shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-12-22 15:36:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

⬆️ immich app-template v2

Browse Source
This commit is contained in:
auricom
2023-11-01 14:36:08 +01:00
parent d081f8a018
commit c3d02f144a
9 changed files with 272 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
kubernetes/apps/default/immich/app/kustomization.yaml
View File

@@ -8,7 +8,6 @@ resources:
- ./externalsecret.yaml - ./externalsecret.yaml
- ./gatus.yaml - ./gatus.yaml
- ./microservices - ./microservices
- ./proxy
- ./machine-learning - ./machine-learning
- ./server - ./server
- ./typesense - ./typesense

97
kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml
View File

@@ -10,74 +10,73 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 1.5.1 version: 2.0.3
interval: 30m
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjw-s name: bjw-s
namespace: flux-system namespace: flux-system
maxHistory: 2
install:
createNamespace: true
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
dependsOn: dependsOn:
- name: immich-server - name: immich-server
- name: immich-redis - name: immich-redis
values: values:
controller: controllers:
strategy: Recreate main:
annotations: strategy: RollingUpdate
configmap.reloader.stakater.com/reload: &configMap immich-configmap annotations:
secret.reloader.stakater.com/reload: &secret immich-secret configmap.reloader.stakater.com/reload: &configMap immich-configmap
image: secret.reloader.stakater.com/reload: &secret immich-secret
repository: ghcr.io/immich-app/immich-machine-learning containers:
tag: v1.83.0 main:
envFrom: image:
- configMapRef: repository: ghcr.io/immich-app/immich-machine-learning
name: *configMap tag: v1.83.0
- secretRef: envFrom:
name: *secret - configMapRef:
name: *configMap
- secretRef:
name: *secret
resources:
requests:
cpu: 100m
memory: 274M
limits:
memory: 3949M
pod:
enableServiceLinks: false
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
service: service:
main: main:
ports: ports:
http: http:
port: 3003 port: 3003
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
persistence: persistence:
library: library:
enabled: true type: persistentVolumeClaim
existingClaim: immich-nfs existingClaim: immich-nfs
mountPath: /usr/src/app/upload globalMounts:
- path: /usr/src/app/upload
cache: cache:
enabled: true type: persistentVolumeClaim
existingClaim: immich-machine-learning-cache existingClaim: immich-machine-learning-cache
mountPath: /cache globalMounts:
- path: /cache
geocoding-dump: geocoding-dump:
enabled: true
type: emptyDir type: emptyDir
mountPath: /usr/src/app/.reverse-geocoding-dump globalMounts:
- path: /usr/src/app/.reverse-geocoding-dump
transformers-cache: transformers-cache:
enabled: true
type: emptyDir type: emptyDir
mountPath: /usr/src/app/.transformers_cache globalMounts:
topologySpreadConstraints: - path: /usr/src/app/.transformers_cache
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
resources:
requests:
cpu: 100m
memory: 250Mi

101
kubernetes/apps/default/immich/app/microservices/helmrelease.yaml
View File

@@ -10,7 +10,8 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 1.5.1 version: 2.0.3
interval: 30m
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjw-s name: bjw-s
@@ -27,63 +28,69 @@ spec:
uninstall: uninstall:
keepHistory: false keepHistory: false
dependsOn: dependsOn:
- name: immich-typesense
- name: immich-redis - name: immich-redis
- name: immich-server
- name: immich-typesense
values: values:
controller: defaultPodOptions:
strategy: RollingUpdate enableServiceLinks: false
annotations: nodeSelector:
configmap.reloader.stakater.com/reload: &configMap immich-configmap intel.feature.node.kubernetes.io/gpu: "true"
secret.reloader.stakater.com/reload: &secret immich-secret securityContext:
image: runAsUser: 568
repository: ghcr.io/immich-app/immich-server runAsGroup: 568
tag: v1.83.0 fsGroup: 568
args: ["start-microservices.sh"] fsGroupChangePolicy: OnRootMismatch
envFrom: topologySpreadConstraints:
- configMapRef: - maxSkew: 1
name: *configMap topologyKey: kubernetes.io/hostname
- secretRef: whenUnsatisfiable: DoNotSchedule
name: *secret labelSelector:
matchLabels:
app.kubernetes.io/name: *app
controllers:
main:
strategy: RollingUpdate
annotations:
configmap.reloader.stakater.com/reload: &configMap immich-configmap
secret.reloader.stakater.com/reload: &secret immich-secret
containers:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.83.0
args:
- start-microservices.sh
envFrom:
- configMapRef:
name: *configMap
- secretRef:
name: *secret
resources:
requests:
gpu.intel.com/i915: 1
cpu: 100m
memory: 1000Mi
limits:
gpu.intel.com/i915: 1
memory: 6000Mi
service: service:
main: main:
enabled: false enabled: false
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: [44, 105]
persistence: persistence:
library: library:
enabled: true
existingClaim: immich-nfs existingClaim: immich-nfs
mountPath: /usr/src/app/upload globalMounts:
- path: /usr/src/app/upload
geocoding-dump: geocoding-dump:
enabled: true
type: emptyDir type: emptyDir
mountPath: /usr/src/app/.reverse-geocoding-dump globalMounts:
- path: /usr/src/app/.reverse-geocoding-dump
geoname-dump: geoname-dump:
enabled: true
type: emptyDir type: emptyDir
mountPath: /usr/src/app/node_modules/local-reverse-geocoder/geonames_dump globalMounts:
- path: /usr/src/app/node_modules/local-reverse-geocoder/geonames_dump
transformers-cache: transformers-cache:
enabled: true
type: emptyDir type: emptyDir
mountPath: /usr/src/app/.transformers_cache globalMounts:
nodeSelector: - path: /usr/src/app/.transformers_cache
intel.feature.node.kubernetes.io/gpu: "true"
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
resources:
requests:
gpu.intel.com/i915: 1
cpu: 100m
memory: 1000Mi
limits:
gpu.intel.com/i915: 1
memory: 6000Mi

63
kubernetes/apps/default/immich/app/proxy/helmrelease.yaml
View File

@@ -1,63 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: immich-proxy
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
interval: 15m
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
dependsOn:
- name: immich-server
values:
controller:
strategy: RollingUpdate
annotations:
configmap.reloader.stakater.com/reload: &configMap immich-configmap
image:
repository: ghcr.io/immich-app/immich-proxy
tag: v1.83.0
service:
main:
ports:
http:
port: 8080
ingress:
main:
enabled: true
ingressClassName: nginx
annotations:
external-dns.home.arpa/enabled: "true"
hajimari.io/appName: Immich
hajimari.io/icon: mdi:image-album
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hosts:
- host: &host photos.${SECRET_CLUSTER_DOMAIN}
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
resources:
requests:
cpu: 100m
memory: 250Mi
envFrom:
- configMapRef:
name: *configMap

6
kubernetes/apps/default/immich/app/proxy/kustomization.yaml
View File

@@ -1,6 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml

92
kubernetes/apps/default/immich/app/server/helmrelease.yaml
View File

@@ -10,7 +10,8 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 1.5.1 version: 2.0.3
interval: 30m
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjw-s name: bjw-s
@@ -30,56 +31,63 @@ spec:
- name: immich-typesense - name: immich-typesense
- name: immich-redis - name: immich-redis
values: values:
initContainers: defaultPodOptions:
01-init-db: enableServiceLinks: false
image: ghcr.io/auricom/postgres-init:15.4 securityContext:
imagePullPolicy: IfNotPresent runAsUser: 568
envFrom: &envFrom runAsGroup: 568
- configMapRef: fsGroup: 568
name: &configMap immich-configmap fsGroupChangePolicy: OnRootMismatch
- secretRef: topologySpreadConstraints:
name: &secret immich-secret - maxSkew: 1
controller: topologyKey: kubernetes.io/hostname
strategy: RollingUpdate whenUnsatisfiable: DoNotSchedule
annotations: labelSelector:
configmap.reloader.stakater.com/reload: *configMap matchLabels:
secret.reloader.stakater.com/reload: *secret app.kubernetes.io/name: *app
image: controllers:
repository: ghcr.io/immich-app/immich-server main:
tag: v1.83.0 strategy: RollingUpdate
args: ["start-server.sh"] annotations:
envFrom: *envFrom configmap.reloader.stakater.com/reload: &configMap immich-configmap
secret.reloader.stakater.com/reload: &secret immich-secret
initContainers:
init-db:
image:
repository: ghcr.io/auricom/postgres-init
tag: 15.4@sha256:83e1abf06be5741bdfb8cb53fc03a1ade6e6b5ec7b92a8aac0c69ba5dc7e51f0
pullPolicy: IfNotPresent
envFrom: &envFrom
- configMapRef:
name: *configMap
- secretRef:
name: *secret
containers:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.83.0
args: ["start-server.sh"]
envFrom: *envFrom
resources:
requests:
cpu: 100m
memory: 250Mi
service: service:
main: main:
ports: ports:
http: http:
port: 3001 port: 3001
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
persistence: persistence:
library: library:
enabled: true
existingClaim: immich-nfs existingClaim: immich-nfs
mountPath: /usr/src/app/upload globalMounts:
- path: /usr/src/app/upload
geocoding-dump: geocoding-dump:
enabled: true
type: emptyDir type: emptyDir
mountPath: /usr/src/app/.reverse-geocoding-dump globalMounts:
- path: /usr/src/app/.reverse-geocoding-dump
transformers-cache: transformers-cache:
enabled: true
type: emptyDir type: emptyDir
mountPath: /usr/src/app/.transformers_cache globalMounts:
topologySpreadConstraints: - path: /usr/src/app/.transformers_cache
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
resources:
requests:
cpu: 100m
memory: 250Mi

86
kubernetes/apps/default/immich/app/typesense/helmrelease.yaml
View File

@@ -10,7 +10,8 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 1.5.1 version: 2.0.3
interval: 30m
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjw-s name: bjw-s
@@ -27,45 +28,62 @@ spec:
uninstall: uninstall:
keepHistory: false keepHistory: false
values: values:
controller: defaultPodOptions:
type: statefulset enableServiceLinks: false
annotations: controllers:
configmap.reloader.stakater.com/reload: &configMap immich-configmap main:
secret.reloader.stakater.com/reload: &secret immich-secret type: statefulset
image: strategy: RollingUpdate
repository: docker.io/typesense/typesense annotations:
tag: 0.25.1 configmap.reloader.stakater.com/reload: &configMap immich-configmap
envFrom: secret.reloader.stakater.com/reload: &secret immich-secret
- configMapRef: containers:
name: *configMap main:
- secretRef: image:
name: *secret repository: docker.io/typesense/typesense
tag: 0.25.1
envFrom:
- configMapRef:
name: *configMap
- secretRef:
name: *secret
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /health
port: &port 8108
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: true
custom: true
spec:
httpGet:
path: /health
port: 8108
failureThreshold: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 250Mi
service: service:
main: main:
ports: ports:
http: http:
port: &port 8108
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /health
port: *port port: *port
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: false
persistence: persistence:
config: config:
enabled: true enabled: true
type: persistentVolumeClaim
existingClaim: immich-config existingClaim: immich-config
mountPath: /config globalMounts:
resources: - path: /config
requests:
cpu: 100m
memory: 250Mi

2
kubernetes/apps/default/immich/app/volumes.yaml
View File

@@ -36,7 +36,6 @@ metadata:
labels: labels:
app.kubernetes.io/name: &name immich app.kubernetes.io/name: &name immich
app.kubernetes.io/instance: *name app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
@@ -53,7 +52,6 @@ metadata:
labels: labels:
app.kubernetes.io/name: &name immich app.kubernetes.io/name: &name immich
app.kubernetes.io/instance: *name app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce

103
kubernetes/apps/default/immich/app/web/helmrelease.yaml
View File

@@ -10,7 +10,8 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 1.5.1 version: 2.0.3
interval: 30m
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjw-s name: bjw-s
@@ -28,44 +29,76 @@ spec:
keepHistory: false keepHistory: false
dependsOn: dependsOn:
- name: immich-server - name: immich-server
- name: immich-redis
values: values:
controller: defaultPodOptions:
strategy: RollingUpdate securityContext:
annotations: runAsUser: 568
configmap.reloader.stakater.com/reload: &configMap immich-configmap runAsGroup: 568
secret.reloader.stakater.com/reload: &secret immich-secret fsGroup: 568
image: fsGroupChangePolicy: OnRootMismatch
repository: ghcr.io/immich-app/immich-web topologySpreadConstraints:
tag: v1.83.0 - maxSkew: 1
envFrom: topologyKey: kubernetes.io/hostname
- configMapRef: whenUnsatisfiable: DoNotSchedule
name: *configMap labelSelector:
- secretRef: matchLabels:
name: *secret app.kubernetes.io/name: *app
controllers:
main:
strategy: RollingUpdate
annotations:
configmap.reloader.stakater.com/reload: &configMap immich-configmap
secret.reloader.stakater.com/reload: &secret immich-secret
containers:
main:
image:
repository: ghcr.io/immich-app/immich-web
tag: v1.83.0
envFrom:
- configMapRef:
name: *configMap
- secretRef:
name: *secret
resources:
requests:
cpu: 100m
memory: 250Mi
service: service:
main: main:
ports: ports:
http: http:
port: 3000 port: 3000
podSecurityContext: ingress:
runAsUser: 568 main:
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
persistence:
library:
enabled: true enabled: true
existingClaim: immich-nfs className: nginx
mountPath: /usr/src/app/upload annotations:
topologySpreadConstraints: external-dns.home.arpa/enabled: "true"
- maxSkew: 1 hajimari.io/appName: Immich
topologyKey: kubernetes.io/hostname nginx.ingress.kubernetes.io/configuration-snippet: |
whenUnsatisfiable: DoNotSchedule rewrite /api/(.*) /$1 break;
labelSelector: set $forwarded_client_ip "";
matchLabels: if ($http_x_forwarded_for ~ "^([^,]+)") {
app.kubernetes.io/name: *app set $forwarded_client_ip $1;
resources: }
requests: set $client_ip $remote_addr;
cpu: 100m if ($forwarded_client_ip != "") {
memory: 250Mi set $client_ip $forwarded_client_ip;
}
nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/upstream-hash-by: "$client_ip"
hosts:
- host: &host photos.${SECRET_CLUSTER_DOMAIN}
paths:
- path: /
service:
name: main
port: http
- path: /api
service:
name: immich-server
port: 3001
tls:
- hosts:
- *host