hammer/k8s-immich
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Chris Hamer 2023-01-25 00:49:35 +00:00
parent a95276ecc1
commit a2c47fae13
8 changed files with 561 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

305
base/immich-deployments.yaml Normal file
View File

@ -0,0 +1,305 @@
apiVersion: v1
data:
key: 85NiG6C+BqJmkziV1Og+5Nb2QTBLErn/Sf7ntBcHM1LttcfjD7Xjk0aluuYUOsrNemF1RaxLqOIiXMfimX+jTs/M4t5wPxQ4kmMivVZf4kP8N+6v5JXp9e8e6cyi4h+Su1X3DspHKKXDym/Yeijltmz8HBE1r+ZURt8iqTAWPgY=
kind: Secret
metadata:
name: immich-jwt-key
namespace: default
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
application.name: immich-server
name: immich-server
spec:
replicas: 1
selector:
matchLabels:
application.name: immich-server
strategy:
type: Recreate
template:
metadata:
labels:
application.name: immich-server
spec:
containers:
- command:
- /bin/sh
- ./start-server.sh
env:
- name: BASE_DB_URL
valueFrom:
secretKeyRef:
key: uri
name: example-db-pguser-immich-user
- name: DB_URL
value: $(BASE_DB_URL)?sslmode=no-verify
- name: IMMICH_MACHINE_LEARNING_URL
value: http://immich-machine-learning-service.default.svc:3003
- name: IMMICH_SERVER_URL
value: http://immich-server-service.default.svc:3001
- name: IMMICH_WEB_URL
value: http://immich-web-service.default.svc:3000
- name: JWT_SECRET
valueFrom:
secretKeyRef:
key: key
name: immich-jwt-key
- name: NODE_ENV
value: production
- name: PUBLIC_LOGIN_PAGE_MESSAGE
- name: REDIS_HOSTNAME
value: immich-redis-master.default.svc
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: immich-redis
- name: REDIS_DBINDEX
value: "0"
- name: REDIS_PORT
value: "6379"
image: altran1502/immich-server:latest
name: immich-server
resources: {}
volumeMounts:
- mountPath: /usr/src/app/upload
name: immich-server-claim0
restartPolicy: Always
volumes:
- name: immich-server-claim0
persistentVolumeClaim:
claimName: immich-claim0
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
application.name: immich-web
name: immich-web
spec:
replicas: 1
selector:
matchLabels:
application.name: immich-web
strategy: {}
template:
metadata:
labels:
application.name: immich-web
spec:
containers:
- command:
- /bin/sh
- ./entrypoint.sh
env:
- name: BASE_DB_URL
valueFrom:
secretKeyRef:
key: uri
name: example-db-pguser-immich-user
- name: DB_URL
value: $(BASE_DB_URL)?sslmode=no-verify
- name: IMMICH_MACHINE_LEARNING_URL
value: http://immich-machine-learning-service.default.svc:3003
- name: IMMICH_SERVER_URL
value: http://immich-server-service.default.svc:3001
- name: IMMICH_WEB_URL
value: http://immich-web-service.default.svc:3000
- name: JWT_SECRET
valueFrom:
secretKeyRef:
key: key
name: immich-jwt-key
- name: NODE_ENV
value: production
- name: PUBLIC_LOGIN_PAGE_MESSAGE
- name: REDIS_HOSTNAME
value: immich-redis-master.default.svc
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: immich-redis
- name: REDIS_DBINDEX
value: "0"
- name: REDIS_PORT
value: "6379"
image: altran1502/immich-web:latest
name: immich-web
resources: {}
restartPolicy: Always
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
application.name: immich-machine-learning
name: immich-machine-learning
spec:
replicas: 1
selector:
matchLabels:
application.name: immich-machine-learning
strategy:
type: Recreate
template:
metadata:
labels:
application.name: immich-machine-learning
spec:
containers:
- command:
- /bin/sh
- ./entrypoint.sh
env:
- name: BASE_DB_URL
valueFrom:
secretKeyRef:
key: uri
name: example-db-pguser-immich-user
- name: DB_URL
value: $(BASE_DB_URL)?sslmode=no-verify
- name: IMMICH_MACHINE_LEARNING_URL
value: http://immich-machine-learning-service.default.svc:3003
- name: IMMICH_SERVER_URL
value: http://immich-server-service.default.svc:3001
- name: IMMICH_WEB_URL
value: http://immich-web-service.default.svc:3000
- name: JWT_SECRET
valueFrom:
secretKeyRef:
key: key
name: immich-jwt-key
- name: NODE_ENV
value: production
- name: PUBLIC_LOGIN_PAGE_MESSAGE
- name: REDIS_HOSTNAME
value: immich-redis-master.default.svc
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: immich-redis
- name: REDIS_DBINDEX
value: "0"
- name: REDIS_PORT
value: "6379"
image: altran1502/immich-machine-learning:latest
name: immich-machine-learning
resources:
limits:
cpu: "4"
volumeMounts:
- mountPath: /usr/src/app/upload
name: immich-machine-learning-claim0
restartPolicy: Always
volumes:
- name: immich-machine-learning-claim0
persistentVolumeClaim:
claimName: immich-claim0
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
application.name: immich-microservices
name: immich-microservices
spec:
replicas: 1
selector:
matchLabels:
application.name: immich-microservices
strategy:
type: Recreate
template:
metadata:
labels:
application.name: immich-microservices
spec:
containers:
- command:
- /bin/sh
- ./start-microservices.sh
env:
- name: BASE_DB_URL
valueFrom:
secretKeyRef:
key: uri
name: example-db-pguser-immich-user
- name: DB_URL
value: $(BASE_DB_URL)?sslmode=no-verify
- name: IMMICH_MACHINE_LEARNING_URL
value: http://immich-machine-learning-service.default.svc:3003
- name: IMMICH_SERVER_URL
value: http://immich-server-service.default.svc:3001
- name: IMMICH_WEB_URL
value: http://immich-web-service.default.svc:3000
- name: JWT_SECRET
valueFrom:
secretKeyRef:
key: key
name: immich-jwt-key
- name: NODE_ENV
value: production
- name: PUBLIC_LOGIN_PAGE_MESSAGE
- name: REDIS_HOSTNAME
value: immich-redis-master.default.svc
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: immich-redis
- name: REDIS_DBINDEX
value: "0"
- name: REDIS_PORT
value: "6379"
image: altran1502/immich-server:latest
name: immich-microservices
resources: {}
volumeMounts:
- mountPath: /usr/src/app/upload
name: immich-microservices-claim0
restartPolicy: Always
volumes:
- name: immich-microservices-claim0
persistentVolumeClaim:
claimName: immich-claim0
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
application.name: immich-proxy
name: immich-proxy
spec:
replicas: 1
selector:
matchLabels:
application.name: immich-proxy
strategy: {}
template:
metadata:
labels:
application.name: immich-proxy
spec:
containers:
- env:
- name: IMMICH_SERVER_URL
value: http://immich-server-service.default.svc:3001
- name: IMMICH_WEB_URL
value: http://immich-web-service.default.svc:3000
image: altran1502/immich-proxy:release
name: immich-proxy
ports:
- containerPort: 8080
resources: {}
restartPolicy: Always
status: {}

44
base/immich-ingress.yaml Normal file
View File

@ -0,0 +1,44 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: immich-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/proxy-body-size: "50000M"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
nginx.ingress.kubernetes.io/proxy-buffers-number: "64 4k"
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
cert-manager.io/issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/server-snippet: |-
gzip on;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied any;
gzip_types
application/javascript
application/json
font/truetype
image/svg+xml
text/css
text/html;
gzip_vary on;
gunzip on;
spec:
tls:
- hosts:
- k8s-immich.example.org
secretName: immich-tls-cert
rules:
- host: k8s-immich.example.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: immich-proxy-service
port:
number: 2283

63
base/immich-services.yaml Normal file
View File

@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
labels:
application.name: immich-proxy-service
name: immich-proxy-service
spec:
ports:
- name: "2283"
port: 2283
targetPort: 8080
selector:
application.name: immich-proxy
status:
loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
application.name: immich-server-service
name: immich-server-service
spec:
ports:
- name: "3001"
port: 3001
targetPort: 3001
selector:
application.name: immich-server
status:
loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
application.name: immich-machine-learning-service
name: immich-machine-learning-service
spec:
ports:
- name: "3003"
port: 3003
targetPort: 3003
selector:
application.name: immich-machine-learning
status:
loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
application.name: immich-web-service
name: immich-web-service
spec:
ports:
- name: "3000"
port: 3000
targetPort: 3000
selector:
application.name: immich-web
status:
loadBalancer: {}

8
base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- immich-deployments.yaml
- immich-ingress.yaml
- immich-services.yaml
- pvc.yaml

14
base/pvc.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
application.name: immich-claim0
name: immich-claim0
spec:
accessModes:
- ReadWriteOnce
storageClassName: freenas-iscsi-csi
resources:
requests:
storage: 100G
status: {}

75
overlays/example/example-env.yaml Normal file
View File

@ -0,0 +1,75 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-server
spec:
template:
spec:
containers:
- name: immich-server
env:
- name: BASE_DB_URL
valueFrom:
secretKeyRef:
key: uri
name: mydatabaseurl
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-web
spec:
template:
spec:
containers:
- name: immich-web
env:
- name: BASE_DB_URL
valueFrom:
secretKeyRef:
key: uri
name: mydatabaseurl
---
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-machine-learning
spec:
template:
spec:
containers:
- name: immich-machine-learning
env:
- name: BASE_DB_URL
valueFrom:
secretKeyRef:
key: uri
name: mydatabaseurl
---
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-microservices
spec:
template:
spec:
containers:
- name: immich-microservices
env:
- name: BASE_DB_URL
valueFrom:
secretKeyRef:
key: uri
name: mydatabaseurl
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-claim0
spec:
storageClassName: freenas-iscsi-csi
resources:
requests:
storage: 100G

12
overlays/example/ingress-patch.json Normal file
View File

@ -0,0 +1,12 @@
[
{
"op": "replace",
"path": "/spec/rules/0/host",
"value": "the.real.hostname"
},
{
"op": "replace",
"path": "/spec/tls/0/hosts",
"value": "the.real.hostname"
}
]

40
overlays/example/kustomization.yaml Normal file
View File

@ -0,0 +1,40 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
patchesStrategicMerge:
- example-env.yaml
images:
- name: altran1502/immich-server
newName: altran1502/immich-server
newTag: release
- name: altran1502/immich-web
newName: altran1502/immich-web
newTag: release
- name: altran1502/immich-machine-learning
newName: altran1502/immich-machine-learning
newTag: release
- name: altran1502/immich-microservices
newName: altran1502/immich-microservices
newTag: release
- name: altran1502/immich-proxy
newName: altran1502/immich-proxy
newTag: release
# Use the command below to generate a key
# openssl rand -base64 128
secretGenerator:
- literals:
- key=yourkeygoeshere
name: immich-jwt-key
type: Opaque
behavior: merge
patches:
- target:
kind: Ingress
name: immich-ingress
path: ingress-patch.json