diff --git a/k8s/apps/immich/app.yaml b/k8s/apps/immich/app.yaml new file mode 100644 index 0000000..efc3c29 --- /dev/null +++ b/k8s/apps/immich/app.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: khm + namespace: argocd +spec: + project: apps + destination: + namespace: khm + server: https://kubernetes.default.svc + source: + repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git + targetRevision: HEAD + path: k8s/apps/khm + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + diff --git a/k8s/apps/immich/deployments.yaml b/k8s/apps/immich/deployments.yaml new file mode 100644 index 0000000..f1fc55d --- /dev/null +++ b/k8s/apps/immich/deployments.yaml @@ -0,0 +1,169 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-server + namespace: immich +spec: + replicas: 1 + selector: + matchLabels: + app: immich-server + template: + metadata: + labels: + app: immich-server + spec: + containers: + - name: immich-server + image: ghcr.io/immich-app/immich-server:release + ports: + - containerPort: 2283 + env: + - name: UPLOAD_LOCATION + value: /usr/src/app/upload + - name: DB_PASSWORD + value: postgres + - name: DB_USERNAME + value: postgres + - name: DB_DATABASE_NAME + value: immich + - name: REDIS_HOST + value: redis + - name: REDIS_PORT + value: "6379" + - name: TZ + value: Asia/Nicosia + volumeMounts: + - mountPath: /usr/src/app/upload + name: upload-storage + - mountPath: /GPHOTO + name: gphoto-storage + - mountPath: /etc/localtime + name: localtime + readOnly: true + nodeSelector: + kubernetes.io/hostname: nas.tail2fe2d.ts.net + volumes: + - name: upload-storage + persistentVolumeClaim: + claimName: immich-upload-pvc + - name: gphoto-storage + persistentVolumeClaim: + claimName: immich-gphoto-pvc + - name: localtime + hostPath: + path: /etc/localtime + type: File +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-machine-learning + namespace: immich +spec: + replicas: 1 + selector: + matchLabels: + app: immich-ml + template: + metadata: + labels: + app: immich-ml + spec: + containers: + - name: immich-ml + image: ghcr.io/immich-app/immich-machine-learning:release + env: + - name: TZ + value: Asia/Nicosia + volumeMounts: + - mountPath: /cache + name: model-cache + nodeSelector: + kubernetes.io/hostname: nas.tail2fe2d.ts.net + volumes: + - name: model-cache + emptyDir: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + namespace: immich +spec: + replicas: 1 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + containers: + - name: redis + image: redis:6.2-alpine + readinessProbe: + exec: + command: ["redis-cli", "ping"] + nodeSelector: + kubernetes.io/hostname: nas.tail2fe2d.ts.net +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: database + namespace: immich +spec: + replicas: 1 + selector: + matchLabels: + app: database + template: + metadata: + labels: + app: database + spec: + securityContext: + fsGroup: 999 + containers: + - name: immich-postgres + image: tensorchord/pgvecto-rs:pg14-v0.2.0 + securityContext: + runAsUser: 999 + runAsGroup: 999 + env: + - name: POSTGRES_PASSWORD + value: postgres + - name: POSTGRES_USER + value: postgres + - name: POSTGRES_DB + value: immich + - name: POSTGRES_INITDB_ARGS + value: '--data-checksums' + - name: TZ + value: Asia/Nicosia + command: ["postgres"] + args: + - "-c" + - "shared_preload_libraries=vectors.so" + - "-c" + - "search_path='\"$user\", public, vectors'" + - "-c" + - "logging_collector=on" + - "-c" + - "max_wal_size=2GB" + - "-c" + - "shared_buffers=512MB" + - "-c" + - "wal_compression=on" + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: db-storage + nodeSelector: + kubernetes.io/hostname: nas.tail2fe2d.ts.net + volumes: + - name: db-storage + persistentVolumeClaim: + claimName: immich-db-pvc diff --git a/k8s/apps/immich/kustomization.yaml b/k8s/apps/immich/kustomization.yaml new file mode 100644 index 0000000..c1362c1 --- /dev/null +++ b/k8s/apps/immich/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - app.yaml + - deployments.yaml + - volumes.yaml + - service.yaml + diff --git a/k8s/apps/immich/service.yaml b/k8s/apps/immich/service.yaml new file mode 100644 index 0000000..d98e45a --- /dev/null +++ b/k8s/apps/immich/service.yaml @@ -0,0 +1,95 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: immich +spec: + selector: + app: redis + ports: + - protocol: TCP + port: 6379 + targetPort: 6379 +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-machine-learning + namespace: immich +spec: + selector: + app: immich-ml + ports: + - protocol: TCP + port: 3003 + targetPort: 3003 +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-server + namespace: immich +spec: + selector: + app: immich-server + ports: + - protocol: TCP + port: 2283 + targetPort: 2283 +--- +apiVersion: v1 +kind: Service +metadata: + name: database + namespace: immich +spec: + selector: + app: database + ports: + - protocol: TCP + port: 5432 + targetPort: 5432 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: upload-buffering + namespace: immich +spec: + buffering: + maxRequestBodyBytes: 0 + memRequestBodyBytes: 10485760 + maxResponseBodyBytes: 0 + memResponseBodyBytes: 10485760 + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: immich-tls-ingress + namespace: immich + annotations: + ingressClassName: traefik + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/router.middlewares: | + kube-system-https-redirect@kubernetescrd, immich-upload-buffering@kubernetescrd + acme.cert-manager.io/http01-edit-in-place: "true" +spec: + rules: + - host: photos.hexor.cy + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: immich-server + port: + number: 2283 + tls: + - secretName: immich-tls + hosts: + - photos.hexor.cy + + diff --git a/k8s/apps/immich/volumes.yaml b/k8s/apps/immich/volumes.yaml new file mode 100644 index 0000000..7efd1dc --- /dev/null +++ b/k8s/apps/immich/volumes.yaml @@ -0,0 +1,79 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: immich-upload-pv +spec: + capacity: + storage: 500Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /mnt/storage/Storage/k8s/immich/library +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-upload-pvc + namespace: immich +spec: + storageClassName: "" + accessModes: + - ReadWriteOnce + volumeName: immich-upload-pv + resources: + requests: + storage: 500Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: immich-gphoto-pv +spec: + capacity: + storage: 500Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /mnt/storage/Storage/k8s/immich/GPHOTO +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-gphoto-pvc + namespace: immich +spec: + storageClassName: "" + accessModes: + - ReadWriteOnce + volumeName: immich-gphoto-pv + resources: + requests: + storage: 500Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: immich-db-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /mnt/storage/Storage/k8s/immich/db +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-db-pvc + namespace: immich +spec: + storageClassName: "" + accessModes: + - ReadWriteOnce + volumeName: immich-db-pv + resources: + requests: + storage: 10Gi +