSTNAME: redis.default.svc.cluster.local
REDIS_PORT: "6379"
TYPESENSE_HOST: immich-typesense.default.svc.cluster.local
TYPESENSE_DATA_DIR: /config
TYPESENSE_PORT: "8108"
TYPESENSE_PROTOCOL: http
IMMICH_WEB_URL: http://immich-web.default.svc.cluster.local:3000
IMMICH_SERVER_URL: http://immich-server.default.svc.cluster.local:3001
IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.default.svc.cluster.local:3003
# Below are deprecated and can only be set in the Immich Admin settings
# OAUTH_ENABLED: "true"
# OAUTH_ISSUER_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration

22
kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml
View File

@@ -1,12 +1,12 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app immich-machine-learning
namespace: default
spec:
interval: 15m
interval: 30m
chart:
spec:
chart: app-template
@@ -15,7 +15,7 @@ spec:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 3
maxHistory: 2
install:
createNamespace: true
remediation:
@@ -28,20 +28,22 @@ spec:
keepHistory: false
dependsOn:
- name: immich-server
- name: redis
values:
controller:
replicas: 2
replicas: 1
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
configmap.reloader.stakater.com/reload: &configMap immich-configmap
secret.reloader.stakater.com/reload: &secret immich-secret
image:
repository: ghcr.io/immich-app/immich-machine-learning
tag: v1.62.1
tag: v1.66.1
envFrom:
- secretRef:
name: immich-secret
- configMapRef:
name: immich-configmap
name: *configMap
- secretRef:
name: *secret
service:
main:
ports:
@@ -65,4 +67,4 @@ spec:
resources:
requests:
cpu: 100m
memory: 250Mi
memory: 250Mi

24
kubernetes/apps/default/immich/app/microservices/helmrelease.yaml
View File

@@ -1,12 +1,12 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app immich-microservices
namespace: default
spec:
interval: 15m
interval: 30m
chart:
spec:
chart: app-template
@@ -15,7 +15,7 @@ spec:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 3
maxHistory: 2
install:
createNamespace: true
remediation:
@@ -28,23 +28,23 @@ spec:
keepHistory: false
dependsOn:
- name: immich-typesense
- name: redis
values:
controller:
replicas: 2
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
configmap.reloader.stakater.com/reload: &configMap immich-configmap
secret.reloader.stakater.com/reload: &secret immich-secret
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.62.1
command: /bin/sh
args:
- ./start-microservices.sh
tag: v1.66.1
args: ["start-microservices.sh"]
envFrom:
- secretRef:
name: immich-secret
- configMapRef:
name: immich-configmap
name: *configMap
- secretRef:
name: *secret
service:
main:
enabled: false
@@ -63,4 +63,4 @@ spec:
resources:
requests:
cpu: 100m
memory: 250Mi
memory: 250Mi

54
kubernetes/apps/default/immich/app/secret.sops.yaml
View File

@@ -1,24 +1,24 @@
# yamllint disable
apiVersion: v1
kind: Secret
#ENC[AES256_GCM,data:d1soEhscg51calGZG3O3g98=,iv:KKyg+/5cCcLOnE8cPWUwXdfevdyysydn4RaE7Lp2s88=,tag:HFmPFCxpHxROdyWeBEWKEw==,type:comment]
apiVersion: ENC[AES256_GCM,data:swg=,iv:I6UARRE9i+ESfo+JrA74b/u/gJuwSuPtbe6/UdS1vV8=,tag:Q3PkuUUYjPZK5O3c0aDLvA==,type:str]
kind: ENC[AES256_GCM,data:9DK72SsI,iv:yv+MYka8sAKPP0xEJWTBEjHsSU6/Vydkk9mzIO2w22Q=,tag:zlODnYsnb1nKT+8+U+xN2g==,type:str]
metadata:
name: immich-secret
namespace: default
type: Opaque
name: ENC[AES256_GCM,data:PZNQB+A9RzY1ZQ/5ZA==,iv:UoecrHwp3L7FZgizu5epcCuUISkNih63TyKca6ZRy/o=,tag:jhghpNcVosNHn/MtCV2Lew==,type:str]
namespace: ENC[AES256_GCM,data:YNaXviACOw==,iv:mcHybOlaqFsGF4glGkoiKPiEePsTBB3bzvh4Ylt8ux4=,tag:OuYXZks+B0vxSqwKQtE0eA==,type:str]
type: ENC[AES256_GCM,data:iODDP63q,iv:7Wq/KKSlrZxctSw3RkuFTjqjH+xZmjPpPN3cwofb5uc=,tag:bsxLSZpdwV9tOtfDexKS0w==,type:str]
stringData:
#ENC[AES256_GCM,data:M3l1uxCayw==,iv:Vr0yrJF/xDpqANJSg5VpU0RPxknE3N8HW5NPkZ+Ngko=,tag:5X9qYSGAMJ08DMOdpF/fgg==,type:comment]
DB_DATABASE_NAME: ENC[AES256_GCM,data:/1JmFMnq,iv:aycc8Tqv4h95ATSrtTp3uOKkJ7uJ3fF8P9rx99+F+jk=,tag:vgciF1KIzr6lIhbpsL4bwQ==,type:str]
DB_HOSTNAME: ENC[AES256_GCM,data:Tx7HFLwCYQjXN79Qu6+vKSIdR1Lxs397mV+Hi0XqlL0/vY5kAg==,iv:xVxuZuEeGdT9Ja7FzfWLFhz/dRxCGAk97893jPEPyzk=,tag:+wOzSIjORLrAKPYD+7vtPQ==,type:str]
DB_PASSWORD: ENC[AES256_GCM,data:xGc/+0jUa2FcMKSFyjaxYia1ZnU=,iv:A0i5vPLMXLmqNicsQI6vrlOnR8lEJXOMomABnGMOLAQ=,tag:RXPncaj3YxgdK4UpOp2oCw==,type:str]
DB_USERNAME: ENC[AES256_GCM,data:usQAPAXx,iv:/dG1qJr2i1uwarjTn9RcxPt12DbY/gAO+rUdSDqeWNA=,tag:JM3zv0xI+rlX+1ju7kyVxw==,type:str]
JWT_SECRET: ENC[AES256_GCM,data:177xddBgbYp4B1xLlfHsGqm1SdW6W7S7Z53ExG3dYw==,iv:LAX2iW9hj/fX7n1g6yWAZOtZNH3xXMSXn9nFoffCkvU=,tag:76Kxh3v7pqazzDJDuVcpNQ==,type:str]
TYPESENSE_API_KEY: ENC[AES256_GCM,data:XO+r7yIb3FGzQmJl4826pKYFxlQ=,iv:Ce+Xg5iEdCDYVXxH3+2qZCIfjMtYcjNuVejp5e+vSOE=,tag:Zwvvgt7z+eiq2HTPfMvdKg==,type:str]
#ENC[AES256_GCM,data:1+sGdHMiMe3clIg6KVo=,iv:II/LS19frtCXo/niP5/HPaVF6IcYr/FBqddAlKFytA0=,tag:IubpMI5HxdnxZB8mSezASA==,type:comment]
POSTGRES_DB: ENC[AES256_GCM,data:NMVSQmNi,iv:/5aMX5er4zqsOVidsnaArmBwRreVPLBE9hn5jNSDkso=,tag:vGJDIQgfCOqUOtYFtlL51w==,type:str]
POSTGRES_HOST: ENC[AES256_GCM,data:TpU9sKI32nQJ3pFnas9FjLXNlnAzX73heXQ7EwYVuur5AKQwdw==,iv:/SdWujct0FaDNMpUwk9ImuKDwDKL2oun8I6kPfU+P6s=,tag:LUqHoWf8wMkBM4sKri+5Ew==,type:str]
POSTGRES_PASS: ENC[AES256_GCM,data:xnX/vIBKWeIDaUUWnSVI7F3538Q=,iv:K59DXnnGxWbLAQKnzn4EEhY3nLKs6NJQv6qNpF/OwH8=,tag:L5mAlCeNh3J2GlG2udEspA==,type:str]
POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:mcsuRKRBTmB/mIlfRY0EGA==,iv:OVLvJemtTQINZ3MzsXUhJ/OJsWAP0iI5/jQDJpzmTug=,tag:MKnEYcpR9Qq7/mks67kQPw==,type:str]
POSTGRES_USER: ENC[AES256_GCM,data:G6pSju/U,iv:eVTKbpYCD7hv7y2zYKr6wv6Wsca4QmHwC1MZZmQ8aKA=,tag:17QhReyXRFeL7nULag++Bw==,type:str]
#ENC[AES256_GCM,data:Ig15EuEqxQ==,iv:32X4zNK9zd9+zFlZcUAqfeflKkGwR/5PoTkWQMQAkok=,tag:4OhEZ9NUBJCY+FlXJULy2Q==,type:comment]
DB_DATABASE_NAME: ENC[AES256_GCM,data:zkxzVpLh,iv:H32uQwOUrDdXHBFPNH6gQfubkvx+V2K8vtZMcMfGy3k=,tag:JRFBG6jhdUFoE5pEoOk85w==,type:str]
DB_HOSTNAME: ENC[AES256_GCM,data:/OWs4aGVDwXWYl2KcY2gV+PwRSzwwPA23fRcU7ehjRPZW1A+zQ==,iv:rFxRmzC/R6+AHT6inrY+J7OXT1fcbEMa+Cyl8l1lQTw=,tag:svJHOw2OiyVWfHaZore2nA==,type:str]
DB_PASSWORD: ENC[AES256_GCM,data:2wpIXgMS38sdFldSG69pJiq51UE=,iv:o/cjdu3WQ/y76TaOGUlwFL5Roxy+iYkE6Js2mi5AAYc=,tag:C6Bi3pmOrsmwhNUQHGUgwA==,type:str]
DB_USERNAME: ENC[AES256_GCM,data:mcH9iYVK,iv:/2k5opxxuVaPGM+pt+uUn9TzyKvMZ5kMwio8dPcl09U=,tag:1hyp9tn2EUy15LTh+xrvPg==,type:str]
JWT_SECRET: ENC[AES256_GCM,data:1rQ7gEa2uRnglLflaeID1lMaiWWgPgO9dFLpMGsR0Q==,iv:j3wWDSGG3OOy7ddymUTwcRKLVU4Jo8/9RKwJC7eNgAY=,tag:gvkRIlKvcCg0Mip4Jmx43g==,type:str]
TYPESENSE_API_KEY: ENC[AES256_GCM,data:TjW6iYXE3TA7ZMXVnJVyR+EemX4=,iv:zd0YwTFgDZ5zKCkAcmX9tBAGsKnoFgt7Q1p06Qqx7KU=,tag:E7ugCnLvWxEzCKU6hPGfrw==,type:str]
#ENC[AES256_GCM,data:xLtMNIP/A/i7Oh2A610=,iv:nqEoC5hQynXJqm96egFHsdrTn7jz2pigdhPeFqyvZVg=,tag:WPMPlJEd5oxoWYX/XQOkrw==,type:comment]
INIT_POSTGRES_DBNAME: ENC[AES256_GCM,data:XaCak/Rz,iv:M6QasIxYsooDhjaTePbFyLBQKZ/u5z9qCGUlKLfydZk=,tag:iIOpkG3pFqGJWQUQOvu/Bg==,type:str]
INIT_POSTGRES_HOST: ENC[AES256_GCM,data:YS6X0m9WuR1b+td+iiAFKDYlv5DIasQYS3zWYxxlPsVDJ4uCsA==,iv:fXLKwK7rf0gYirtgwVmYylM0xv1xgYFSdNcD2NVsbiA=,tag:YYzyBIEAKqUzf6ncbJ/w7A==,type:str]
INIT_POSTGRES_USER: ENC[AES256_GCM,data:Zo/4bVnP,iv:Lvpk8xwq+ThQxYhxGi8upImuHzd6tdchiLbsHAIMwig=,tag:rBAhiXOHaYX8T569Gel04w==,type:str]
INIT_POSTGRES_PASS: ENC[AES256_GCM,data:JtCQrGW7nSrUdZh9ITnNnMdJ+1o=,iv:hHUKZZhAqPeUGnITlJ335X9qAwP5Kcul+iuyAUT17+w=,tag:8EWDHH0gihtbkHHNN+NuEg==,type:str]
INIT_POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:Z2ceFbaVgUN1nzYD5AsWJg==,iv:ogi+Z9AF6N+Xr+7a7VzOmOTg64Q1cDt3VxsdLCyIJmQ=,tag:8kEHIIvQfyudIawl/7Q4gw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -28,14 +28,14 @@ sops:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NVpnZE1xaXY3VmEwb24z
Z2lLQ1d4NzFUdWdUUWphUkVPK0ljRmMvSGpvCkhjT1pyOE94bXkwQkVpL0Ywa0tv
VmVhQzA4WEVqK0lxQUVzUTFidXVrL0UKLS0tIEtJSFNqbkVDZm9Mc3ZCbzJiOXov
MGN2VjZaRzhTM3JxeWlVelhvQUhlcTgKIQnk7XcpuK9ZWinZf9s/rYFAeFbF2yXX
+afSzOZKXq6ENcnTY/Or0A76wXVpYAJ3yaNsfFhXY0QQw/wwE14cMA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Wk5lWkZTL1R6UFBqcHpV
UFhwR00vRUFRNnl4dmNMSkdYaFhkUWhYUnhvCmE3Tzh6cHpKTUlpZGEwSCsyM0tC
cHdWZDY4Zk9TUU1CeEJnM1dwcXlIbFUKLS0tICtpSXlIUTR6VkxwenV4citDVTZ1
US9qN3BQWUQ3YUxhcFJsNldyVkl3WkUKpaiuq3nAaRUpFaf5w/uincPjvoJCZITc
/KXU6wpMqzQqNvMTevKCQxxlqLoNO/3HMfCuxwgzykCQOAJZP9Y6eQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-21T20:21:00Z"
mac: ENC[AES256_GCM,data:EVvr8WqxjdY+RHvO8F0aqV2qnSyZRLJSDpvwKyvRgj32c9UUFbEQQiSn7Ie6oIRpE6mhl/QRAqvkvChBEVVi3/oyuo2wUH4pqmm6udTOpmAGbABcpQyH0ecxP/ZHgPDNlm8I67qsKTSM8pV7Pmi3MedmgISRXwZ4uFFHM7iX4Bs=,iv:5TOjAc6MlTyLw4YKTcqRySBXcgHHm9sHewLzD9fHDq0=,tag:ZB00nS0d+dQgUw4qRC/vzw==,type:str]
lastmodified: "2023-07-07T18:57:29Z"
mac: ENC[AES256_GCM,data:aaErwOuk2NmsmTQN2nbaPRPRWPiDpT0VhWKVH4+SwU/xPv50L2BWj9CDSnJD3FWNUZo0z6rerIfcf9KKoABzcW9MZkUmSf6698SXAoIa8jb5Uacx5+7C/8jGFRpxcYA9oX0lXMK6mBDYjOC4Wt80HCNbtCgPaWRVhbWKt5gRKjs=,iv:mUE6KoAaup5AvpPXDfb1KNPeXUNEv8r0GloA00M5jtI=,tag:KbCHxe9Oo5gaRNDgMji7lA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
unencrypted_suffix: _unencrypted
version: 3.7.3

33
kubernetes/apps/default/immich/app/server/helmrelease.yaml
View File

@@ -1,12 +1,12 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app immich-server
namespace: default
spec:
interval: 15m
interval: 30m
chart:
spec:
chart: app-template
@@ -15,7 +15,7 @@ spec:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 3
maxHistory: 2
install:
createNamespace: true
remediation:
@@ -27,32 +27,29 @@ spec:
uninstall:
keepHistory: false
dependsOn:
- name: immich-redis
- name: immich-typesense
- name: redis
values:
initContainers:
01-init-db:
image: ghcr.io/onedr0p/postgres-initdb:14.8
image: ghcr.io/onedr0p/postgres-init:14.8
imagePullPolicy: IfNotPresent
envFrom:
envFrom: &envFrom
- configMapRef:
name: &configMap immich-configmap
- secretRef:
name: immich-secret
name: &secret immich-secret
controller:
replicas: 2
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
configmap.reloader.stakater.com/reload: *configMap
secret.reloader.stakater.com/reload: *secret
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.62.1
command: /bin/sh
args:
- ./start-server.sh
envFrom:
- secretRef:
name: immich-secret
- configMapRef:
name: immich-configmap
tag: v1.66.1
args: ["start-server.sh"]
envFrom: *envFrom
service:
main:
ports:
@@ -73,4 +70,4 @@ spec:
resources:
requests:
cpu: 100m
memory: 250Mi
memory: 250Mi

19
kubernetes/apps/default/immich/app/typesense/helmrelease.yaml
View File

@@ -1,12 +1,12 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app immich-typesense
name: immich-typesense
namespace: default
spec:
interval: 15m
interval: 30m
chart:
spec:
chart: app-template
@@ -15,7 +15,7 @@ spec:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 3
maxHistory: 2
install:
createNamespace: true
remediation:
@@ -30,15 +30,16 @@ spec:
controller:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
configmap.reloader.stakater.com/reload: &configMap immich-configmap
secret.reloader.stakater.com/reload: &secret immich-secret
image:
repository: docker.io/typesense/typesense
tag: 0.24.1
envFrom:
- secretRef:
name: immich-secret
- configMapRef:
name: immich-configmap
name: *configMap
- secretRef:
name: *secret
service:
main:
ports:
@@ -67,4 +68,4 @@ spec:
resources:
requests:
cpu: 100m
memory: 250Mi
memory: 250Mi

27
kubernetes/apps/default/immich/app/web/helmrelease.yaml
View File

@@ -1,12 +1,12 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app immich-web
namespace: default
spec:
interval: 15m
interval: 30m
chart:
spec:
chart: app-template
@@ -15,7 +15,7 @@ spec:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 3
maxHistory: 2
install:
createNamespace: true
remediation:
@@ -28,23 +28,22 @@ spec:
keepHistory: false
dependsOn:
- name: immich-server
- name: redis
values:
controller:
replicas: 2
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
configmap.reloader.stakater.com/reload: &configMap immich-configmap
secret.reloader.stakater.com/reload: &secret immich-secret
image:
repository: ghcr.io/immich-app/immich-web
tag: v1.62.1
command: /bin/sh
args:
- ./entrypoint.sh
tag: v1.66.1
envFrom:
- secretRef:
name: immich-secret
- configMapRef:
name: immich-configmap
name: *configMap
- secretRef:
name: *secret
service:
main:
ports:
@@ -60,10 +59,8 @@ spec:
rewrite /api/(.*) /$1 break;
nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hajimari.io/appName: Immich
hajimari.io/icon: heroicons:photo
hosts:
- host: &host photos.${SECRET_CLUSTER_DOMAIN}
- host: &host photos.devbu.io
paths:
- path: /
pathType: Prefix
@@ -90,4 +87,4 @@ spec:
resources:
requests:
cpu: 100m
memory: 250Mi
memory: 250Mi