diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index 297f99974..abd5e982a 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -40,6 +40,7 @@ resources: - ./outline/ks.yaml - ./paperless/ks.yaml - ./pgadmin/ks.yaml + - ./photoprism/ks.yaml - ./prowlarr/ks.yaml - ./pushover-notifier/ks.yaml - ./pyload/ks.yaml diff --git a/kubernetes/apps/default/photoprism/app/externalsecret.yaml b/kubernetes/apps/default/photoprism/app/externalsecret.yaml new file mode 100644 index 000000000..64cb96516 --- /dev/null +++ b/kubernetes/apps/default/photoprism/app/externalsecret.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: photoprism + namespace: default +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: photoprism-secret + template: + engineVersion: v2 + data: + # App + PHOTOPRISM_ADMIN_PASSWORD: "{{ .PHOTOPRISM_ADMIN_PASSWORD }}" + dataFrom: + - extract: + key: photoprism diff --git a/kubernetes/apps/default/photoprism/app/helmrelease.yaml b/kubernetes/apps/default/photoprism/app/helmrelease.yaml new file mode 100644 index 000000000..d86ad4df6 --- /dev/null +++ b/kubernetes/apps/default/photoprism/app/helmrelease.yaml @@ -0,0 +1,97 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: &app photoprism + namespace: default +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 2.5.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + dependsOn: + - name: redis + namespace: database + values: + controllers: + main: + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: docker.io/photoprism/photoprism + tag: latest@sha256:cbaf35b067efc179dee68ab703db8911c2ad306830831458abb369542ee4cf12 + env: + PHOTOPRISM_STORAGE_PATH: &storage /config + PHOTOPRISM_ORIGINALS_PATH: &originals /mnt/storage/photo/Gallery + PHOTOPRISM_DEBUG: "false" + PHOTOPRISM_PUBLIC: "true" + PHOTOPRISM_SITE_URL: "https://photos.${SECRET_CLUSTER_DOMAIN}/" + PHOTOPRISM_ORIGINALS_LIMIT: 4000 # in MB (default 1000) + envFrom: + - secretRef: + name: photoprism-secret + resources: + requests: + cpu: 100m + memory: 256Mi + service: + main: + ports: + http: + port: 2342 + ingress: + main: + enabled: true + className: "nginx" + annotations: + external-dns.alpha.kubernetes.io/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + nginx.ingress.kubernetes.io/proxy-body-size: 4G + hajimari.io/icon: arcticons:photoprism + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + service: + name: main + port: http + tls: + - hosts: + - *host + persistence: + config: + enabled: true + existingClaim: *app + globalMounts: + - path: *storage + originals: + type: nfs + server: "192.168.9.10" + path: *originals + globalMounts: + - path: *originals diff --git a/kubernetes/apps/default/photoprism/app/kustomization.yaml b/kubernetes/apps/default/photoprism/app/kustomization.yaml new file mode 100644 index 000000000..72f9ab807 --- /dev/null +++ b/kubernetes/apps/default/photoprism/app/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml + - ../../../../templates/gatus/external + - ../../../../templates/volsync diff --git a/kubernetes/apps/default/photoprism/ks.yaml b/kubernetes/apps/default/photoprism/ks.yaml new file mode 100644 index 000000000..d740eaca7 --- /dev/null +++ b/kubernetes/apps/default/photoprism/ks.yaml @@ -0,0 +1,27 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app photoprism + namespace: flux-system +spec: + targetNamespace: default + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/default/photoprism/app + prune: true + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + dependsOn: + - name: external-secrets-stores + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 80Gi