Merge pull request #15 from aggarwalakshun/add-immich

add db, ingress, ml, pvc, secrets,svc, deployment for immich

clusters/ipv6/media/immich/immich-db.yml

@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: immich-psql
+  namespace: media
+spec:
+  selector:
+    matchLabels:
+      app: immich-psql
+  serviceName: immich-psql
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: immich-psql
+    spec:
+      initContainers:
+      - name: cleanup
+        image: busybox
+        command: ['sh', '-c', 'rm -rf /var/lib/postgresql/data/lost+found']
+        volumeMounts:
+        - name: immich-db
+          mountPath: /var/lib/postgresql/data
+      containers:
+      - name: immich-psql
+        image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
+        ports:
+        - containerPort: 5432
+          name: postgres
+        env:
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: immich-postgres-secret
+              key: password
+        - name: POSTGRES_USER
+          value: "postgres"
+        - name: POSTGRES_DB
+          value: "immich"
+        - name: POSTGRES_INITDB_ARGS
+          value: "--data-checksums"
+        volumeMounts:
+        - mountPath: /var/lib/postgresql/data
+          name: immich-db
+  volumeClaimTemplates:
+  - metadata:
+      name: immich-db
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 5Gi
+      storageClassName: longhorn

clusters/ipv6/media/immich/immich-ingress.yml

@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: immich-ingress
+  namespace: media
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-cloudflare
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - immich.akshun-lab.cc
+    secretName: immich-tls
+  rules:
+  - host: immich.akshun-lab.cc
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: immich-service
+            port:
+              number: 2283

clusters/ipv6/media/immich/immich-ml.yml

@@ -0,0 +1,43 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: immich-ml
+  namespace: media
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: immich-ml
+  template:
+    metadata:
+      labels:
+        app: immich-ml
+    spec:
+      runtimeClassName: nvidia
+      containers:
+      - name: immich-machine-learning
+        image: ghcr.io/immich-app/immich-machine-learning:v2.4.1-cuda
+        ports:
+        - containerPort: 3003
+        env:
+        - name: REDIS_HOSTNAME
+          value: "immich-redis-service"
+        - name: NVIDIA_VISIBLE_DEVICES
+          value: "all"
+        - name: MACHINE_LEARNING_DEVICE_IDS
+          value: "0"
+        volumeMounts:
+        - name: model-cache
+          mountPath: /cache
+        resources:
+          requests:
+            nvidia.com/gpu: "1"
+          limits:
+            nvidia.com/gpu: "1"
+      volumes:
+      - name: model-cache
+        persistentVolumeClaim:
+          claimName: immich-cache-longhorn

clusters/ipv6/media/immich/immich-pvc.yml

@@ -0,0 +1,55 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-cache-longhorn
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: longhorn
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: immich-pictures-pv
+  namespace: media
+spec:
+  capacity:
+    storage: 100Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: immich-pictures-pv
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+  csi:
+    driver: smb.csi.k8s.io
+    volumeHandle: 192.168.1.4#pictures#immich
+    volumeAttributes:
+      source: //192.168.1.4/pictures
+    nodeStageSecretRef:
+      name: smb-creds
+      namespace: media
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-pictures-pvc
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: immich-pictures-pv
+  resources:
+    requests:
+      storage: 100Gi

clusters/ipv6/media/immich/immich-redis.yml

@@ -0,0 +1,23 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: immich-redis
+  namespace: media
+spec:
+  selector:
+    matchLabels:
+      app: immich-redis
+  serviceName: immich-redis
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: immich-redis
+    spec:
+      containers:
+      - name: redis
+        image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+        ports:
+        - containerPort: 6379
+          name: redis

clusters/ipv6/media/immich/immich-secrets-sealed.yml

@@ -0,0 +1,14 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: immich-postgres-secret
+  namespace: media
+spec:
+  encryptedData:
+    password: AgBu1TYgl5+c8HAEZ62WcBcD6ebaF0YXl64RiumT5fOA8F16FA1OeATh17MTXUZuaF+WxpzJoJNSFp8GkfejSczMC2ZkViE/XR6spTGinHd6YI/HWQe0A1ojmTucohssWa00Ql0i6L6OTcD6fOS3gWZnUAi8W42vh4NVgdRx5AWSvjCwsF/visu5OwTFU0vRyTcYN3jrr/uYqLCrLKIQhf/jlfl7BdKN4Y/oZXMWP8K0mVp3deDqDF9NgL5fboL6B5XPihR7lPAZMmTQpf3ansxMMqesnWMKFUAyh50h4JEKcriSKPPuHhtsWTqKQmgUl+pmaTjDI31zmHKNQRbI4dTmkP0hVYGZ8hKomsbLvq9x8ZDfjGz2Vgt57ZMvMftMiz6Fvw8aQ+6XgTpfpYq6ZA4i3+p17nTrdQtMOuH1ogq5b09t2I6AB+0KANFJVG1iPTVGhG0nt23nZQydDHJ42ijl4OtRfJPHf28bUUpYSJ2X6g0/PGzTP8o2Hb+aLG5nJFfy6vikEHDDI4Z75hNSYrftHtQLxImxnEiMdIde1g26b00ECQ9roaOhszozQkGlKImC1+RpdUx1Mgi5yvqk7+RBRHolj9oxa0bdO9uj7u/SIuw8d7XHzHts2NBro9v6HpYjDiFmD35UTCvcaAi4PTUE/Sn2H5BWUDRnznrk1vp5EK3iv4uSM1L0EcD3Lkm6kTbwlctJaS0=
+  template:
+    metadata:
+      name: immich-postgres-secret
+      namespace: media
+    type: Opaque

clusters/ipv6/media/immich/immich-svc.yml

@@ -0,0 +1,55 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-service
+  namespace: media
+spec:
+  selector:
+    app: immich-app
+  ports:
+  - port: 2283
+    targetPort: 2283
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-machine-learning-service
+  namespace: media
+spec:
+  selector:
+    app: immich-ml
+  ports:
+  - port: 3003
+    targetPort: 3003
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-psql
+  namespace: media
+spec:
+  selector:
+    app: immich-psql
+  ports:
+    - name: postgres
+      port: 5432
+      targetPort: 5432
+  clusterIP: None
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-redis
+  namespace: media
+spec:
+  selector:
+    app: immich-redis
+  ports:
+    - name: redis
+      port: 6379
+      targetPort: 6379
+  clusterIP: None

clusters/ipv6/media/immich/immich.yml

@@ -0,0 +1,56 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: immich-app
+  namespace: media
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: immich-app
+  template:
+    metadata:
+      labels:
+        app: immich-app
+    spec:
+      containers:
+      - name: immich-server
+        image: ghcr.io/immich-app/immich-server:v2.4.1
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - |
+              pg_isready -h immich-psql.media.svc.cluster.local -U postgres -p 5432
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          failureThreshold: 5
+        ports:
+        - containerPort: 2283
+        env:
+        - name: TZ
+          value: "Asia/Kolkata"
+        - name: REDIS_HOSTNAME
+          value: "immich-redis.media.svc.cluster.local"
+        - name: DB_USERNAME
+          value: "postgres"
+        - name: DB_DATABASE_NAME
+          value: "immich"
+        - name: DB_HOSTNAME
+          value: "immich-psql.media.svc.cluster.local"
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: immich-postgres-secret
+              key: password
+        volumeMounts:
+        - mountPath: /usr/src/app/upload
+          name: pictures
+      volumes:
+      - name: pictures
+        persistentVolumeClaim:
+          claimName: immich-pictures-pvc

clusters/ipv6/media/immich/smb-secrets-sealed.yml

@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: smb-creds
+  namespace: media
+spec:
+  encryptedData:
+    password: AgC+7n+UgTpWtKSAT2pM3ko4DyqXlw3PzlBgcX/goSOGbLmxhN/wP1VFh8KJTy/+InMLjPs+Ja0mks6J5YCbl3hvOHFxEnwScnk8vRXgQUgpJTLwZQUR6TOQVJw1jsGqkPOHDzXQiqzvxYgWDdtAX1Fl4Lj6BUOS0zyZqJjC2DKlhLSNqEs2ABuoPLaTwT0i7BEVtUMjIKNJvu+bt2Tc+zdGLeT/RCGiDjiEUvyFOW7/5exPAn0s569EbhG60Wu6Baywz8c+QrgHTkoUkBO+kdSKy1yYMxpNrJ73rblgEUSzxTI/moNrWdpkre3C7hjD99a07zqf83znwwDB7njgecn/Xk4aWy5xyVgViQ4BFcaynR089zuInOtiJHKwv55hvW0jf4xR1pazgHlM/ZEAEv+WZXGd9nwWoCFiPOB/0hta4iJWUkcpfImzNlTq4xbVOUt4DqhNPEKqUAfjBr7krg0LM5y8wAUtepvbD99NVz4yfGMMmZBNBE/REhkJxN5WDPBQZGRdIq0X20wRWN2uCnaj7VYaxLnQbpczka76+dzO/GOlnBLBWkTUwV8VgKn3nsyNYG/7gbvi5c+7U4iDh8oa2/vn3O0nw0vEfnKCKkK5PYy8Ocfe05atQtq+ydtYP131XC/gQMJazOsjmS+8+mJ41b3JnhSI1ptWt0qE1NwcfaUsCFxhjJT6NsUtgvbelz1ixLswyFA=
+    username: AgAebr79UtTr4TK8wwndPZTBoWdeMs/6TCyfh2PWSw81IH3TV6xiVvey/IS3VK+0inXnF5Mx5osNqP7pvigZ+nRy1Opo8Yi1f+9l7dbDQ1LU4InAX4v/SHrNmyZYHfmLTTLfpoh8D+beLmNWXJDd4mz5CxleOIeai/UBdmsasHoQvvKZFBeIIRz2uv+fWurjQFT+8ZOjtyANa7W1Wqd/2WQI/3rP6CRRfOALoANj/+y3oCXXixzcyl/mEv1GN+p1B9g6AgQycpQSr8kNCeigFEiurU4flliRjwOP6NoZOxc6Vu8i2s4BqGexfgdVpEOLjFL2LtsIf5qLL1MXaquyx7ycXMM3zS8+yeitJ76U65HYswt6EpuksUKay+RFBAMXAzRvjY1MaLzdzso2qUh8yueQ28yI8HEXZLCMuEfTLs3vSHfFApk/JpTCYOtsUJynrF2EY7TxWYNlmn00f9i33Asikv3al+gKzjiN3btdk8y27LhIN3vCmzogHOO+Dt5kEuUCwMjfVGfnoVqQ7GpX7blEdhV9yNlY7evpwJJTYdY3avJnxVD7CXRihS0o2AYgQ5qfVllwR4BePsnyUlr4kwdsMf+PJRYXEBtGEKnJJGA6N+n3hSm6UYRaDXJxy7iCGMUOhiilA9gfnEZ/Zmmy0W7l034o+cFMZxaWOR9/hF3s8keF9iN8SUgsxrPMwdfJ2jgpzhDe9cA=
+  template:
+    metadata:
+      name: smb-creds
+      namespace: media
+    type: Opaque