From 6a191db1075b2a5aa6681f61902872a32c175207 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sun, 28 Dec 2025 03:33:49 +0530 Subject: [PATCH] add db, ingress, ml, pvc, secrets,svc, deployment for immich --- clusters/ipv6/media/immich/immich-db.yml | 54 ++++++++++++++++++ clusters/ipv6/media/immich/immich-ingress.yml | 26 +++++++++ clusters/ipv6/media/immich/immich-ml.yml | 43 ++++++++++++++ clusters/ipv6/media/immich/immich-pvc.yml | 55 ++++++++++++++++++ clusters/ipv6/media/immich/immich-redis.yml | 23 ++++++++ .../media/immich/immich-secrets-sealed.yml | 14 +++++ clusters/ipv6/media/immich/immich-svc.yml | 55 ++++++++++++++++++ clusters/ipv6/media/immich/immich.yml | 56 +++++++++++++++++++ .../ipv6/media/immich/smb-secrets-sealed.yml | 15 +++++ 9 files changed, 341 insertions(+) create mode 100644 clusters/ipv6/media/immich/immich-db.yml create mode 100644 clusters/ipv6/media/immich/immich-ingress.yml create mode 100644 clusters/ipv6/media/immich/immich-ml.yml create mode 100644 clusters/ipv6/media/immich/immich-pvc.yml create mode 100644 clusters/ipv6/media/immich/immich-redis.yml create mode 100644 clusters/ipv6/media/immich/immich-secrets-sealed.yml create mode 100644 clusters/ipv6/media/immich/immich-svc.yml create mode 100644 clusters/ipv6/media/immich/immich.yml create mode 100644 clusters/ipv6/media/immich/smb-secrets-sealed.yml diff --git a/clusters/ipv6/media/immich/immich-db.yml b/clusters/ipv6/media/immich/immich-db.yml new file mode 100644 index 0000000..43f33b4 --- /dev/null +++ b/clusters/ipv6/media/immich/immich-db.yml @@ -0,0 +1,54 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: immich-psql + namespace: media +spec: + selector: + matchLabels: + app: immich-psql + serviceName: immich-psql + replicas: 1 + template: + metadata: + labels: + app: immich-psql + spec: + initContainers: + - name: cleanup + image: busybox + command: ['sh', '-c', 'rm -rf /var/lib/postgresql/data/lost+found'] + volumeMounts: + - name: immich-db + mountPath: /var/lib/postgresql/data + containers: + - name: immich-psql + image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0 + ports: + - containerPort: 5432 + name: postgres + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: immich-postgres-secret + key: password + - name: POSTGRES_USER + value: "postgres" + - name: POSTGRES_DB + value: "immich" + - name: POSTGRES_INITDB_ARGS + value: "--data-checksums" + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: immich-db + volumeClaimTemplates: + - metadata: + name: immich-db + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 5Gi + storageClassName: longhorn diff --git a/clusters/ipv6/media/immich/immich-ingress.yml b/clusters/ipv6/media/immich/immich-ingress.yml new file mode 100644 index 0000000..9b8e3a8 --- /dev/null +++ b/clusters/ipv6/media/immich/immich-ingress.yml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: immich-ingress + namespace: media + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cloudflare + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + tls: + - hosts: + - immich.akshun-lab.cc + secretName: immich-tls + rules: + - host: immich.akshun-lab.cc + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: immich-service + port: + number: 2283 diff --git a/clusters/ipv6/media/immich/immich-ml.yml b/clusters/ipv6/media/immich/immich-ml.yml new file mode 100644 index 0000000..65b596f --- /dev/null +++ b/clusters/ipv6/media/immich/immich-ml.yml @@ -0,0 +1,43 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-ml + namespace: media +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: immich-ml + template: + metadata: + labels: + app: immich-ml + spec: + runtimeClassName: nvidia + containers: + - name: immich-machine-learning + image: ghcr.io/immich-app/immich-machine-learning:v2.4.1-cuda + ports: + - containerPort: 3003 + env: + - name: REDIS_HOSTNAME + value: "immich-redis-service" + - name: NVIDIA_VISIBLE_DEVICES + value: "all" + - name: MACHINE_LEARNING_DEVICE_IDS + value: "0" + volumeMounts: + - name: model-cache + mountPath: /cache + resources: + requests: + nvidia.com/gpu: "1" + limits: + nvidia.com/gpu: "1" + volumes: + - name: model-cache + persistentVolumeClaim: + claimName: immich-cache-longhorn diff --git a/clusters/ipv6/media/immich/immich-pvc.yml b/clusters/ipv6/media/immich/immich-pvc.yml new file mode 100644 index 0000000..659a99d --- /dev/null +++ b/clusters/ipv6/media/immich/immich-pvc.yml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-cache-longhorn + namespace: media +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 10Gi + storageClassName: longhorn + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + annotations: + pv.kubernetes.io/provisioned-by: smb.csi.k8s.io + name: immich-pictures-pv + namespace: media +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: immich-pictures-pv + mountOptions: + - dir_mode=0777 + - file_mode=0777 + csi: + driver: smb.csi.k8s.io + volumeHandle: 192.168.1.4#pictures#immich + volumeAttributes: + source: //192.168.1.4/pictures + nodeStageSecretRef: + name: smb-creds + namespace: media + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-pictures-pvc + namespace: media +spec: + accessModes: + - ReadWriteMany + storageClassName: immich-pictures-pv + resources: + requests: + storage: 100Gi diff --git a/clusters/ipv6/media/immich/immich-redis.yml b/clusters/ipv6/media/immich/immich-redis.yml new file mode 100644 index 0000000..eb78e64 --- /dev/null +++ b/clusters/ipv6/media/immich/immich-redis.yml @@ -0,0 +1,23 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: immich-redis + namespace: media +spec: + selector: + matchLabels: + app: immich-redis + serviceName: immich-redis + replicas: 1 + template: + metadata: + labels: + app: immich-redis + spec: + containers: + - name: redis + image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571 + ports: + - containerPort: 6379 + name: redis diff --git a/clusters/ipv6/media/immich/immich-secrets-sealed.yml b/clusters/ipv6/media/immich/immich-secrets-sealed.yml new file mode 100644 index 0000000..f6606ab --- /dev/null +++ b/clusters/ipv6/media/immich/immich-secrets-sealed.yml @@ -0,0 +1,14 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: immich-postgres-secret + namespace: media +spec: + encryptedData: + password: AgBu1TYgl5+c8HAEZ62WcBcD6ebaF0YXl64RiumT5fOA8F16FA1OeATh17MTXUZuaF+WxpzJoJNSFp8GkfejSczMC2ZkViE/XR6spTGinHd6YI/HWQe0A1ojmTucohssWa00Ql0i6L6OTcD6fOS3gWZnUAi8W42vh4NVgdRx5AWSvjCwsF/visu5OwTFU0vRyTcYN3jrr/uYqLCrLKIQhf/jlfl7BdKN4Y/oZXMWP8K0mVp3deDqDF9NgL5fboL6B5XPihR7lPAZMmTQpf3ansxMMqesnWMKFUAyh50h4JEKcriSKPPuHhtsWTqKQmgUl+pmaTjDI31zmHKNQRbI4dTmkP0hVYGZ8hKomsbLvq9x8ZDfjGz2Vgt57ZMvMftMiz6Fvw8aQ+6XgTpfpYq6ZA4i3+p17nTrdQtMOuH1ogq5b09t2I6AB+0KANFJVG1iPTVGhG0nt23nZQydDHJ42ijl4OtRfJPHf28bUUpYSJ2X6g0/PGzTP8o2Hb+aLG5nJFfy6vikEHDDI4Z75hNSYrftHtQLxImxnEiMdIde1g26b00ECQ9roaOhszozQkGlKImC1+RpdUx1Mgi5yvqk7+RBRHolj9oxa0bdO9uj7u/SIuw8d7XHzHts2NBro9v6HpYjDiFmD35UTCvcaAi4PTUE/Sn2H5BWUDRnznrk1vp5EK3iv4uSM1L0EcD3Lkm6kTbwlctJaS0= + template: + metadata: + name: immich-postgres-secret + namespace: media + type: Opaque diff --git a/clusters/ipv6/media/immich/immich-svc.yml b/clusters/ipv6/media/immich/immich-svc.yml new file mode 100644 index 0000000..72ac582 --- /dev/null +++ b/clusters/ipv6/media/immich/immich-svc.yml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-service + namespace: media +spec: + selector: + app: immich-app + ports: + - port: 2283 + targetPort: 2283 + +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-machine-learning-service + namespace: media +spec: + selector: + app: immich-ml + ports: + - port: 3003 + targetPort: 3003 + +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-psql + namespace: media +spec: + selector: + app: immich-psql + ports: + - name: postgres + port: 5432 + targetPort: 5432 + clusterIP: None + +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-redis + namespace: media +spec: + selector: + app: immich-redis + ports: + - name: redis + port: 6379 + targetPort: 6379 + clusterIP: None diff --git a/clusters/ipv6/media/immich/immich.yml b/clusters/ipv6/media/immich/immich.yml new file mode 100644 index 0000000..3694d9f --- /dev/null +++ b/clusters/ipv6/media/immich/immich.yml @@ -0,0 +1,56 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-app + namespace: media +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: immich-app + template: + metadata: + labels: + app: immich-app + spec: + containers: + - name: immich-server + image: ghcr.io/immich-app/immich-server:v2.4.1 + readinessProbe: + exec: + command: + - sh + - -c + - | + pg_isready -h immich-psql.media.svc.cluster.local -U postgres -p 5432 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 5 + ports: + - containerPort: 2283 + env: + - name: TZ + value: "Asia/Kolkata" + - name: REDIS_HOSTNAME + value: "immich-redis.media.svc.cluster.local" + - name: DB_USERNAME + value: "postgres" + - name: DB_DATABASE_NAME + value: "immich" + - name: DB_HOSTNAME + value: "immich-psql.media.svc.cluster.local" + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: immich-postgres-secret + key: password + volumeMounts: + - mountPath: /usr/src/app/upload + name: pictures + volumes: + - name: pictures + persistentVolumeClaim: + claimName: immich-pictures-pvc diff --git a/clusters/ipv6/media/immich/smb-secrets-sealed.yml b/clusters/ipv6/media/immich/smb-secrets-sealed.yml new file mode 100644 index 0000000..196b613 --- /dev/null +++ b/clusters/ipv6/media/immich/smb-secrets-sealed.yml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: smb-creds + namespace: media +spec: + encryptedData: + password: AgC+7n+UgTpWtKSAT2pM3ko4DyqXlw3PzlBgcX/goSOGbLmxhN/wP1VFh8KJTy/+InMLjPs+Ja0mks6J5YCbl3hvOHFxEnwScnk8vRXgQUgpJTLwZQUR6TOQVJw1jsGqkPOHDzXQiqzvxYgWDdtAX1Fl4Lj6BUOS0zyZqJjC2DKlhLSNqEs2ABuoPLaTwT0i7BEVtUMjIKNJvu+bt2Tc+zdGLeT/RCGiDjiEUvyFOW7/5exPAn0s569EbhG60Wu6Baywz8c+QrgHTkoUkBO+kdSKy1yYMxpNrJ73rblgEUSzxTI/moNrWdpkre3C7hjD99a07zqf83znwwDB7njgecn/Xk4aWy5xyVgViQ4BFcaynR089zuInOtiJHKwv55hvW0jf4xR1pazgHlM/ZEAEv+WZXGd9nwWoCFiPOB/0hta4iJWUkcpfImzNlTq4xbVOUt4DqhNPEKqUAfjBr7krg0LM5y8wAUtepvbD99NVz4yfGMMmZBNBE/REhkJxN5WDPBQZGRdIq0X20wRWN2uCnaj7VYaxLnQbpczka76+dzO/GOlnBLBWkTUwV8VgKn3nsyNYG/7gbvi5c+7U4iDh8oa2/vn3O0nw0vEfnKCKkK5PYy8Ocfe05atQtq+ydtYP131XC/gQMJazOsjmS+8+mJ41b3JnhSI1ptWt0qE1NwcfaUsCFxhjJT6NsUtgvbelz1ixLswyFA= + username: AgAebr79UtTr4TK8wwndPZTBoWdeMs/6TCyfh2PWSw81IH3TV6xiVvey/IS3VK+0inXnF5Mx5osNqP7pvigZ+nRy1Opo8Yi1f+9l7dbDQ1LU4InAX4v/SHrNmyZYHfmLTTLfpoh8D+beLmNWXJDd4mz5CxleOIeai/UBdmsasHoQvvKZFBeIIRz2uv+fWurjQFT+8ZOjtyANa7W1Wqd/2WQI/3rP6CRRfOALoANj/+y3oCXXixzcyl/mEv1GN+p1B9g6AgQycpQSr8kNCeigFEiurU4flliRjwOP6NoZOxc6Vu8i2s4BqGexfgdVpEOLjFL2LtsIf5qLL1MXaquyx7ycXMM3zS8+yeitJ76U65HYswt6EpuksUKay+RFBAMXAzRvjY1MaLzdzso2qUh8yueQ28yI8HEXZLCMuEfTLs3vSHfFApk/JpTCYOtsUJynrF2EY7TxWYNlmn00f9i33Asikv3al+gKzjiN3btdk8y27LhIN3vCmzogHOO+Dt5kEuUCwMjfVGfnoVqQ7GpX7blEdhV9yNlY7evpwJJTYdY3avJnxVD7CXRihS0o2AYgQ5qfVllwR4BePsnyUlr4kwdsMf+PJRYXEBtGEKnJJGA6N+n3hSm6UYRaDXJxy7iCGMUOhiilA9gfnEZ/Zmmy0W7l034o+cFMZxaWOR9/hF3s8keF9iN8SUgsxrPMwdfJ2jgpzhDe9cA= + template: + metadata: + name: smb-creds + namespace: media + type: Opaque