From a2c47fae13d7a9c77f78dd875bd35da9464e1c65 Mon Sep 17 00:00:00 2001 From: Chris Hamer Date: Wed, 25 Jan 2023 00:49:35 +0000 Subject: [PATCH] initial commit --- base/immich-deployments.yaml | 305 ++++++++++++++++++++++++++++ base/immich-ingress.yaml | 44 ++++ base/immich-services.yaml | 63 ++++++ base/kustomization.yaml | 8 + base/pvc.yaml | 14 ++ overlays/example/example-env.yaml | 75 +++++++ overlays/example/ingress-patch.json | 12 ++ overlays/example/kustomization.yaml | 40 ++++ 8 files changed, 561 insertions(+) create mode 100644 base/immich-deployments.yaml create mode 100644 base/immich-ingress.yaml create mode 100644 base/immich-services.yaml create mode 100644 base/kustomization.yaml create mode 100644 base/pvc.yaml create mode 100644 overlays/example/example-env.yaml create mode 100644 overlays/example/ingress-patch.json create mode 100644 overlays/example/kustomization.yaml diff --git a/base/immich-deployments.yaml b/base/immich-deployments.yaml new file mode 100644 index 0000000..50b6699 --- /dev/null +++ b/base/immich-deployments.yaml @@ -0,0 +1,305 @@ +apiVersion: v1 +data: + key: 85NiG6C+BqJmkziV1Og+5Nb2QTBLErn/Sf7ntBcHM1LttcfjD7Xjk0aluuYUOsrNemF1RaxLqOIiXMfimX+jTs/M4t5wPxQ4kmMivVZf4kP8N+6v5JXp9e8e6cyi4h+Su1X3DspHKKXDym/Yeijltmz8HBE1r+ZURt8iqTAWPgY= +kind: Secret +metadata: + name: immich-jwt-key + namespace: default +type: Opaque +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application.name: immich-server + name: immich-server +spec: + replicas: 1 + selector: + matchLabels: + application.name: immich-server + strategy: + type: Recreate + template: + metadata: + labels: + application.name: immich-server + spec: + containers: + - command: + - /bin/sh + - ./start-server.sh + env: + - name: BASE_DB_URL + valueFrom: + secretKeyRef: + key: uri + name: example-db-pguser-immich-user + - name: DB_URL + value: $(BASE_DB_URL)?sslmode=no-verify + - name: IMMICH_MACHINE_LEARNING_URL + value: http://immich-machine-learning-service.default.svc:3003 + - name: IMMICH_SERVER_URL + value: http://immich-server-service.default.svc:3001 + - name: IMMICH_WEB_URL + value: http://immich-web-service.default.svc:3000 + - name: JWT_SECRET + valueFrom: + secretKeyRef: + key: key + name: immich-jwt-key + - name: NODE_ENV + value: production + - name: PUBLIC_LOGIN_PAGE_MESSAGE + - name: REDIS_HOSTNAME + value: immich-redis-master.default.svc + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: immich-redis + - name: REDIS_DBINDEX + value: "0" + - name: REDIS_PORT + value: "6379" + image: altran1502/immich-server:latest + name: immich-server + resources: {} + volumeMounts: + - mountPath: /usr/src/app/upload + name: immich-server-claim0 + restartPolicy: Always + volumes: + - name: immich-server-claim0 + persistentVolumeClaim: + claimName: immich-claim0 +status: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application.name: immich-web + name: immich-web +spec: + replicas: 1 + selector: + matchLabels: + application.name: immich-web + strategy: {} + template: + metadata: + labels: + application.name: immich-web + spec: + containers: + - command: + - /bin/sh + - ./entrypoint.sh + env: + - name: BASE_DB_URL + valueFrom: + secretKeyRef: + key: uri + name: example-db-pguser-immich-user + - name: DB_URL + value: $(BASE_DB_URL)?sslmode=no-verify + - name: IMMICH_MACHINE_LEARNING_URL + value: http://immich-machine-learning-service.default.svc:3003 + - name: IMMICH_SERVER_URL + value: http://immich-server-service.default.svc:3001 + - name: IMMICH_WEB_URL + value: http://immich-web-service.default.svc:3000 + - name: JWT_SECRET + valueFrom: + secretKeyRef: + key: key + name: immich-jwt-key + - name: NODE_ENV + value: production + - name: PUBLIC_LOGIN_PAGE_MESSAGE + - name: REDIS_HOSTNAME + value: immich-redis-master.default.svc + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: immich-redis + - name: REDIS_DBINDEX + value: "0" + - name: REDIS_PORT + value: "6379" + image: altran1502/immich-web:latest + name: immich-web + resources: {} + restartPolicy: Always +status: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application.name: immich-machine-learning + name: immich-machine-learning +spec: + replicas: 1 + selector: + matchLabels: + application.name: immich-machine-learning + strategy: + type: Recreate + template: + metadata: + labels: + application.name: immich-machine-learning + spec: + containers: + - command: + - /bin/sh + - ./entrypoint.sh + env: + - name: BASE_DB_URL + valueFrom: + secretKeyRef: + key: uri + name: example-db-pguser-immich-user + - name: DB_URL + value: $(BASE_DB_URL)?sslmode=no-verify + - name: IMMICH_MACHINE_LEARNING_URL + value: http://immich-machine-learning-service.default.svc:3003 + - name: IMMICH_SERVER_URL + value: http://immich-server-service.default.svc:3001 + - name: IMMICH_WEB_URL + value: http://immich-web-service.default.svc:3000 + - name: JWT_SECRET + valueFrom: + secretKeyRef: + key: key + name: immich-jwt-key + - name: NODE_ENV + value: production + - name: PUBLIC_LOGIN_PAGE_MESSAGE + - name: REDIS_HOSTNAME + value: immich-redis-master.default.svc + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: immich-redis + - name: REDIS_DBINDEX + value: "0" + - name: REDIS_PORT + value: "6379" + image: altran1502/immich-machine-learning:latest + name: immich-machine-learning + resources: + limits: + cpu: "4" + volumeMounts: + - mountPath: /usr/src/app/upload + name: immich-machine-learning-claim0 + restartPolicy: Always + volumes: + - name: immich-machine-learning-claim0 + persistentVolumeClaim: + claimName: immich-claim0 +status: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application.name: immich-microservices + name: immich-microservices +spec: + replicas: 1 + selector: + matchLabels: + application.name: immich-microservices + strategy: + type: Recreate + template: + metadata: + labels: + application.name: immich-microservices + spec: + containers: + - command: + - /bin/sh + - ./start-microservices.sh + env: + - name: BASE_DB_URL + valueFrom: + secretKeyRef: + key: uri + name: example-db-pguser-immich-user + - name: DB_URL + value: $(BASE_DB_URL)?sslmode=no-verify + - name: IMMICH_MACHINE_LEARNING_URL + value: http://immich-machine-learning-service.default.svc:3003 + - name: IMMICH_SERVER_URL + value: http://immich-server-service.default.svc:3001 + - name: IMMICH_WEB_URL + value: http://immich-web-service.default.svc:3000 + - name: JWT_SECRET + valueFrom: + secretKeyRef: + key: key + name: immich-jwt-key + - name: NODE_ENV + value: production + - name: PUBLIC_LOGIN_PAGE_MESSAGE + - name: REDIS_HOSTNAME + value: immich-redis-master.default.svc + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: immich-redis + - name: REDIS_DBINDEX + value: "0" + - name: REDIS_PORT + value: "6379" + image: altran1502/immich-server:latest + name: immich-microservices + resources: {} + volumeMounts: + - mountPath: /usr/src/app/upload + name: immich-microservices-claim0 + restartPolicy: Always + volumes: + - name: immich-microservices-claim0 + persistentVolumeClaim: + claimName: immich-claim0 +status: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application.name: immich-proxy + name: immich-proxy +spec: + replicas: 1 + selector: + matchLabels: + application.name: immich-proxy + strategy: {} + template: + metadata: + labels: + application.name: immich-proxy + spec: + containers: + - env: + - name: IMMICH_SERVER_URL + value: http://immich-server-service.default.svc:3001 + - name: IMMICH_WEB_URL + value: http://immich-web-service.default.svc:3000 + image: altran1502/immich-proxy:release + name: immich-proxy + ports: + - containerPort: 8080 + resources: {} + restartPolicy: Always +status: {} diff --git a/base/immich-ingress.yaml b/base/immich-ingress.yaml new file mode 100644 index 0000000..6f37a91 --- /dev/null +++ b/base/immich-ingress.yaml @@ -0,0 +1,44 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: immich-ingress + namespace: default + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/proxy-body-size: "50000M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" + nginx.ingress.kubernetes.io/proxy-buffers-number: "64 4k" + nginx.ingress.kubernetes.io/proxy-http-version: "1.1" + cert-manager.io/issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/server-snippet: |- + gzip on; + gzip_comp_level 2; + gzip_min_length 1000; + gzip_proxied any; + gzip_types + application/javascript + application/json + font/truetype + image/svg+xml + text/css + text/html; + gzip_vary on; + gunzip on; + +spec: + tls: + - hosts: + - k8s-immich.example.org + secretName: immich-tls-cert + rules: + - host: k8s-immich.example.org + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: immich-proxy-service + port: + number: 2283 \ No newline at end of file diff --git a/base/immich-services.yaml b/base/immich-services.yaml new file mode 100644 index 0000000..6ce4cc2 --- /dev/null +++ b/base/immich-services.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + application.name: immich-proxy-service + name: immich-proxy-service +spec: + ports: + - name: "2283" + port: 2283 + targetPort: 8080 + selector: + application.name: immich-proxy +status: + loadBalancer: {} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application.name: immich-server-service + name: immich-server-service +spec: + ports: + - name: "3001" + port: 3001 + targetPort: 3001 + selector: + application.name: immich-server +status: + loadBalancer: {} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application.name: immich-machine-learning-service + name: immich-machine-learning-service +spec: + ports: + - name: "3003" + port: 3003 + targetPort: 3003 + selector: + application.name: immich-machine-learning +status: + loadBalancer: {} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application.name: immich-web-service + name: immich-web-service +spec: + ports: + - name: "3000" + port: 3000 + targetPort: 3000 + selector: + application.name: immich-web +status: + loadBalancer: {} diff --git a/base/kustomization.yaml b/base/kustomization.yaml new file mode 100644 index 0000000..f89e045 --- /dev/null +++ b/base/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - immich-deployments.yaml + - immich-ingress.yaml + - immich-services.yaml + - pvc.yaml \ No newline at end of file diff --git a/base/pvc.yaml b/base/pvc.yaml new file mode 100644 index 0000000..cc5ae5f --- /dev/null +++ b/base/pvc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + application.name: immich-claim0 + name: immich-claim0 +spec: + accessModes: + - ReadWriteOnce + storageClassName: freenas-iscsi-csi + resources: + requests: + storage: 100G +status: {} diff --git a/overlays/example/example-env.yaml b/overlays/example/example-env.yaml new file mode 100644 index 0000000..2a7f4eb --- /dev/null +++ b/overlays/example/example-env.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-server +spec: + template: + spec: + containers: + - name: immich-server + env: + - name: BASE_DB_URL + valueFrom: + secretKeyRef: + key: uri + name: mydatabaseurl +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-web +spec: + template: + spec: + containers: + - name: immich-web + env: + - name: BASE_DB_URL + valueFrom: + secretKeyRef: + key: uri + name: mydatabaseurl +--- +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-machine-learning +spec: + template: + spec: + containers: + - name: immich-machine-learning + env: + - name: BASE_DB_URL + valueFrom: + secretKeyRef: + key: uri + name: mydatabaseurl +--- +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-microservices +spec: + template: + spec: + containers: + - name: immich-microservices + env: + - name: BASE_DB_URL + valueFrom: + secretKeyRef: + key: uri + name: mydatabaseurl +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-claim0 +spec: + storageClassName: freenas-iscsi-csi + resources: + requests: + storage: 100G diff --git a/overlays/example/ingress-patch.json b/overlays/example/ingress-patch.json new file mode 100644 index 0000000..45876ca --- /dev/null +++ b/overlays/example/ingress-patch.json @@ -0,0 +1,12 @@ +[ + { + "op": "replace", + "path": "/spec/rules/0/host", + "value": "the.real.hostname" + }, + { + "op": "replace", + "path": "/spec/tls/0/hosts", + "value": "the.real.hostname" + } +] diff --git a/overlays/example/kustomization.yaml b/overlays/example/kustomization.yaml new file mode 100644 index 0000000..ac6a1c4 --- /dev/null +++ b/overlays/example/kustomization.yaml @@ -0,0 +1,40 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patchesStrategicMerge: + - example-env.yaml + +images: +- name: altran1502/immich-server + newName: altran1502/immich-server + newTag: release +- name: altran1502/immich-web + newName: altran1502/immich-web + newTag: release +- name: altran1502/immich-machine-learning + newName: altran1502/immich-machine-learning + newTag: release +- name: altran1502/immich-microservices + newName: altran1502/immich-microservices + newTag: release +- name: altran1502/immich-proxy + newName: altran1502/immich-proxy + newTag: release + +# Use the command below to generate a key +# openssl rand -base64 128 +secretGenerator: +- literals: + - key=yourkeygoeshere + name: immich-jwt-key + type: Opaque + behavior: merge + +patches: +- target: + kind: Ingress + name: immich-ingress + path: ingress-patch.json \ No newline at end of file