diff --git a/haproxy/ingress.yaml b/haproxy/ingress.yaml index 590103b..88ed972 100644 --- a/haproxy/ingress.yaml +++ b/haproxy/ingress.yaml @@ -40,9 +40,20 @@ spec: name: keycloak-service port: number: 8080 + - host: "immich.reault.tech" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: immich-server + port: + number: 2283 tls: - secretName: reault-tech-cert # cert-manager will store the certificate and key in this secret hosts: - www.reault.tech - reault.tech - iam.reault.tech + - immich.reault.tech diff --git a/immich/immich-volume-claim.yaml b/immich/immich-volume-claim.yaml new file mode 100644 index 0000000..e18b781 --- /dev/null +++ b/immich/immich-volume-claim.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-persistent-volume-claim +spec: + storageClassName: csi-cinder-high-speed-gen2 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi \ No newline at end of file diff --git a/immich/postgres/db-backup-cron.yaml b/immich/postgres/db-backup-cron.yaml new file mode 100644 index 0000000..21ec355 --- /dev/null +++ b/immich/postgres/db-backup-cron.yaml @@ -0,0 +1,59 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: immich-postgres-backup +spec: + schedule: "0 0 * * *" + jobTemplate: + spec: + template: + spec: + initContainers: + - name: dump + image: postgres:14.12 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: data + mountPath: /backup + args: + - pg_dump + - "-Fc" + - "-f" + - "/backup/immich-postgres.pgdump" + - "-Z" + - "9" + - "-v" + - "-h" + - "immich-postgresdb" + - "-U" + - "immich" + - "-d" + - "immich" + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + # Retrieve postgres password from a secret + name: immich-postgresdb-creds + key: POSTGRES_PASSWORD + containers: + - name: save + image: amazon/aws-cli + volumeMounts: + - name: data + mountPath: /backup + args: + - s3 + - cp + - "/backup/immich-postgres.pgdump" + - "s3://media-object-storage/immich-postgres.pgdump" + - "--endpoint" + - "https://s3.gra.io.cloud.ovh.net" + envFrom: + - secretRef: + # Must contain AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION + name: media-object-storage-creds + restartPolicy: Never + volumes: + - name: data + emptyDir: {} \ No newline at end of file diff --git a/immich/postgres/db-deployment.yaml b/immich/postgres/db-deployment.yaml new file mode 100644 index 0000000..56c9e91 --- /dev/null +++ b/immich/postgres/db-deployment.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-postgresdb +spec: + replicas: 1 + selector: + matchLabels: + app: immich-postgresdb + template: + metadata: + labels: + app: immich-postgresdb + spec: + containers: + - name: immich-postgresdb + image: 'tensorchord/pgvecto-rs:pg14-v0.3.0' + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5432 + envFrom: + - secretRef: + # Must contain POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD + name: immich-postgresdb-creds + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: db-data + subPath: postgres + volumes: + - name: db-data + persistentVolumeClaim: + claimName: immich-db-persistent-volume-claim diff --git a/immich/postgres/db-service.yaml b/immich/postgres/db-service.yaml new file mode 100644 index 0000000..9a4e558 --- /dev/null +++ b/immich/postgres/db-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: immich-postgresdb + labels: + app: immich-postgresdb +spec: + type: NodePort + ports: + - port: 5432 + selector: + app: immich-postgresdb \ No newline at end of file diff --git a/immich/postgres/db-volume-claim.yaml b/immich/postgres/db-volume-claim.yaml new file mode 100644 index 0000000..9a4e76d --- /dev/null +++ b/immich/postgres/db-volume-claim.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-db-persistent-volume-claim +spec: + storageClassName: csi-cinder-high-speed-gen2 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi \ No newline at end of file diff --git a/immich/values.yaml b/immich/values.yaml new file mode 100644 index 0000000..e77c3db --- /dev/null +++ b/immich/values.yaml @@ -0,0 +1,120 @@ +## This chart relies on the common library chart from bjw-s +## You can find it at https://github.com/bjw-s-labs/helm-charts/tree/923ef40a39520979c98f354ea23963ee54f54433/charts/library/common +## Refer there for more detail about the supported values + +# These entries are shared between all the Immich components + +env: + - name: REDIS_HOSTNAME + value: "immich-redis-master" + - name: IMMICH_MACHINE_LEARNING_URL + value: "http://immich-machine-learning:3003" + - name: DB_HOSTNAME + value: "immich-postgresdb" + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + # Retrieve postgres password from a secret + name: immich-postgresdb-creds + key: POSTGRES_PASSWORD + - name: DB_USERNAME + valueFrom: + secretKeyRef: + # Retrieve postgres password from a secret + name: immich-postgresdb-creds + key: POSTGRES_USER + - name: DB_DATABASE_NAME + valueFrom: + secretKeyRef: + # Retrieve postgres password from a secret + name: immich-postgresdb-creds + key: POSTGRES_DB + +image: + tag: v1.133.1 + +immich: + metrics: + # Enabling this will create the service monitors needed to monitor immich with the prometheus operator + enabled: false + persistence: + # Main data store for all photos shared between different components. + library: + # Automatically creating the library volume is not supported by this chart + # You have to specify an existing PVC to use + existingClaim: immich-persistent-volume-claim + # configuration is immich-config.json converted to yaml + # ref: https://immich.app/docs/install/config-file/ + # + configuration: {} + # trash: + # enabled: false + # days: 30 + # storageTemplate: + # enabled: true + # template: "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}" + +# Dependencies + +# DEPRECATED +# The postgres subchart is deprecated and will be removed in chart version 0.10.0 +# See https://github.com/immich-app/immich-charts/issues/149 for more detail. +postgresql: + enabled: false + image: + repository: tensorchord/pgvecto-rs + tag: pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52 + global: + postgresql: + auth: + existingSecret: immich-postgresdb-creds + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + initdb: + scripts: + create-extensions.sql: | + CREATE EXTENSION cube; + CREATE EXTENSION earthdistance; + CREATE EXTENSION vectors; + +redis: + enabled: true + architecture: standalone + auth: + enabled: false + +# Immich components + +server: + enabled: true + image: + repository: ghcr.io/immich-app/immich-server + pullPolicy: IfNotPresent + ingress: + main: + enabled: false + annotations: + # proxy-body-size is set to 0 to remove the body limit on file uploads + nginx.ingress.kubernetes.io/proxy-body-size: "0" + hosts: + - host: immich.reault.tech + paths: + - path: "/" + tls: [] + +machine-learning: + enabled: true + image: + repository: ghcr.io/immich-app/immich-machine-learning + pullPolicy: IfNotPresent + env: + TRANSFORMERS_CACHE: /cache + persistence: + cache: + enabled: true + size: 10Gi + # Optional: Set this to pvc to avoid downloading the ML models every start. + type: emptyDir + accessMode: ReadWriteOnce + # storageClass: your-class \ No newline at end of file diff --git a/keycloak/postgres/db-backup-cron.yaml b/keycloak/postgres/db-backup-cron.yaml index 912fae7..1ed387c 100644 --- a/keycloak/postgres/db-backup-cron.yaml +++ b/keycloak/postgres/db-backup-cron.yaml @@ -10,7 +10,7 @@ spec: spec: initContainers: - name: dump - image: postgres:14 + image: postgres:14.12 imagePullPolicy: IfNotPresent volumeMounts: - name: data