diff --git a/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml b/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml index 2643090e7..e655be675 100644 --- a/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml +++ b/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml @@ -5,7 +5,7 @@ metadata: name: postgres16 spec: instances: 3 - imageName: ghcr.io/bo0tzz/cnpgvecto.rs:16.1 + imageName: ghcr.io/bo0tzz/cnpgvecto.rs:16.1-v0.1.11 primaryUpdateStrategy: unsupervised storage: size: 50Gi @@ -19,6 +19,7 @@ spec: limits: memory: 4Gi postgresql: + shared_preload_libraries: ["vectors.so"] parameters: max_connections: "600" max_slot_wal_keep_size: 10GB diff --git a/kubernetes/apps/database/redis/app/configmap.yaml b/kubernetes/apps/database/redis/app/configmap.yaml new file mode 100644 index 000000000..def5e25af --- /dev/null +++ b/kubernetes/apps/database/redis/app/configmap.yaml @@ -0,0 +1,37 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.1-standalone-strict/configmap-v1.json +apiVersion: v1 +kind: ConfigMap +metadata: + name: redis-healthcheck + labels: + app.kubernetes.io/name: redis +data: + ping_readiness.sh: |- + #!/bin/sh + export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness.sh: |- + #!/bin/sh + export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then + echo "$response" + exit 1 + fi diff --git a/kubernetes/apps/database/redis/app/externalsecret.yaml b/kubernetes/apps/database/redis/app/externalsecret.yaml new file mode 100644 index 000000000..ac01543c3 --- /dev/null +++ b/kubernetes/apps/database/redis/app/externalsecret.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: redis +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: redis-secret + template: + engineVersion: v2 + data: + REDIS_PASSWORD: "{{ .REDIS_PASSWORD }}" + dataFrom: + - extract: + key: redis diff --git a/kubernetes/apps/database/redis/app/helmrelease.yaml b/kubernetes/apps/database/redis/app/helmrelease.yaml index 583a5f64e..f4d0d45ec 100644 --- a/kubernetes/apps/database/redis/app/helmrelease.yaml +++ b/kubernetes/apps/database/redis/app/helmrelease.yaml @@ -1,49 +1,99 @@ --- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: redis spec: - interval: 30m - timeout: 15m + interval: 15m chart: spec: - chart: redis - version: 18.6.3 + chart: app-template + version: 2.5.0 sourceRef: kind: HelmRepository - name: bitnami + name: bjw-s namespace: flux-system + interval: 15m install: + createNamespace: true remediation: - retries: 3 + retries: 5 upgrade: - cleanupOnFail: true remediation: - retries: 3 - uninstall: - keepHistory: false + retries: 5 values: - auth: - enabled: false - sentinel: false - master: - persistence: - enabled: false - replica: - persistence: - enabled: false - sentinel: - enabled: true - masterSet: redis-master - getMasterTimeout: 10 - startupProbe: - failureThreshold: 2 - persistence: - enabled: false - metrics: - enabled: true - serviceMonitor: + controllers: + main: + type: statefulset + containers: + main: + image: + repository: redis + tag: 7.2.4-alpine + command: + - sh + args: + - -c + - >- + redis-server --requirepass $REDIS_PASSWORD + probes: + liveness: + enabled: true + custom: true + spec: + exec: + command: + - sh + - -c + - /health/ping_liveness.sh 5 + initialDelaySeconds: 5 + timeoutSeconds: 6 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readiness: + enabled: true + custom: true + spec: + exec: + command: + - sh + - -c + - /health/ping_readiness.sh 1 + initialDelaySeconds: 5 + timeoutSeconds: 2 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + resources: + requests: + cpu: 34m + memory: 204Mi + limits: + memory: 241Mi + env: + REDIS_PORT: "6379" + REDIS_PASSWORD: + valueFrom: + secretKeyRef: + name: redis-secret + key: REDIS_PASSWORD + service: + main: + ports: + http: + port: 6379 + persistence: + data: enabled: true - interval: 1m + existingClaim: redis + globalMounts: + - path: /data + healthcheck: + enabled: true + type: configMap + name: redis-healthcheck + defaultMode: 0755 + globalMounts: + - path: /health diff --git a/kubernetes/apps/database/redis/app/kustomization.yaml b/kubernetes/apps/database/redis/app/kustomization.yaml index 17cbc72b2..8a6bd50ca 100644 --- a/kubernetes/apps/database/redis/app/kustomization.yaml +++ b/kubernetes/apps/database/redis/app/kustomization.yaml @@ -3,4 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ./configmap.yaml + - ./externalsecret.yaml - ./helmrelease.yaml + - ../../../../templates/volsync diff --git a/kubernetes/apps/database/redis/ks.yaml b/kubernetes/apps/database/redis/ks.yaml index 18d7256c6..7f21d5606 100644 --- a/kubernetes/apps/database/redis/ks.yaml +++ b/kubernetes/apps/database/redis/ks.yaml @@ -19,3 +19,7 @@ spec: interval: 30m retryInterval: 1m timeout: 15m + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 2Gi diff --git a/kubernetes/apps/default/immich/app/externalsecret.yaml b/kubernetes/apps/default/immich/app/externalsecret.yaml index d16755bed..48ffdd642 100644 --- a/kubernetes/apps/default/immich/app/externalsecret.yaml +++ b/kubernetes/apps/default/immich/app/externalsecret.yaml @@ -21,6 +21,7 @@ spec: DB_PASSWORD: &dbPass "{{ .POSTGRES_PASS }}" DB_PORT: "5432" JWT_SECRET: "{{ .IMMICH_JWT_SECRET }}" + REDIS_PASSWORD: "{{ .REDIS_PASSWORD }}" TYPESENSE_API_KEY: "{{ .IMMICH_TYPESENSE_API_KEY }}" # Postgres Init INIT_POSTGRES_DBNAME: *dbName @@ -33,3 +34,5 @@ spec: key: cloudnative-pg - extract: key: immich + - extract: + key: redis diff --git a/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml b/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml index 055f072e3..087b173d3 100644 --- a/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml @@ -19,6 +19,7 @@ spec: dependsOn: - name: immich-server - name: redis + namespace: database values: controllers: main: diff --git a/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml b/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml index 58dc5ace8..d765ca329 100644 --- a/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml @@ -30,6 +30,7 @@ spec: dependsOn: - name: immich-server - name: redis + namespace: database values: defaultPodOptions: enableServiceLinks: false diff --git a/kubernetes/apps/default/immich/app/server/helmrelease.yaml b/kubernetes/apps/default/immich/app/server/helmrelease.yaml index 7b528a66f..81c5f1844 100644 --- a/kubernetes/apps/default/immich/app/server/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/server/helmrelease.yaml @@ -29,6 +29,7 @@ spec: keepHistory: false dependsOn: - name: redis + namespace: database values: defaultPodOptions: enableServiceLinks: false