Immich (#165)

Reviewed-on: jahanson/homelab#165

kubernetes/apps/media/immich/app/configmap.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: immich-config
+  labels:
+    app.kubernetes.io/name: immich
+data:
+  LOG_LEVEL: verbose
+  NODE_ENV: production
+  REDIS_HOSTNAME: dragonfly.database.svc.cluster.local
+  REDIS_PORT: "6379"
+  IMMICH_WEB_URL: http://immich-web.media.svc.cluster.local:3000
+  IMMICH_SERVER_URL: http://immich-server.media.svc.cluster.local:3001
+  IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.media.svc.cluster.local:3003

kubernetes/apps/media/immich/app/helmrelease.yaml

@@ -0,0 +1,109 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: &name immich
+  namespace: default
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.0.4
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    controllers:
+      immich-server:
+        type: statefulset
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/immich-app/immich-server
+              tag: v1.100.0
+            command: /bin/sh
+            args:
+              - ./start-server.sh
+            probes:
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 5
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+            resources:
+              requests:
+                cpu: 100m
+                memory: 512Mi
+              limits:
+                memory: 4Gi
+            env:
+              TZ: America/Chicago
+              DB_URL:
+                valueFrom:
+                  secretKeyRef:
+                    name: immich-pguser-immich
+                    key: uri
+            envFrom:
+              - secretRef:
+                  name: immich-secret
+              - configMapRef:
+                  name: immich-config
+        pod:
+          enableServiceLinks: false
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+    service:
+      app:
+        controller: immich-server
+        ports:
+          http:
+            port: 3001
+    ingress:
+      app:
+        enabled: true
+        className: external-nginx
+        annotations:
+          external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
+          external-dns.alpha.kubernetes.io/target: external.hsn.dev
+          nginx.ingress.kubernetes.io/proxy-body-size: "0"
+        hosts:
+          - host: &host "im.hsn.dev"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        existingClaim: immich
+        enabled: true
+      media:
+        enabled: true
+        type: nfs
+        server: 10.1.1.13
+        path: /eru/media/immich
+        globalMounts:
+          - path: /usr/src/app/upload

kubernetes/apps/media/immich/app/kustomization.yaml

@@ -3,14 +3,19 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  # - ./externalsecret.yaml
+  - ./helmrelease.yaml
+  - ./machine-learning
+  - ./microservices
   - ./postgresCluster.yaml
-  # - ./pvc.yaml
-  # - ./helmrelease.yaml
 configMapGenerator:
   - name: immich-databse-init-sql
     files:
       - init.sql=./resources/init.sql
+labels:
+  - pairs:
+      app.kubernetes.io/name: immich
+      app.kubernetes.io/instance: immich
+      app.kubernetes.io/part-of: immich
 generatorOptions:
   disableNameSuffixHash: true
   annotations:

kubernetes/apps/media/immich/app/machine-learning/helmrelease.yaml

@@ -0,0 +1,85 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: immich-machine-learning
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.0.4
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s-charts
+        namespace: flux-system
+      interval: 15m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    controllers:
+      immich-machine-learning:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        strategy: RollingUpdate
+        containers:
+          app:
+            image:
+              repository: ghcr.io/immich-app/immich-machine-learning
+              tag: v1.100.0
+            resources:
+              requests:
+                cpu: 15m
+                memory: 250Mi
+              limits:
+                memory: 4000Mi
+            probes:
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 5
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+            envFrom:
+              - configMapRef:
+                  name: immich-config
+            env:
+              DB_URL:
+                valueFrom:
+                  secretKeyRef:
+                    name: immich-pguser-immich
+                    key: uri
+        pod:
+          enableServiceLinks: false
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+    service:
+      app:
+        controller: immich-machine-learning
+        ports:
+          http:
+            port: 3003
+    persistence:
+      media:
+        enabled: true
+        type: nfs
+        server: 10.1.1.13
+        path: /eru/media/immich
+        globalMounts:
+          - path: /usr/src/app/upload
+      cache:
+        enabled: true
+        type: emptyDir

kubernetes/apps/media/immich/app/machine-learning/kustomization.yaml

@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+labels:
+  - pairs:
+      app.kubernetes.io/name: immich-machine-learning
+      app.kubernetes.io/instance: immich-machine-learning
+      app.kubernetes.io/part-of: immich
+resources:
+  - ./helmrelease.yaml

kubernetes/apps/media/immich/app/microservices/helmrelease.yaml

@@ -0,0 +1,83 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: immich-microservices
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.0.4
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s-charts
+        namespace: flux-system
+      interval: 15m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    controllers:
+      immich-microservices:
+        strategy: RollingUpdate
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/immich-app/immich-server
+              tag: v1.100.0
+            command: /bin/sh
+            args:
+              - ./start-microservices.sh
+            resources:
+              requests:
+                cpu: 100m
+                memory: 250Mi
+              limits:
+                memory: 1000Mi
+            probes:
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 5
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+            envFrom:
+              - configMapRef:
+                  name: immich-config
+            env:
+              DB_URL:
+                valueFrom:
+                  secretKeyRef:
+                    name: immich-pguser-immich
+                    key: uri
+        pod:
+          enableServiceLinks: false
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+    service:
+      app:
+        controller: immich-microservices
+        enabled: false
+    persistence:
+      media:
+        enabled: true
+        type: nfs
+        server: 10.1.1.13
+        path: /eru/media/immich
+        globalMounts:
+          - path: /usr/src/app/upload

kubernetes/apps/media/immich/app/microservices/kustomization.yaml

@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+labels:
+  - pairs:
+      app.kubernetes.io/name: immich-microservices
+      app.kubernetes.io/instance: immich-microservices
+      app.kubernetes.io/part-of: immich
+resources:
+  - ./helmrelease.yaml