feat: add Immich database credentials and deployment configuration
This commit is contained in:
parent
861f9c9688
commit
1ceb8209bc
@ -31,4 +31,7 @@ REGISTRY_PASSWORD=your_token_here
|
|||||||
# Home Assistant and Discord integration
|
# Home Assistant and Discord integration
|
||||||
HA_TOKEN=your_home_assistant_token_here
|
HA_TOKEN=your_home_assistant_token_here
|
||||||
DISCORD_TOKEN=your_discord_token_here
|
DISCORD_TOKEN=your_discord_token_here
|
||||||
GUILD_ID=your_discord_guild_id_here
|
GUILD_ID=your_discord_guild_id_here
|
||||||
|
|
||||||
|
# Immich database credentials
|
||||||
|
IMMICH_POSTGRES_PASSWORD=your_password_here
|
||||||
13
manifests/media/immich-postgres-sealed.yaml
Normal file
13
manifests/media/immich-postgres-sealed.yaml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
name: immich-postgres
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
password: AgAHwzFI/21GYnhIc08Q4E0fshe9AHn77D0u28+f4jxPRSWPvKf7OaKOAoQUfZhFWsfaayphASg7NMpuhgvFl8oC1MZ1oXX48p3M3wOQmV3yhaWFjXtQuDIyhwsRY7IYTED4sPNaEpVM/NGQS8XQyKaFaQ1aAqPwVZwLAVEj5SeJcCnG9lfANB+x8Hua1DZezrYelQQ8kT3xURfOkvZ57e/2kCdvHYs/SXJZCj6iyuXzefjH25ZNqNVGdaa36cT5Mo7V3eNrT014qed+4Uf7uv+aPcrKJYkSRkaPEJdp0THCofiI/QrgKknQTWRrQLxnOFMnTTckrkI89JTo9wCzfXOFF8KcDMAur7E4QfYbgFqLMlCShsY9bcb5mGD5xa2RKoBnQyQslNMYeNWgVmt7sn1F56v5Gh3e2tg++ydCIlQwvUywPFyt/lL9+Eojdn8LknykpmH34z0cd+KVDcsl+9dHRx3jAgefpIwJc+MihGB8H+Sm6dP8PW3r7o29/KgpBPjpebbq4G31QLDyeAjVavk2CxTdnHsJWmWl2mwB5GlrEB1cRqSOctzvDkwx+TdwyRM2Ggl5J2azt+QZaCYES6sTdxPQOUuDJ7SeY3qy9C0v+0OBpu9q1WPUP6E14LUZzdOp4+S8mC6Llwxcypro7oWOS3GrK4z6eSrpj6bg5FlqkEjQjc0EJ4C6kPevLp2JaCdFXt9FXkDTKv97A8sT1ruG9M86FqHf1d6aTWw2UC9i7w==
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: immich-postgres
|
||||||
|
namespace: immich
|
||||||
16
manifests/media/immich-postgres-secret.sh
Executable file
16
manifests/media/immich-postgres-secret.sh
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||||
|
source "$SCRIPT_DIR/../../.env"
|
||||||
|
|
||||||
|
kubectl create secret generic immich-postgres \
|
||||||
|
--namespace=immich \
|
||||||
|
--from-literal=password="${IMMICH_POSTGRES_PASSWORD}" \
|
||||||
|
--dry-run=client -o yaml \
|
||||||
|
| kubeseal \
|
||||||
|
--controller-namespace=kube-system \
|
||||||
|
--controller-name=sealed-secrets-controller \
|
||||||
|
--format yaml \
|
||||||
|
> "$SCRIPT_DIR/immich-postgres-sealed.yaml"
|
||||||
|
|
||||||
|
echo "Wrote $SCRIPT_DIR/immich-postgres-sealed.yaml"
|
||||||
297
manifests/media/immich.yaml
Normal file
297
manifests/media/immich.yaml
Normal file
@ -0,0 +1,297 @@
|
|||||||
|
# Apply: kubectl apply -f manifests/media/immich.yaml
|
||||||
|
# Delete: kubectl delete -f manifests/media/immich.yaml
|
||||||
|
# Description: Immich photo management deployment at immich.home.arpa.
|
||||||
|
# External libraries mounted read-only from NFS.
|
||||||
|
# NOTE: Set the postgres password before first apply (see Secret below).
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: immich
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: immich-postgres-data
|
||||||
|
namespace: immich
|
||||||
|
annotations:
|
||||||
|
helm.sh/resource-policy: keep
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
storageClassName: local-path
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 20Gi
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: immich-library
|
||||||
|
namespace: immich
|
||||||
|
annotations:
|
||||||
|
helm.sh/resource-policy: keep
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
storageClassName: local-path
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 50Gi
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: immich-ml-cache
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
storageClassName: local-path
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
||||||
|
---
|
||||||
|
# ─── Postgres ─────────────────────────────────────────────────────────────────
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: immich-postgres
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: immich-postgres
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: immich-postgres
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: postgres
|
||||||
|
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
|
||||||
|
ports:
|
||||||
|
- containerPort: 5432
|
||||||
|
env:
|
||||||
|
- name: POSTGRES_DB
|
||||||
|
value: immich
|
||||||
|
- name: POSTGRES_USER
|
||||||
|
value: immich
|
||||||
|
- name: POSTGRES_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: immich-postgres
|
||||||
|
key: password
|
||||||
|
- name: POSTGRES_INITDB_ARGS
|
||||||
|
value: "--data-checksums"
|
||||||
|
- name: PGDATA
|
||||||
|
value: /var/lib/postgresql/data/pgdata
|
||||||
|
volumeMounts:
|
||||||
|
- name: data
|
||||||
|
mountPath: /var/lib/postgresql/data
|
||||||
|
volumes:
|
||||||
|
- name: data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: immich-postgres-data
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: immich-postgres
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: immich-postgres
|
||||||
|
ports:
|
||||||
|
- port: 5432
|
||||||
|
targetPort: 5432
|
||||||
|
---
|
||||||
|
# ─── Redis ────────────────────────────────────────────────────────────────────
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: immich-redis
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: immich-redis
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: immich-redis
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: redis
|
||||||
|
image: docker.io/redis:6.2-alpine
|
||||||
|
ports:
|
||||||
|
- containerPort: 6379
|
||||||
|
volumeMounts:
|
||||||
|
- name: data
|
||||||
|
mountPath: /data
|
||||||
|
volumes:
|
||||||
|
- name: data
|
||||||
|
emptyDir: {}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: immich-redis
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: immich-redis
|
||||||
|
ports:
|
||||||
|
- port: 6379
|
||||||
|
targetPort: 6379
|
||||||
|
---
|
||||||
|
# ─── Immich Server ────────────────────────────────────────────────────────────
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: immich-server
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: immich-server
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: immich-server
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: immich-server
|
||||||
|
image: ghcr.io/immich-app/immich-server:v1.144.1
|
||||||
|
ports:
|
||||||
|
- containerPort: 2283
|
||||||
|
env:
|
||||||
|
- name: DB_HOSTNAME
|
||||||
|
value: immich-postgres
|
||||||
|
- name: DB_DATABASE_NAME
|
||||||
|
value: immich
|
||||||
|
- name: DB_USERNAME
|
||||||
|
value: immich
|
||||||
|
- name: DB_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: immich-postgres
|
||||||
|
key: password
|
||||||
|
- name: REDIS_HOSTNAME
|
||||||
|
value: immich-redis
|
||||||
|
- name: IMMICH_MACHINE_LEARNING_URL
|
||||||
|
value: http://immich-machine-learning:3003
|
||||||
|
- name: TZ
|
||||||
|
value: Asia/Tokyo
|
||||||
|
volumeMounts:
|
||||||
|
- name: library
|
||||||
|
mountPath: /usr/src/app/upload
|
||||||
|
- name: photos-other
|
||||||
|
mountPath: /mnt/external/other
|
||||||
|
readOnly: true
|
||||||
|
- name: photos-art
|
||||||
|
mountPath: /mnt/external/art
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- name: library
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: immich-library
|
||||||
|
- name: photos-other
|
||||||
|
nfs:
|
||||||
|
server: 192.168.7.183
|
||||||
|
path: /mnt/storage/jellyfin/other
|
||||||
|
- name: photos-art
|
||||||
|
nfs:
|
||||||
|
server: 192.168.7.183
|
||||||
|
path: /mnt/storage/jellyfin/art
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: immich-server
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: immich-server
|
||||||
|
ports:
|
||||||
|
- port: 2283
|
||||||
|
targetPort: 2283
|
||||||
|
---
|
||||||
|
# ─── Immich Machine Learning ──────────────────────────────────────────────────
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: immich-machine-learning
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: immich-machine-learning
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: immich-machine-learning
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: immich-machine-learning
|
||||||
|
image: ghcr.io/immich-app/immich-machine-learning:v1.144.1
|
||||||
|
ports:
|
||||||
|
- containerPort: 3003
|
||||||
|
volumeMounts:
|
||||||
|
- name: cache
|
||||||
|
mountPath: /cache
|
||||||
|
volumes:
|
||||||
|
- name: cache
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: immich-ml-cache
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: immich-machine-learning
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: immich-machine-learning
|
||||||
|
ports:
|
||||||
|
- port: 3003
|
||||||
|
targetPort: 3003
|
||||||
|
---
|
||||||
|
# ─── Ingress / TLS ────────────────────────────────────────────────────────────
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: immich-tls
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
secretName: immich-tls
|
||||||
|
issuerRef:
|
||||||
|
name: internal-ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
dnsNames:
|
||||||
|
- immich.home.arpa
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: immich
|
||||||
|
namespace: immich
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- websecure
|
||||||
|
routes:
|
||||||
|
- kind: Rule
|
||||||
|
match: Host(`immich.home.arpa`)
|
||||||
|
services:
|
||||||
|
- name: immich-server
|
||||||
|
namespace: immich
|
||||||
|
port: 2283
|
||||||
|
tls:
|
||||||
|
secretName: immich-tls
|
||||||
@ -79,6 +79,7 @@ dnsmasq:
|
|||||||
- address=/auth.home.arpa/192.168.7.77
|
- address=/auth.home.arpa/192.168.7.77
|
||||||
- address=/traefik.home.arpa/192.168.7.77
|
- address=/traefik.home.arpa/192.168.7.77
|
||||||
- address=/photoview.home.arpa/192.168.7.77
|
- address=/photoview.home.arpa/192.168.7.77
|
||||||
|
- address=/immich.home.arpa/192.168.7.77
|
||||||
- address=/gitea.nik4nao.com/192.168.7.77
|
- address=/gitea.nik4nao.com/192.168.7.77
|
||||||
- address=/ha.home.arpa/192.168.7.77
|
- address=/ha.home.arpa/192.168.7.77
|
||||||
- address=/argocd.home.arpa/192.168.7.77
|
- address=/argocd.home.arpa/192.168.7.77
|
||||||
Loading…
x
Reference in New Issue
Block a user