homelab/manifests/media/immich.yaml

298 lines
7.3 KiB
YAML

# Apply: kubectl apply -f manifests/media/immich.yaml
# Delete: kubectl delete -f manifests/media/immich.yaml
# Description: Immich photo management deployment at immich.home.arpa.
# External libraries mounted read-only from NFS.
# NOTE: Set the postgres password before first apply (see Secret below).
apiVersion: v1
kind: Namespace
metadata:
name: immich
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-postgres-data
namespace: immich
annotations:
helm.sh/resource-policy: keep
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-library
namespace: immich
annotations:
helm.sh/resource-policy: keep
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-ml-cache
namespace: immich
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 10Gi
---
# ─── Postgres ─────────────────────────────────────────────────────────────────
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-postgres
namespace: immich
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: immich-postgres
template:
metadata:
labels:
app: immich-postgres
spec:
containers:
- name: postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: immich
- name: POSTGRES_USER
value: immich
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: immich-postgres
key: password
- name: POSTGRES_INITDB_ARGS
value: "--data-checksums"
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumes:
- name: data
persistentVolumeClaim:
claimName: immich-postgres-data
---
apiVersion: v1
kind: Service
metadata:
name: immich-postgres
namespace: immich
spec:
selector:
app: immich-postgres
ports:
- port: 5432
targetPort: 5432
---
# ─── Redis ────────────────────────────────────────────────────────────────────
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-redis
namespace: immich
spec:
replicas: 1
selector:
matchLabels:
app: immich-redis
template:
metadata:
labels:
app: immich-redis
spec:
containers:
- name: redis
image: docker.io/redis:6.2-alpine
ports:
- containerPort: 6379
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: immich-redis
namespace: immich
spec:
selector:
app: immich-redis
ports:
- port: 6379
targetPort: 6379
---
# ─── Immich Server ────────────────────────────────────────────────────────────
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-server
namespace: immich
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: immich-server
template:
metadata:
labels:
app: immich-server
spec:
containers:
- name: immich-server
image: ghcr.io/immich-app/immich-server:v2.7.5
ports:
- containerPort: 2283
env:
- name: DB_HOSTNAME
value: immich-postgres
- name: DB_DATABASE_NAME
value: immich
- name: DB_USERNAME
value: immich
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: immich-postgres
key: password
- name: REDIS_HOSTNAME
value: immich-redis
- name: IMMICH_MACHINE_LEARNING_URL
value: http://immich-machine-learning:3003
- name: TZ
value: Asia/Tokyo
volumeMounts:
- name: library
mountPath: /usr/src/app/upload
- name: photos-other
mountPath: /mnt/external/other
readOnly: true
- name: photos-art
mountPath: /mnt/external/art
readOnly: true
volumes:
- name: library
persistentVolumeClaim:
claimName: immich-library
- name: photos-other
nfs:
server: 192.168.7.183
path: /mnt/storage/jellyfin/other
- name: photos-art
nfs:
server: 192.168.7.183
path: /mnt/storage/jellyfin/art
---
apiVersion: v1
kind: Service
metadata:
name: immich-server
namespace: immich
spec:
selector:
app: immich-server
ports:
- port: 2283
targetPort: 2283
---
# ─── Immich Machine Learning ──────────────────────────────────────────────────
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-machine-learning
namespace: immich
spec:
replicas: 1
selector:
matchLabels:
app: immich-machine-learning
template:
metadata:
labels:
app: immich-machine-learning
spec:
containers:
- name: immich-machine-learning
image: ghcr.io/immich-app/immich-machine-learning:v2.7.5
ports:
- containerPort: 3003
volumeMounts:
- name: cache
mountPath: /cache
volumes:
- name: cache
persistentVolumeClaim:
claimName: immich-ml-cache
---
apiVersion: v1
kind: Service
metadata:
name: immich-machine-learning
namespace: immich
spec:
selector:
app: immich-machine-learning
ports:
- port: 3003
targetPort: 3003
---
# ─── Ingress / TLS ────────────────────────────────────────────────────────────
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: immich-tls
namespace: immich
spec:
secretName: immich-tls
issuerRef:
name: internal-ca-issuer
kind: ClusterIssuer
dnsNames:
- immich.home.arpa
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: immich
namespace: immich
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`immich.home.arpa`)
services:
- name: immich-server
namespace: immich
port: 2283
tls:
secretName: immich-tls