From c3d02f144a0e7f1e5cc202b18a8bee292cf1e6c3 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Wed, 1 Nov 2023 14:36:08 +0100 Subject: [PATCH] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20immich=20app-template=20v2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../default/immich/app/kustomization.yaml | 1 - .../app/machine-learning/helmrelease.yaml | 97 ++++++++--------- .../immich/app/microservices/helmrelease.yaml | 101 +++++++++-------- .../default/immich/app/proxy/helmrelease.yaml | 63 ----------- .../immich/app/proxy/kustomization.yaml | 6 - .../immich/app/server/helmrelease.yaml | 92 +++++++++------- .../immich/app/typesense/helmrelease.yaml | 86 +++++++++------ .../apps/default/immich/app/volumes.yaml | 2 - .../default/immich/app/web/helmrelease.yaml | 103 ++++++++++++------ 9 files changed, 272 insertions(+), 279 deletions(-) delete mode 100644 kubernetes/apps/default/immich/app/proxy/helmrelease.yaml delete mode 100644 kubernetes/apps/default/immich/app/proxy/kustomization.yaml diff --git a/kubernetes/apps/default/immich/app/kustomization.yaml b/kubernetes/apps/default/immich/app/kustomization.yaml index 9ce031bbc..77b9928a4 100644 --- a/kubernetes/apps/default/immich/app/kustomization.yaml +++ b/kubernetes/apps/default/immich/app/kustomization.yaml @@ -8,7 +8,6 @@ resources: - ./externalsecret.yaml - ./gatus.yaml - ./microservices - - ./proxy - ./machine-learning - ./server - ./typesense diff --git a/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml b/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml index ecf0195bb..22c8fcb7e 100644 --- a/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml @@ -10,74 +10,73 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 + interval: 30m sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system - maxHistory: 2 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false dependsOn: - name: immich-server - name: immich-redis values: - controller: - strategy: Recreate - annotations: - configmap.reloader.stakater.com/reload: &configMap immich-configmap - secret.reloader.stakater.com/reload: &secret immich-secret - image: - repository: ghcr.io/immich-app/immich-machine-learning - tag: v1.83.0 - envFrom: - - configMapRef: - name: *configMap - - secretRef: - name: *secret + controllers: + main: + strategy: RollingUpdate + annotations: + configmap.reloader.stakater.com/reload: &configMap immich-configmap + secret.reloader.stakater.com/reload: &secret immich-secret + containers: + main: + image: + repository: ghcr.io/immich-app/immich-machine-learning + tag: v1.83.0 + envFrom: + - configMapRef: + name: *configMap + - secretRef: + name: *secret + resources: + requests: + cpu: 100m + memory: 274M + limits: + memory: 3949M + pod: + enableServiceLinks: false + securityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app service: main: ports: http: port: 3003 - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch persistence: library: - enabled: true + type: persistentVolumeClaim existingClaim: immich-nfs - mountPath: /usr/src/app/upload + globalMounts: + - path: /usr/src/app/upload cache: - enabled: true + type: persistentVolumeClaim existingClaim: immich-machine-learning-cache - mountPath: /cache + globalMounts: + - path: /cache geocoding-dump: - enabled: true type: emptyDir - mountPath: /usr/src/app/.reverse-geocoding-dump + globalMounts: + - path: /usr/src/app/.reverse-geocoding-dump transformers-cache: - enabled: true type: emptyDir - mountPath: /usr/src/app/.transformers_cache - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - cpu: 100m - memory: 250Mi + globalMounts: + - path: /usr/src/app/.transformers_cache diff --git a/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml b/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml index 03574a2eb..0a7658a92 100644 --- a/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml @@ -10,7 +10,8 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 + interval: 30m sourceRef: kind: HelmRepository name: bjw-s @@ -27,63 +28,69 @@ spec: uninstall: keepHistory: false dependsOn: - - name: immich-typesense - name: immich-redis + - name: immich-server + - name: immich-typesense values: - controller: - strategy: RollingUpdate - annotations: - configmap.reloader.stakater.com/reload: &configMap immich-configmap - secret.reloader.stakater.com/reload: &secret immich-secret - image: - repository: ghcr.io/immich-app/immich-server - tag: v1.83.0 - args: ["start-microservices.sh"] - envFrom: - - configMapRef: - name: *configMap - - secretRef: - name: *secret + defaultPodOptions: + enableServiceLinks: false + nodeSelector: + intel.feature.node.kubernetes.io/gpu: "true" + securityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app + controllers: + main: + strategy: RollingUpdate + annotations: + configmap.reloader.stakater.com/reload: &configMap immich-configmap + secret.reloader.stakater.com/reload: &secret immich-secret + containers: + main: + image: + repository: ghcr.io/immich-app/immich-server + tag: v1.83.0 + args: + - start-microservices.sh + envFrom: + - configMapRef: + name: *configMap + - secretRef: + name: *secret + resources: + requests: + gpu.intel.com/i915: 1 + cpu: 100m + memory: 1000Mi + limits: + gpu.intel.com/i915: 1 + memory: 6000Mi service: main: enabled: false - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: [44, 105] persistence: library: - enabled: true existingClaim: immich-nfs - mountPath: /usr/src/app/upload + globalMounts: + - path: /usr/src/app/upload geocoding-dump: - enabled: true type: emptyDir - mountPath: /usr/src/app/.reverse-geocoding-dump + globalMounts: + - path: /usr/src/app/.reverse-geocoding-dump geoname-dump: - enabled: true type: emptyDir - mountPath: /usr/src/app/node_modules/local-reverse-geocoder/geonames_dump + globalMounts: + - path: /usr/src/app/node_modules/local-reverse-geocoder/geonames_dump transformers-cache: - enabled: true type: emptyDir - mountPath: /usr/src/app/.transformers_cache - nodeSelector: - intel.feature.node.kubernetes.io/gpu: "true" - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - gpu.intel.com/i915: 1 - cpu: 100m - memory: 1000Mi - limits: - gpu.intel.com/i915: 1 - memory: 6000Mi + globalMounts: + - path: /usr/src/app/.transformers_cache diff --git a/kubernetes/apps/default/immich/app/proxy/helmrelease.yaml b/kubernetes/apps/default/immich/app/proxy/helmrelease.yaml deleted file mode 100644 index c62e8c741..000000000 --- a/kubernetes/apps/default/immich/app/proxy/helmrelease.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: immich-proxy -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.5.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - dependsOn: - - name: immich-server - values: - controller: - strategy: RollingUpdate - annotations: - configmap.reloader.stakater.com/reload: &configMap immich-configmap - image: - repository: ghcr.io/immich-app/immich-proxy - tag: v1.83.0 - service: - main: - ports: - http: - port: 8080 - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - external-dns.home.arpa/enabled: "true" - hajimari.io/appName: Immich - hajimari.io/icon: mdi:image-album - nginx.ingress.kubernetes.io/proxy-body-size: "0" - hosts: - - host: &host photos.${SECRET_CLUSTER_DOMAIN} - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - resources: - requests: - cpu: 100m - memory: 250Mi - envFrom: - - configMapRef: - name: *configMap diff --git a/kubernetes/apps/default/immich/app/proxy/kustomization.yaml b/kubernetes/apps/default/immich/app/proxy/kustomization.yaml deleted file mode 100644 index 09bc749a9..000000000 --- a/kubernetes/apps/default/immich/app/proxy/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/kubernetes/apps/default/immich/app/server/helmrelease.yaml b/kubernetes/apps/default/immich/app/server/helmrelease.yaml index 6ebfb1d0c..82b74d8a5 100644 --- a/kubernetes/apps/default/immich/app/server/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/server/helmrelease.yaml @@ -10,7 +10,8 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 + interval: 30m sourceRef: kind: HelmRepository name: bjw-s @@ -30,56 +31,63 @@ spec: - name: immich-typesense - name: immich-redis values: - initContainers: - 01-init-db: - image: ghcr.io/auricom/postgres-init:15.4 - imagePullPolicy: IfNotPresent - envFrom: &envFrom - - configMapRef: - name: &configMap immich-configmap - - secretRef: - name: &secret immich-secret - controller: - strategy: RollingUpdate - annotations: - configmap.reloader.stakater.com/reload: *configMap - secret.reloader.stakater.com/reload: *secret - image: - repository: ghcr.io/immich-app/immich-server - tag: v1.83.0 - args: ["start-server.sh"] - envFrom: *envFrom + defaultPodOptions: + enableServiceLinks: false + securityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app + controllers: + main: + strategy: RollingUpdate + annotations: + configmap.reloader.stakater.com/reload: &configMap immich-configmap + secret.reloader.stakater.com/reload: &secret immich-secret + initContainers: + init-db: + image: + repository: ghcr.io/auricom/postgres-init + tag: 15.4@sha256:83e1abf06be5741bdfb8cb53fc03a1ade6e6b5ec7b92a8aac0c69ba5dc7e51f0 + pullPolicy: IfNotPresent + envFrom: &envFrom + - configMapRef: + name: *configMap + - secretRef: + name: *secret + containers: + main: + image: + repository: ghcr.io/immich-app/immich-server + tag: v1.83.0 + args: ["start-server.sh"] + envFrom: *envFrom + resources: + requests: + cpu: 100m + memory: 250Mi service: main: ports: http: port: 3001 - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch persistence: library: - enabled: true existingClaim: immich-nfs - mountPath: /usr/src/app/upload + globalMounts: + - path: /usr/src/app/upload geocoding-dump: - enabled: true type: emptyDir - mountPath: /usr/src/app/.reverse-geocoding-dump + globalMounts: + - path: /usr/src/app/.reverse-geocoding-dump transformers-cache: - enabled: true type: emptyDir - mountPath: /usr/src/app/.transformers_cache - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - cpu: 100m - memory: 250Mi + globalMounts: + - path: /usr/src/app/.transformers_cache diff --git a/kubernetes/apps/default/immich/app/typesense/helmrelease.yaml b/kubernetes/apps/default/immich/app/typesense/helmrelease.yaml index b80763c15..ee6d4ec59 100644 --- a/kubernetes/apps/default/immich/app/typesense/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/typesense/helmrelease.yaml @@ -10,7 +10,8 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 + interval: 30m sourceRef: kind: HelmRepository name: bjw-s @@ -27,45 +28,62 @@ spec: uninstall: keepHistory: false values: - controller: - type: statefulset - annotations: - configmap.reloader.stakater.com/reload: &configMap immich-configmap - secret.reloader.stakater.com/reload: &secret immich-secret - image: - repository: docker.io/typesense/typesense - tag: 0.25.1 - envFrom: - - configMapRef: - name: *configMap - - secretRef: - name: *secret + defaultPodOptions: + enableServiceLinks: false + controllers: + main: + type: statefulset + strategy: RollingUpdate + annotations: + configmap.reloader.stakater.com/reload: &configMap immich-configmap + secret.reloader.stakater.com/reload: &secret immich-secret + containers: + main: + image: + repository: docker.io/typesense/typesense + tag: 0.25.1 + envFrom: + - configMapRef: + name: *configMap + - secretRef: + name: *secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /health + port: &port 8108 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: true + custom: true + spec: + httpGet: + path: /health + port: 8108 + failureThreshold: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 250Mi service: main: ports: http: - port: &port 8108 - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /health port: *port - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - startup: - enabled: false persistence: config: enabled: true + type: persistentVolumeClaim existingClaim: immich-config - mountPath: /config - resources: - requests: - cpu: 100m - memory: 250Mi + globalMounts: + - path: /config diff --git a/kubernetes/apps/default/immich/app/volumes.yaml b/kubernetes/apps/default/immich/app/volumes.yaml index 506ee7d87..5ada0e35b 100644 --- a/kubernetes/apps/default/immich/app/volumes.yaml +++ b/kubernetes/apps/default/immich/app/volumes.yaml @@ -36,7 +36,6 @@ metadata: labels: app.kubernetes.io/name: &name immich app.kubernetes.io/instance: *name - snapshot.home.arpa/enabled: "true" spec: accessModes: - ReadWriteOnce @@ -53,7 +52,6 @@ metadata: labels: app.kubernetes.io/name: &name immich app.kubernetes.io/instance: *name - snapshot.home.arpa/enabled: "true" spec: accessModes: - ReadWriteOnce diff --git a/kubernetes/apps/default/immich/app/web/helmrelease.yaml b/kubernetes/apps/default/immich/app/web/helmrelease.yaml index 063ad53ea..4835e5dbc 100644 --- a/kubernetes/apps/default/immich/app/web/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/web/helmrelease.yaml @@ -10,7 +10,8 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 + interval: 30m sourceRef: kind: HelmRepository name: bjw-s @@ -28,44 +29,76 @@ spec: keepHistory: false dependsOn: - name: immich-server - - name: immich-redis values: - controller: - strategy: RollingUpdate - annotations: - configmap.reloader.stakater.com/reload: &configMap immich-configmap - secret.reloader.stakater.com/reload: &secret immich-secret - image: - repository: ghcr.io/immich-app/immich-web - tag: v1.83.0 - envFrom: - - configMapRef: - name: *configMap - - secretRef: - name: *secret + defaultPodOptions: + securityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app + controllers: + main: + strategy: RollingUpdate + annotations: + configmap.reloader.stakater.com/reload: &configMap immich-configmap + secret.reloader.stakater.com/reload: &secret immich-secret + containers: + main: + image: + repository: ghcr.io/immich-app/immich-web + tag: v1.83.0 + envFrom: + - configMapRef: + name: *configMap + - secretRef: + name: *secret + resources: + requests: + cpu: 100m + memory: 250Mi service: main: ports: http: port: 3000 - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - persistence: - library: + ingress: + main: enabled: true - existingClaim: immich-nfs - mountPath: /usr/src/app/upload - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - cpu: 100m - memory: 250Mi + className: nginx + annotations: + external-dns.home.arpa/enabled: "true" + hajimari.io/appName: Immich + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite /api/(.*) /$1 break; + set $forwarded_client_ip ""; + if ($http_x_forwarded_for ~ "^([^,]+)") { + set $forwarded_client_ip $1; + } + set $client_ip $remote_addr; + if ($forwarded_client_ip != "") { + set $client_ip $forwarded_client_ip; + } + nignx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/upstream-hash-by: "$client_ip" + hosts: + - host: &host photos.${SECRET_CLUSTER_DOMAIN} + paths: + - path: / + service: + name: main + port: http + - path: /api + service: + name: immich-server + port: 3001 + tls: + - hosts: + - *host