diff --git a/immich/immich-config.yaml b/immich/immich-config.yaml new file mode 100644 index 0000000..d6be39d --- /dev/null +++ b/immich/immich-config.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: immich-config +data: + immich-config.yaml: | + trash: + enabled: true + days: 30 \ No newline at end of file diff --git a/immich/immich-ingress.yaml b/immich/immich-ingress.yaml new file mode 100644 index 0000000..7953fae --- /dev/null +++ b/immich/immich-ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: immich + labels: + name: immich +spec: + rules: + - host: immich.dubyatp.xyz + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: immich + port: + number: 2283 + tls: + - secretName: cert-dubyatp-xyz + hosts: + - immich.dubyatp.xyz diff --git a/immich/immich-library-pvc.yaml b/immich/immich-library-pvc.yaml new file mode 100644 index 0000000..c272e09 --- /dev/null +++ b/immich/immich-library-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-library +spec: + resources: + requests: + storage: 50Gi + volumeMode: Filesystem + accessModes: + - ReadWriteMany diff --git a/immich/immich-ml-deployment.yaml b/immich/immich-ml-deployment.yaml new file mode 100644 index 0000000..eda3144 --- /dev/null +++ b/immich/immich-ml-deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-ml +spec: + selector: + matchLabels: + app: immich-ml + template: + metadata: + labels: + app: immich-ml + spec: + containers: + - name: immich-ml + image: ghcr.io/immich-app/immich-machine-learning:v1.132.3 + volumeMounts: + - name: model-cache + mountPath: /cache + - name: config + mountPath: /config/immich-config.yaml + env: + - name: DB_HOSTNAME + value: "weyma-pgsql-rw.cloudnativepg.svc.cluster.local" + - name: DB_DATABASE_NAME + value: "immich" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgres-credentials + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgres-credentials + - name: REDIS_HOSTNAME + value: redis + - name: REDIS_PORT + value: "6379" + - name: IMMICH_PORT + value: "3003" + livenessProbe: + httpGet: + path: /ping + port: 3003 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /ping + port: 3003 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + startupProbe: + httpGet: + path: /ping + port: 3003 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 30 + resources: + limits: + memory: "8Gi" + cpu: "2" + requests: + memory: "2Gi" + cpu: "500m" + volumes: + - name: model-cache + emptyDir: + sizeLimit: 10Gi + - name: config + configMap: + name: immich-config \ No newline at end of file diff --git a/immich/immich-postgres-credentials.yaml b/immich/immich-postgres-credentials.yaml new file mode 100644 index 0000000..1f59a1b --- /dev/null +++ b/immich/immich-postgres-credentials.yaml @@ -0,0 +1,25 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: postgres-credentials +spec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: cloudnativepg + metadataPolicy: None + property: immich_pw + secretKey: password + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: weyma-vault + target: + template: + data: + username: immich + password: "{{ .password }}" + creationPolicy: Owner + deletionPolicy: Retain + name: postgres-credentials \ No newline at end of file diff --git a/immich/immich-server_deployment.yaml b/immich/immich-server_deployment.yaml new file mode 100644 index 0000000..a5c54aa --- /dev/null +++ b/immich/immich-server_deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-server +spec: + selector: + matchLabels: + app: immich-server + template: + metadata: + labels: + app: immich-server + spec: + containers: + - name: immich-server + image: ghcr.io/immich-app/immich-server:v1.132.3 + volumeMounts: + - name: library + mountPath: /usr/src/app/upload + - name: config + mountPath: /config/immich-config.yaml + env: + - name: DB_HOSTNAME + value: "weyma-pgsql-rw.cloudnativepg.svc.cluster.local" + - name: DB_DATABASE_NAME + value: "immich" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgres-credentials + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgres-credentials + - name: REDIS_HOSTNAME + value: redis + - name: REDIS_PORT + value: "6379" + - name: IMMICH_PORT + value: "2283" + livenessProbe: + httpGet: + path: /api/server/ping + port: 2283 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /api/server/ping + port: 2283 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + startupProbe: + httpGet: + path: /api/server/ping + port: 2283 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 30 + resources: + limits: + memory: "8Gi" + cpu: "2" + requests: + memory: "2Gi" + cpu: "500m" + volumes: + - name: library + persistentVolumeClaim: + claimName: immich-library + - name: config + configMap: + name: immich-config \ No newline at end of file diff --git a/immich/immich-svc.yaml b/immich/immich-svc.yaml new file mode 100644 index 0000000..5a2014f --- /dev/null +++ b/immich/immich-svc.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: immich +spec: + selector: + app: immich-server + ports: + - port: 2283 + targetPort: 2283 + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-ml +spec: + selector: + app: immich-ml + ports: + - port: 3003 + targetPort: 3003 + name: http \ No newline at end of file diff --git a/immich/redis/redis-statefulset.yaml b/immich/redis/redis-statefulset.yaml new file mode 100644 index 0000000..1c02f9d --- /dev/null +++ b/immich/redis/redis-statefulset.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: redis +spec: + selector: + matchLabels: + app: redis + serviceName: redis + replicas: 1 + template: + metadata: + labels: + app: redis + spec: + containers: + - name: redis + image: redis:latest + command: ["redis-server"] + args: + - "--port" + - "6379" + - "--dir" + - "/data" + - "--appendonly" + - "yes" + volumeMounts: + - name: data + mountPath: /data + volumeClaimTemplates: + - spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: rook-ceph-block + resources: + requests: + storage: 10Gi + metadata: + name: data diff --git a/immich/redis/redis-svc.yaml b/immich/redis/redis-svc.yaml new file mode 100644 index 0000000..1cf99e6 --- /dev/null +++ b/immich/redis/redis-svc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + selector: + app: redis + ports: + - port: 6379 + targetPort: 6379 \ No newline at end of file