adding himmich, working

haproxy/ingress.yaml

@@ -40,9 +40,20 @@ spec:
                 name: keycloak-service
                 port:
                   number: 8080
+    - host: "immich.reault.tech"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: immich-server
+                port:
+                  number: 2283
   tls:
     - secretName: reault-tech-cert # cert-manager will store the certificate and key in this secret
       hosts:
         - www.reault.tech
         - reault.tech
         - iam.reault.tech
+        - immich.reault.tech

immich/immich-volume-claim.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-persistent-volume-claim
+spec:
+  storageClassName: csi-cinder-high-speed-gen2
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi

immich/postgres/db-backup-cron.yaml

@@ -0,0 +1,59 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: immich-postgres-backup
+spec:
+  schedule: "0 0 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          initContainers:
+            - name: dump
+              image: postgres:14.12
+              imagePullPolicy: IfNotPresent
+              volumeMounts:
+                - name: data
+                  mountPath: /backup
+              args:
+                - pg_dump
+                - "-Fc"
+                - "-f"
+                - "/backup/immich-postgres.pgdump"
+                - "-Z"
+                - "9"
+                - "-v"
+                - "-h"
+                - "immich-postgresdb"
+                - "-U"
+                - "immich"
+                - "-d"
+                - "immich"
+              env:
+                - name: PGPASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      # Retrieve postgres password from a secret 
+                      name: immich-postgresdb-creds
+                      key: POSTGRES_PASSWORD
+          containers:
+            - name: save
+              image: amazon/aws-cli
+              volumeMounts:
+                - name: data
+                  mountPath: /backup
+              args:
+                - s3
+                - cp
+                - "/backup/immich-postgres.pgdump"
+                - "s3://media-object-storage/immich-postgres.pgdump"
+                - "--endpoint"
+                - "https://s3.gra.io.cloud.ovh.net"
+              envFrom:
+                - secretRef:
+                    # Must contain AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION
+                    name: media-object-storage-creds
+          restartPolicy: Never
+          volumes:
+            - name: data
+              emptyDir: {}

immich/postgres/db-deployment.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: immich-postgresdb
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: immich-postgresdb
+  template:
+    metadata:
+      labels:
+        app: immich-postgresdb
+    spec:
+      containers:
+        - name: immich-postgresdb
+          image: 'tensorchord/pgvecto-rs:pg14-v0.3.0'
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 5432
+          envFrom:
+            - secretRef:
+                # Must contain POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD
+                name: immich-postgresdb-creds
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: db-data
+              subPath: postgres
+      volumes:
+        - name: db-data
+          persistentVolumeClaim:
+            claimName: immich-db-persistent-volume-claim

immich/postgres/db-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-postgresdb
+  labels:
+    app: immich-postgresdb
+spec:
+  type: NodePort
+  ports:
+    - port: 5432
+  selector:
+    app: immich-postgresdb

immich/postgres/db-volume-claim.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-db-persistent-volume-claim
+spec:
+  storageClassName: csi-cinder-high-speed-gen2
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi

immich/values.yaml

@@ -0,0 +1,120 @@
+## This chart relies on the common library chart from bjw-s
+## You can find it at https://github.com/bjw-s-labs/helm-charts/tree/923ef40a39520979c98f354ea23963ee54f54433/charts/library/common
+## Refer there for more detail about the supported values
+
+# These entries are shared between all the Immich components
+
+env:
+  - name: REDIS_HOSTNAME
+    value: "immich-redis-master"
+  - name: IMMICH_MACHINE_LEARNING_URL
+    value: "http://immich-machine-learning:3003"
+  - name: DB_HOSTNAME
+    value: "immich-postgresdb"
+  - name: DB_PASSWORD
+    valueFrom:
+      secretKeyRef:
+      # Retrieve postgres password from a secret 
+        name: immich-postgresdb-creds
+        key: POSTGRES_PASSWORD
+  - name: DB_USERNAME
+    valueFrom:
+      secretKeyRef:
+      # Retrieve postgres password from a secret 
+        name: immich-postgresdb-creds
+        key: POSTGRES_USER
+  - name: DB_DATABASE_NAME
+    valueFrom:
+      secretKeyRef:
+      # Retrieve postgres password from a secret 
+        name: immich-postgresdb-creds
+        key: POSTGRES_DB
+
+image:
+  tag: v1.133.1
+
+immich:
+  metrics:
+    # Enabling this will create the service monitors needed to monitor immich with the prometheus operator
+    enabled: false
+  persistence:
+    # Main data store for all photos shared between different components.
+    library:
+      # Automatically creating the library volume is not supported by this chart
+      # You have to specify an existing PVC to use
+      existingClaim: immich-persistent-volume-claim
+  # configuration is immich-config.json converted to yaml
+  # ref: https://immich.app/docs/install/config-file/
+  #
+  configuration: {}
+    # trash:
+    #   enabled: false
+    #   days: 30
+    # storageTemplate:
+    #   enabled: true
+    #   template: "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}"
+
+# Dependencies
+
+# DEPRECATED
+# The postgres subchart is deprecated and will be removed in chart version 0.10.0
+# See https://github.com/immich-app/immich-charts/issues/149 for more detail.
+postgresql:
+  enabled: false
+  image:
+    repository: tensorchord/pgvecto-rs
+    tag: pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52
+  global:
+    postgresql:
+      auth:
+        existingSecret: immich-postgresdb-creds
+  primary:
+    containerSecurityContext:
+      readOnlyRootFilesystem: false
+    initdb:
+      scripts:
+        create-extensions.sql: |
+          CREATE EXTENSION cube;
+          CREATE EXTENSION earthdistance;
+          CREATE EXTENSION vectors;
+
+redis:
+  enabled: true
+  architecture: standalone
+  auth:
+    enabled: false
+
+# Immich components
+
+server:
+  enabled: true
+  image:
+    repository: ghcr.io/immich-app/immich-server
+    pullPolicy: IfNotPresent
+  ingress:
+    main:
+      enabled: false
+      annotations:
+        # proxy-body-size is set to 0 to remove the body limit on file uploads
+        nginx.ingress.kubernetes.io/proxy-body-size: "0"
+      hosts:
+        - host: immich.reault.tech
+          paths:
+            - path: "/"
+      tls: []
+
+machine-learning:
+  enabled: true
+  image:
+    repository: ghcr.io/immich-app/immich-machine-learning
+    pullPolicy: IfNotPresent
+  env:
+    TRANSFORMERS_CACHE: /cache
+  persistence:
+    cache:
+      enabled: true
+      size: 10Gi
+      # Optional: Set this to pvc to avoid downloading the ML models every start.
+      type: emptyDir
+      accessMode: ReadWriteOnce
+      # storageClass: your-class

keycloak/postgres/db-backup-cron.yaml

@@ -10,7 +10,7 @@ spec:
         spec:
           initContainers:
             - name: dump
-              image: postgres:14
+              image: postgres:14.12
               imagePullPolicy: IfNotPresent
               volumeMounts:
                 - name: data