immich fixes #167
4 changed files with 54 additions and 33 deletions
20
kubernetes/apps/media/immich/app/externalsecret.yaml
Normal file
20
kubernetes/apps/media/immich/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: immich
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: onepassword-connect
|
||||||
|
target:
|
||||||
|
name: immich-secret
|
||||||
|
creationPolicy: Owner
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
JWT_SECRET: "{{ .JWT_SECRET }}"
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: immich
|
|
@ -25,44 +25,46 @@ spec:
|
||||||
strategy: rollback
|
strategy: rollback
|
||||||
values:
|
values:
|
||||||
controllers:
|
controllers:
|
||||||
jellyfin:
|
immich-server:
|
||||||
type: statefulset
|
type: statefulset
|
||||||
annotations:
|
annotations:
|
||||||
reloader.stakater.com/auto: "true"
|
reloader.stakater.com/auto: "true"
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: jellyfin/jellyfin
|
repository: ghcr.io/immich-app/immich-server
|
||||||
tag: 10.8.13
|
tag: v1.100.0
|
||||||
env:
|
command: /bin/sh
|
||||||
NVIDIA_VISIBLE_DEVICES: "all"
|
args:
|
||||||
NVIDIA_DRIVER_CAPABILITIES: "compute,video,utility"
|
- ./start-server.sh
|
||||||
DOTNET_SYSTEM_IO_DISABLEFILELOCKING: "true"
|
|
||||||
JELLYFIN_FFmpeg__probesize: 50000000
|
|
||||||
JELLYFIN_FFmpeg__analyzeduration: 50000000
|
|
||||||
JELLYFIN_PublishedServerUrl: jelly.hsn.dev
|
|
||||||
TZ: America/Chicago
|
|
||||||
probes:
|
probes:
|
||||||
liveness: &probes
|
|
||||||
enabled: true
|
|
||||||
custom: true
|
|
||||||
spec:
|
|
||||||
httpGet:
|
|
||||||
path: /health
|
|
||||||
port: &port 8096
|
|
||||||
initialDelaySeconds: 0
|
|
||||||
periodSeconds: 10
|
|
||||||
timeoutSeconds: 1
|
|
||||||
failureThreshold: 3
|
|
||||||
readiness: *probes
|
|
||||||
startup:
|
startup:
|
||||||
enabled: false
|
enabled: true
|
||||||
|
spec:
|
||||||
|
failureThreshold: 30
|
||||||
|
periodSeconds: 5
|
||||||
|
liveness:
|
||||||
|
enabled: true
|
||||||
|
readiness:
|
||||||
|
enabled: true
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
memory: 512Mi
|
memory: 512Mi
|
||||||
limits:
|
limits:
|
||||||
memory: 4Gi
|
memory: 4Gi
|
||||||
|
env:
|
||||||
|
TZ: America/Chicago
|
||||||
|
DB_URL:
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: immich-pguser-immich
|
||||||
|
key: uri
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: immich-secret
|
||||||
|
- configMapRef:
|
||||||
|
name: immich-config
|
||||||
pod:
|
pod:
|
||||||
enableServiceLinks: false
|
enableServiceLinks: false
|
||||||
securityContext:
|
securityContext:
|
||||||
|
@ -73,10 +75,10 @@ spec:
|
||||||
supplementalGroups: [44, 105, 10000]
|
supplementalGroups: [44, 105, 10000]
|
||||||
service:
|
service:
|
||||||
app:
|
app:
|
||||||
controller: *name
|
controller: immich-server
|
||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
||||||
port: *port
|
port: 3001
|
||||||
ingress:
|
ingress:
|
||||||
app:
|
app:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -84,8 +86,9 @@ spec:
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
|
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: external.hsn.dev
|
external-dns.alpha.kubernetes.io/target: external.hsn.dev
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "jelly.hsn.dev"
|
- host: &host "im.hsn.dev"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
@ -98,14 +101,10 @@ spec:
|
||||||
config:
|
config:
|
||||||
existingClaim: immich
|
existingClaim: immich
|
||||||
enabled: true
|
enabled: true
|
||||||
ml-cache:
|
|
||||||
type: emptyDir
|
|
||||||
globalMounts:
|
|
||||||
- path: /mlcache
|
|
||||||
media:
|
media:
|
||||||
enabled: true
|
enabled: true
|
||||||
type: nfs
|
type: nfs
|
||||||
server: 10.1.1.12
|
server: 10.1.1.12
|
||||||
path: /eru/media/immich
|
path: /eru/media/immich
|
||||||
globalMounts:
|
globalMounts:
|
||||||
- path: /media
|
- path: /usr/src/app/upload
|
||||||
|
|
|
@ -3,10 +3,11 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
|
- ../../../../templates/volsync
|
||||||
# - ./externalsecret.yaml
|
# - ./externalsecret.yaml
|
||||||
|
- ./helmrelease.yaml
|
||||||
- ./postgresCluster.yaml
|
- ./postgresCluster.yaml
|
||||||
# - ./pvc.yaml
|
# - ./pvc.yaml
|
||||||
# - ./helmrelease.yaml
|
|
||||||
configMapGenerator:
|
configMapGenerator:
|
||||||
- name: immich-databse-init-sql
|
- name: immich-databse-init-sql
|
||||||
files:
|
files:
|
||||||
|
|
|
@ -28,3 +28,4 @@ spec:
|
||||||
APP: *app
|
APP: *app
|
||||||
DB_NAME: immich
|
DB_NAME: immich
|
||||||
DB_USER: immich
|
DB_USER: immich
|
||||||
|
VOLSYNC_CAPACITY: 1Gi
|
||||||
|
|
Loading…
Reference in a new issue