diff --git a/kubernetes/apps/media/immich/app/externalsecret.yaml b/kubernetes/apps/media/immich/app/externalsecret.yaml new file mode 100644 index 0000000..ad17df8 --- /dev/null +++ b/kubernetes/apps/media/immich/app/externalsecret.yaml @@ -0,0 +1,20 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: immich +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: immich-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + JWT_SECRET: "{{ .JWT_SECRET }}" + dataFrom: + - extract: + key: immich \ No newline at end of file diff --git a/kubernetes/apps/media/immich/app/helmrelease.yaml b/kubernetes/apps/media/immich/app/helmrelease.yaml index 998d421..5940fe0 100644 --- a/kubernetes/apps/media/immich/app/helmrelease.yaml +++ b/kubernetes/apps/media/immich/app/helmrelease.yaml @@ -25,44 +25,46 @@ spec: strategy: rollback values: controllers: - jellyfin: + immich-server: type: statefulset annotations: reloader.stakater.com/auto: "true" containers: app: image: - repository: jellyfin/jellyfin - tag: 10.8.13 - env: - NVIDIA_VISIBLE_DEVICES: "all" - NVIDIA_DRIVER_CAPABILITIES: "compute,video,utility" - DOTNET_SYSTEM_IO_DISABLEFILELOCKING: "true" - JELLYFIN_FFmpeg__probesize: 50000000 - JELLYFIN_FFmpeg__analyzeduration: 50000000 - JELLYFIN_PublishedServerUrl: jelly.hsn.dev - TZ: America/Chicago + repository: ghcr.io/immich-app/immich-server + tag: v1.100.0 + command: /bin/sh + args: + - ./start-server.sh probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /health - port: &port 8096 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes startup: - enabled: false + enabled: true + spec: + failureThreshold: 30 + periodSeconds: 5 + liveness: + enabled: true + readiness: + enabled: true resources: requests: cpu: 100m memory: 512Mi limits: memory: 4Gi + env: + TZ: America/Chicago + DB_URL: + valueFrom: + secretKeyRef: + name: immich-pguser-immich + key: uri + envFrom: + - secretRef: + name: immich-secret + - configMapRef: + name: immich-config pod: enableServiceLinks: false securityContext: @@ -73,10 +75,10 @@ spec: supplementalGroups: [44, 105, 10000] service: app: - controller: *name + controller: immich-server ports: http: - port: *port + port: 3001 ingress: app: enabled: true @@ -84,8 +86,9 @@ spec: annotations: external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/target: external.hsn.dev + nginx.ingress.kubernetes.io/proxy-body-size: "0" hosts: - - host: &host "jelly.hsn.dev" + - host: &host "im.hsn.dev" paths: - path: / service: @@ -98,14 +101,10 @@ spec: config: existingClaim: immich enabled: true - ml-cache: - type: emptyDir - globalMounts: - - path: /mlcache media: enabled: true type: nfs server: 10.1.1.12 path: /eru/media/immich globalMounts: - - path: /media + - path: /usr/src/app/upload diff --git a/kubernetes/apps/media/immich/app/kustomization.yaml b/kubernetes/apps/media/immich/app/kustomization.yaml index 9677e16..dbf548f 100644 --- a/kubernetes/apps/media/immich/app/kustomization.yaml +++ b/kubernetes/apps/media/immich/app/kustomization.yaml @@ -3,10 +3,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ../../../../templates/volsync # - ./externalsecret.yaml + - ./helmrelease.yaml - ./postgresCluster.yaml # - ./pvc.yaml - # - ./helmrelease.yaml configMapGenerator: - name: immich-databse-init-sql files: diff --git a/kubernetes/apps/media/immich/ks.yaml b/kubernetes/apps/media/immich/ks.yaml index 61788fa..6bc711f 100644 --- a/kubernetes/apps/media/immich/ks.yaml +++ b/kubernetes/apps/media/immich/ks.yaml @@ -28,3 +28,4 @@ spec: APP: *app DB_NAME: immich DB_USER: immich + VOLSYNC_CAPACITY: 1Gi