298 lines
7.3 KiB
YAML
298 lines
7.3 KiB
YAML
# Apply: kubectl apply -f manifests/media/immich.yaml
|
|
# Delete: kubectl delete -f manifests/media/immich.yaml
|
|
# Description: Immich photo management deployment at immich.home.arpa.
|
|
# External libraries mounted read-only from NFS.
|
|
# NOTE: Set the postgres password before first apply (see Secret below).
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: immich
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: immich-postgres-data
|
|
namespace: immich
|
|
annotations:
|
|
helm.sh/resource-policy: keep
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: local-path
|
|
resources:
|
|
requests:
|
|
storage: 20Gi
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: immich-library
|
|
namespace: immich
|
|
annotations:
|
|
helm.sh/resource-policy: keep
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: local-path
|
|
resources:
|
|
requests:
|
|
storage: 50Gi
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: immich-ml-cache
|
|
namespace: immich
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: local-path
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
---
|
|
# ─── Postgres ─────────────────────────────────────────────────────────────────
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: immich-postgres
|
|
namespace: immich
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: immich-postgres
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: immich-postgres
|
|
spec:
|
|
containers:
|
|
- name: postgres
|
|
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
|
|
ports:
|
|
- containerPort: 5432
|
|
env:
|
|
- name: POSTGRES_DB
|
|
value: immich
|
|
- name: POSTGRES_USER
|
|
value: immich
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: immich-postgres
|
|
key: password
|
|
- name: POSTGRES_INITDB_ARGS
|
|
value: "--data-checksums"
|
|
- name: PGDATA
|
|
value: /var/lib/postgresql/data/pgdata
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /var/lib/postgresql/data
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: immich-postgres-data
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: immich-postgres
|
|
namespace: immich
|
|
spec:
|
|
selector:
|
|
app: immich-postgres
|
|
ports:
|
|
- port: 5432
|
|
targetPort: 5432
|
|
---
|
|
# ─── Redis ────────────────────────────────────────────────────────────────────
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: immich-redis
|
|
namespace: immich
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: immich-redis
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: immich-redis
|
|
spec:
|
|
containers:
|
|
- name: redis
|
|
image: docker.io/redis:6.2-alpine
|
|
ports:
|
|
- containerPort: 6379
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
volumes:
|
|
- name: data
|
|
emptyDir: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: immich-redis
|
|
namespace: immich
|
|
spec:
|
|
selector:
|
|
app: immich-redis
|
|
ports:
|
|
- port: 6379
|
|
targetPort: 6379
|
|
---
|
|
# ─── Immich Server ────────────────────────────────────────────────────────────
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: immich-server
|
|
namespace: immich
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: immich-server
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: immich-server
|
|
spec:
|
|
containers:
|
|
- name: immich-server
|
|
image: ghcr.io/immich-app/immich-server:v2.7.5
|
|
ports:
|
|
- containerPort: 2283
|
|
env:
|
|
- name: DB_HOSTNAME
|
|
value: immich-postgres
|
|
- name: DB_DATABASE_NAME
|
|
value: immich
|
|
- name: DB_USERNAME
|
|
value: immich
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: immich-postgres
|
|
key: password
|
|
- name: REDIS_HOSTNAME
|
|
value: immich-redis
|
|
- name: IMMICH_MACHINE_LEARNING_URL
|
|
value: http://immich-machine-learning:3003
|
|
- name: TZ
|
|
value: Asia/Tokyo
|
|
volumeMounts:
|
|
- name: library
|
|
mountPath: /usr/src/app/upload
|
|
- name: photos-other
|
|
mountPath: /mnt/external/other
|
|
readOnly: true
|
|
- name: photos-art
|
|
mountPath: /mnt/external/art
|
|
readOnly: true
|
|
volumes:
|
|
- name: library
|
|
persistentVolumeClaim:
|
|
claimName: immich-library
|
|
- name: photos-other
|
|
nfs:
|
|
server: 192.168.7.183
|
|
path: /mnt/storage/jellyfin/other
|
|
- name: photos-art
|
|
nfs:
|
|
server: 192.168.7.183
|
|
path: /mnt/storage/jellyfin/art
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: immich-server
|
|
namespace: immich
|
|
spec:
|
|
selector:
|
|
app: immich-server
|
|
ports:
|
|
- port: 2283
|
|
targetPort: 2283
|
|
---
|
|
# ─── Immich Machine Learning ──────────────────────────────────────────────────
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: immich-machine-learning
|
|
namespace: immich
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: immich-machine-learning
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: immich-machine-learning
|
|
spec:
|
|
containers:
|
|
- name: immich-machine-learning
|
|
image: ghcr.io/immich-app/immich-machine-learning:v2.7.5
|
|
ports:
|
|
- containerPort: 3003
|
|
volumeMounts:
|
|
- name: cache
|
|
mountPath: /cache
|
|
volumes:
|
|
- name: cache
|
|
persistentVolumeClaim:
|
|
claimName: immich-ml-cache
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: immich-machine-learning
|
|
namespace: immich
|
|
spec:
|
|
selector:
|
|
app: immich-machine-learning
|
|
ports:
|
|
- port: 3003
|
|
targetPort: 3003
|
|
---
|
|
# ─── Ingress / TLS ────────────────────────────────────────────────────────────
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: immich-tls
|
|
namespace: immich
|
|
spec:
|
|
secretName: immich-tls
|
|
issuerRef:
|
|
name: internal-ca-issuer
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- immich.home.arpa
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: immich
|
|
namespace: immich
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- kind: Rule
|
|
match: Host(`immich.home.arpa`)
|
|
services:
|
|
- name: immich-server
|
|
namespace: immich
|
|
port: 2283
|
|
tls:
|
|
secretName: immich-tls
|