photoprism

2025-09-17 18:24:14 +02:00 · 2024-02-16 01:28:42 +01:00
parent 7f3173b187
commit df3b2924a4
5 changed files with 156 additions and 0 deletions
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@@ -40,6 +40,7 @@ resources:
  - ./outline/ks.yaml
  - ./paperless/ks.yaml
  - ./pgadmin/ks.yaml
+  - ./photoprism/ks.yaml
  - ./prowlarr/ks.yaml
  - ./pushover-notifier/ks.yaml
  - ./pyload/ks.yaml
--- a/kubernetes/apps/default/photoprism/app/externalsecret.yaml
+++ b/kubernetes/apps/default/photoprism/app/externalsecret.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: photoprism
+  namespace: default
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: photoprism-secret
+    template:
+      engineVersion: v2
+      data:
+        # App
+        PHOTOPRISM_ADMIN_PASSWORD: "{{ .PHOTOPRISM_ADMIN_PASSWORD }}"
+  dataFrom:
+    - extract:
+        key: photoprism
--- a/kubernetes/apps/default/photoprism/app/helmrelease.yaml
+++ b/kubernetes/apps/default/photoprism/app/helmrelease.yaml
@@ -0,0 +1,97 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: &app photoprism
+  namespace: default
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 2.5.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  dependsOn:
+    - name: redis
+      namespace: database
+  values:
+    controllers:
+      main:
+        strategy: RollingUpdate
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          main:
+            image:
+              repository: docker.io/photoprism/photoprism
+              tag: latest@sha256:cbaf35b067efc179dee68ab703db8911c2ad306830831458abb369542ee4cf12
+            env:
+              PHOTOPRISM_STORAGE_PATH: &storage /config
+              PHOTOPRISM_ORIGINALS_PATH: &originals /mnt/storage/photo/Gallery
+              PHOTOPRISM_DEBUG: "false"
+              PHOTOPRISM_PUBLIC: "true"
+              PHOTOPRISM_SITE_URL: "https://photos.${SECRET_CLUSTER_DOMAIN}/"
+              PHOTOPRISM_ORIGINALS_LIMIT: 4000 # in MB (default 1000)
+            envFrom:
+              - secretRef:
+                  name: photoprism-secret
+            resources:
+              requests:
+                cpu: 100m
+                memory: 256Mi
+    service:
+      main:
+        ports:
+          http:
+            port: 2342
+    ingress:
+      main:
+        enabled: true
+        className: "nginx"
+        annotations:
+          external-dns.alpha.kubernetes.io/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
+          nginx.ingress.kubernetes.io/proxy-body-size: 4G
+          hajimari.io/icon: arcticons:photoprism
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  name: main
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        enabled: true
+        existingClaim: *app
+        globalMounts:
+          - path: *storage
+      originals:
+        type: nfs
+        server: "192.168.9.10"
+        path: *originals
+        globalMounts:
+          - path: *originals
--- a/kubernetes/apps/default/photoprism/app/kustomization.yaml
+++ b/kubernetes/apps/default/photoprism/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
+  - ../../../../templates/gatus/external
+  - ../../../../templates/volsync
--- a/kubernetes/apps/default/photoprism/ks.yaml
+++ b/kubernetes/apps/default/photoprism/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app photoprism
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/default/photoprism/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  dependsOn:
+    - name: external-secrets-stores
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 80Gi