Added immich

k8s/apps/immich/app.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: khm
+  namespace: argocd
+spec:
+  project: apps
+  destination:
+    namespace: khm
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
+    targetRevision: HEAD
+    path: k8s/apps/khm
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
+

k8s/apps/immich/deployments.yaml

@@ -0,0 +1,169 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: immich-server
+  namespace: immich
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: immich-server
+  template:
+    metadata:
+      labels:
+        app: immich-server
+    spec:
+      containers:
+        - name: immich-server
+          image: ghcr.io/immich-app/immich-server:release
+          ports:
+            - containerPort: 2283
+          env:
+            - name: UPLOAD_LOCATION
+              value: /usr/src/app/upload
+            - name: DB_PASSWORD
+              value: postgres
+            - name: DB_USERNAME
+              value: postgres
+            - name: DB_DATABASE_NAME
+              value: immich
+            - name: REDIS_HOST
+              value: redis
+            - name: REDIS_PORT
+              value: "6379"
+            - name: TZ
+              value: Asia/Nicosia
+          volumeMounts:
+            - mountPath: /usr/src/app/upload
+              name: upload-storage
+            - mountPath: /GPHOTO
+              name: gphoto-storage
+            - mountPath: /etc/localtime
+              name: localtime
+              readOnly: true
+      nodeSelector:
+        kubernetes.io/hostname: nas.tail2fe2d.ts.net
+      volumes:
+        - name: upload-storage
+          persistentVolumeClaim:
+            claimName: immich-upload-pvc
+        - name: gphoto-storage
+          persistentVolumeClaim:
+            claimName: immich-gphoto-pvc
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+            type: File
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: immich-machine-learning
+  namespace: immich
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: immich-ml
+  template:
+    metadata:
+      labels:
+        app: immich-ml
+    spec:
+      containers:
+        - name: immich-ml
+          image: ghcr.io/immich-app/immich-machine-learning:release
+          env:
+            - name: TZ
+              value: Asia/Nicosia
+          volumeMounts:
+            - mountPath: /cache
+              name: model-cache
+      nodeSelector:
+        kubernetes.io/hostname: nas.tail2fe2d.ts.net
+      volumes:
+        - name: model-cache
+          emptyDir: {}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+  namespace: immich
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - name: redis
+          image: redis:6.2-alpine
+          readinessProbe:
+            exec:
+              command: ["redis-cli", "ping"]
+      nodeSelector:
+        kubernetes.io/hostname: nas.tail2fe2d.ts.net
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: database
+  namespace: immich
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: database
+  template:
+    metadata:
+      labels:
+        app: database
+    spec:
+      securityContext:
+        fsGroup: 999
+      containers:
+        - name: immich-postgres
+          image: tensorchord/pgvecto-rs:pg14-v0.2.0
+          securityContext:
+            runAsUser: 999
+            runAsGroup: 999
+          env:
+            - name: POSTGRES_PASSWORD
+              value: postgres
+            - name: POSTGRES_USER
+              value: postgres
+            - name: POSTGRES_DB
+              value: immich
+            - name: POSTGRES_INITDB_ARGS
+              value: '--data-checksums'
+            - name: TZ
+              value: Asia/Nicosia
+          command: ["postgres"]
+          args:
+            - "-c"
+            - "shared_preload_libraries=vectors.so"
+            - "-c"
+            - "search_path='\"$user\", public, vectors'"
+            - "-c"
+            - "logging_collector=on"
+            - "-c"
+            - "max_wal_size=2GB"
+            - "-c"
+            - "shared_buffers=512MB"
+            - "-c"
+            - "wal_compression=on"
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: db-storage
+      nodeSelector:
+        kubernetes.io/hostname: nas.tail2fe2d.ts.net
+      volumes:
+        - name: db-storage
+          persistentVolumeClaim:
+            claimName: immich-db-pvc

k8s/apps/immich/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app.yaml
+  - deployments.yaml
+  - volumes.yaml
+  - service.yaml
+

k8s/apps/immich/service.yaml

@@ -0,0 +1,95 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+  namespace: immich
+spec:
+  selector:
+    app: redis
+  ports:
+    - protocol: TCP
+      port: 6379
+      targetPort: 6379
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-machine-learning
+  namespace: immich
+spec:
+  selector:
+    app: immich-ml
+  ports:
+    - protocol: TCP
+      port: 3003
+      targetPort: 3003
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-server
+  namespace: immich
+spec:
+  selector:
+    app: immich-server
+  ports:
+    - protocol: TCP
+      port: 2283
+      targetPort: 2283
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: database
+  namespace: immich
+spec:
+  selector:
+    app: database
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: upload-buffering
+  namespace: immich
+spec:
+  buffering:
+    maxRequestBodyBytes: 0
+    memRequestBodyBytes: 10485760
+    maxResponseBodyBytes: 0
+    memResponseBodyBytes: 10485760
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: immich-tls-ingress
+  namespace: immich
+  annotations:
+    ingressClassName: traefik
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: |
+      kube-system-https-redirect@kubernetescrd, immich-upload-buffering@kubernetescrd
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  rules:
+    - host: photos.hexor.cy
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: immich-server
+                port:
+                  number: 2283
+  tls:
+    - secretName: immich-tls
+      hosts:
+        - photos.hexor.cy
+
+

k8s/apps/immich/volumes.yaml

@@ -0,0 +1,79 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: immich-upload-pv
+spec:
+  capacity:
+    storage: 500Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: /mnt/storage/Storage/k8s/immich/library
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-upload-pvc
+  namespace: immich
+spec:
+  storageClassName: ""
+  accessModes:
+    - ReadWriteOnce
+  volumeName: immich-upload-pv
+  resources:
+    requests:
+      storage: 500Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: immich-gphoto-pv
+spec:
+  capacity:
+    storage: 500Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: /mnt/storage/Storage/k8s/immich/GPHOTO
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-gphoto-pvc
+  namespace: immich
+spec:
+  storageClassName: ""
+  accessModes:
+    - ReadWriteOnce
+  volumeName: immich-gphoto-pv
+  resources:
+    requests:
+      storage: 500Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: immich-db-pv
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: /mnt/storage/Storage/k8s/immich/db
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-db-pvc
+  namespace: immich
+spec:
+  storageClassName: ""
+  accessModes:
+    - ReadWriteOnce
+  volumeName: immich-db-pv
+  resources:
+    requests:
+      storage: 10Gi
+