taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kubernetes: add and update new and existing projects
All checks were successful
ci/woodpecker/push/demo-workflow Pipeline was successful
Details

Browse Source
This commit is contained in:
Taqi Tahmid
2025-10-05 16:32:56 +03:00
parent d9b3ceff6b
commit 2ee0c95869
21 changed files with 291319 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
kubernetes/immich/backup/immich-intermediate-db.yaml Normal file
View File

@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: immich-migration-db
spec:
serviceName: "immich-migration-db"
replicas: 1
selector:
matchLabels:
app: immich-migration-db
template:
metadata:
labels:
app: immich-migration-db
spec:
containers:
- name: postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: immich
- name: POSTGRES_USER
value: immich
- name: POSTGRES_PASSWORD
value: arsehole
volumeMounts:
- name: pgdata
mountPath: /var/lib/postgresql/data
volumeClaimTemplates:
- metadata:
name: pgdata
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
name: immich-migration-db
spec:
selector:
app: immich-migration-db
ports:
- name: postgres
port: 5432
targetPort: 5432
type: LoadBalancer

290541
kubernetes/immich/backup/immich_dump.sql Normal file
View File

File diff suppressed because one or more lines are too long

30
kubernetes/immich/immich-helm-chart/.helmignore Normal file
View File

@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS
# helm-docs templates
*.gotmpl
# helm unit tests
tests/

6
kubernetes/immich/immich-helm-chart/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://bjw-s-labs.github.io/helm-charts
version: 1.4.0
digest: sha256:7acd0966a8a046c2dc4f5eecdc4c34439c1f0fcacc4dcb99630721d21414234c
generated: "2025-10-05T00:42:21.037899892+03:00"

25
kubernetes/immich/immich-helm-chart/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: v2
description: A chart to power Immich (immich.app) running on kubernetes
name: immich
version: 0.9.3
appVersion: v1.143.1
home: https://immich.app/
icon: https://raw.githubusercontent.com/immich-app/immich/main/design/immich-logo.svg
sources:
- https://github.com/immich-app/immich-charts/tree/main/charts/immich
- https://github.com/immich-app/immich
maintainers:
- name: PixelJonas
email: 5434875+PixelJonas@users.noreply.github.com
- name: bo0tzz
email: immich@bo0tzz.me
dependencies:
- name: common
repository: https://bjw-s-labs.github.io/helm-charts
version: 1.4.0
annotations:
artifacthub.io/category: storage
artifacthub.io/changes: |-
- kind: added
description: Made chart available through OCI repository

BIN
kubernetes/immich/immich-helm-chart/charts/common-1.4.0.tgz Normal file
View File

Binary file not shown.

12
kubernetes/immich/immich-helm-chart/templates/checks.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- $name := .Values.immich.persistence.library.existingClaim | required ".Values.immich.persistence.library.existingClaim is required." -}}
{{- if not (kindIs "string" $name) -}}{{- fail ".Values.immich.persistence.library.existingClaim must be a string" -}}{{- end -}}
{{ if .Values.postgresql }}
{{ fail "The postgres subchart has been removed. Please see https://github.com/immich-app/immich-charts/issues/149 for more detail." }}
{{ end }}
{{ if hasKey .Values "redis" }}
{{ if .Values.redis.enabled }}
{{ fail "The bitnami redis subchart has been deprecated and removed. Please use the included valkey deployment or an external instance."}}
{{ end }}
{{ end }}

15
kubernetes/immich/immich-helm-chart/templates/immich-config.yml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.immich.configuration }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-immich-config
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ .Chart.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: {{ printf "%s-%s\n" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
data:
immich-config.yaml: |
{{- .Values.immich.configuration | toYaml | nindent 4 }}
{{- end }}

52
kubernetes/immich/immich-helm-chart/templates/machine-learning.yaml Normal file
View File

@ -0,0 +1,52 @@
{{- define "immich.machine-learning.hardcodedValues" -}}
global:
nameOverride: machine-learning
controller:
strategy: RollingUpdate
service:
main:
enabled: true
primary: true
type: ClusterIP
ports:
http:
enabled: true
primary: true
port: 3003
protocol: HTTP
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 60
{{- end }}
{{- /* Have to reference with index here because the dash breaks a normal dereference */}}
{{ if (index .Values "machine-learning").enabled }}
{{- $ctx := deepCopy . -}}
{{- $_ := get .Values "machine-learning" | mergeOverwrite $ctx.Values -}}
{{- $_ = include "immich.machine-learning.hardcodedValues" . | fromYaml | merge $ctx.Values -}}
{{- include "bjw-s.common.loader.all" $ctx }}
{{ end }}

94
kubernetes/immich/immich-helm-chart/templates/server.yaml Normal file
View File

@ -0,0 +1,94 @@
{{- define "immich.server.hardcodedValues" -}}
global:
nameOverride: server
env:
{{ if .Values.immich.metrics.enabled }}
IMMICH_TELEMETRY_INCLUDE: all
{{ end }}
{{- if .Values.immich.configuration }}
IMMICH_CONFIG_FILE: /config/immich-config.yaml
{{- end }}
{{- if .Values.immich.configuration }}
podAnnotations:
checksum/config: {{ .Values.immich.configuration | toYaml | sha256sum }}
{{- end }}
controller:
strategy: RollingUpdate
service:
main:
enabled: true
primary: true
type: ClusterIP
ports:
http:
enabled: true
primary: true
port: 2283
protocol: HTTP
metrics-api:
enabled: {{ .Values.immich.metrics.enabled }}
port: 8081
protocol: HTTP
metrics-ms:
enabled: {{ .Values.immich.metrics.enabled }}
port: 8082
protocol: HTTP
serviceMonitor:
main:
enabled: {{ .Values.immich.metrics.enabled }}
endpoints:
- port: metrics-api
scheme: http
- port: metrics-ms
scheme: http
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /api/server/ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: true
custom: true
spec:
httpGet:
path: /api/server/ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 30
persistence:
{{- if .Values.immich.configuration }}
config:
enabled: true
type: configMap
name: {{ .Release.Name }}-immich-config
{{- end }}
library:
enabled: true
mountPath: /usr/src/app/upload
existingClaim: {{ .Values.immich.persistence.library.existingClaim }}
{{- end }}
{{ if .Values.server.enabled }}
{{- $ctx := deepCopy . -}}
{{- $_ := get .Values "server" | mergeOverwrite $ctx.Values -}}
{{- $_ = include "immich.server.hardcodedValues" . | fromYaml | merge $ctx.Values -}}
{{- include "bjw-s.common.loader.all" $ctx }}
{{ end }}

69
kubernetes/immich/immich-helm-chart/templates/valkey.yaml Normal file
View File

@ -0,0 +1,69 @@
{{- define "valkey.hardcodedValues" -}}
global:
nameOverride: valkey
controller:
strategy: Recreate
service:
main:
enabled: true
primary: true
type: ClusterIP
ports:
redis:
enabled: true
primary: true
port: 6379
protocol: TCP
http:
enabled: false
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- sh
- -c
- "valkey-cli ping | grep PONG"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readiness:
enabled: true
custom: true
spec:
exec:
command:
- sh
- -c
- "valkey-cli ping | grep PONG"
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startup:
enabled: true
custom: true
spec:
exec:
command:
- sh
- -c
- "valkey-cli ping | grep PONG"
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
{{- end }}
{{ if .Values.valkey.enabled }}
{{- $ctx := deepCopy . -}}
{{- $_ := get .Values "valkey" | mergeOverwrite $ctx.Values -}}
{{- $_ = include "valkey.hardcodedValues" . | fromYaml | merge $ctx.Values -}}
{{- include "bjw-s.common.loader.all" $ctx }}
{{ end }}

92
kubernetes/immich/immich-helm-chart/values.yaml Normal file
View File

@ -0,0 +1,92 @@
## This chart relies on the common library chart from bjw-s
## You can find it at https://github.com/bjw-s-labs/helm-charts/tree/923ef40a39520979c98f354ea23963ee54f54433/charts/library/common
## Refer there for more detail about the supported values
# These entries are shared between all the Immich components
env:
REDIS_HOSTNAME: '{{ printf "%s-valkey" .Release.Name }}'
DB_HOSTNAME: immich-database-rw.immich.svc.cluster.local
DB_USERNAME: placeholder
DB_DATABASE_NAME: immich
# -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
DB_PASSWORD: placeholder
IMMICH_IGNORE_MOUNT_CHECK_ERRORS: "true"
IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
image:
tag: v2.0.1
immich:
metrics:
# Enabling this will create the service monitors needed to monitor immich with the prometheus operator
enabled: false
persistence:
# Main data store for all photos shared between different components.
library:
# Automatically creating the library volume is not supported by this chart
# You have to specify an existing PVC to use
existingClaim: immich-library
# configuration is immich-config.json converted to yaml
# ref: https://immich.app/docs/install/config-file/
#
configuration:
trash:
enabled: true
days: 30
storageTemplate:
enabled: true
template: "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}"
redis:
enabled: false
valkey:
enabled: true
image:
repository: docker.io/valkey/valkey
tag: 8.0-alpine
pullPolicy: IfNotPresent
persistence:
data:
enabled: true
size: 1Gi
# Optional: Set this to pvc to keep job queues persistent
type: pvc
accessMode: ReadWriteOnce
# Immich components
server:
enabled: true
image:
repository: ghcr.io/immich-app/immich-server
pullPolicy: IfNotPresent
ingress:
main:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
cert-manager.io/cluster-issuer: "acme-issuer"
hosts:
- host: placeholder.immich.app
paths:
- path: "/"
tls:
- secretName: immich-tls
hosts:
- placeholder.immich.app
machine-learning:
enabled: true
image:
repository: ghcr.io/immich-app/immich-machine-learning
pullPolicy: IfNotPresent
env:
TRANSFORMERS_CACHE: /cache
persistence:
cache:
enabled: true
size: 10Gi
# Optional: Set this to pvc to avoid downloading the ML models every start.
type: pvc
accessMode: ReadWriteMany

37
kubernetes/immich/immichDatabase.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: immich-database
spec:
instances: 1
imageName: ghcr.io/tensorchord/cloudnative-vectorchord:16.9-0.4.3
postgresql:
shared_preload_libraries:
- "vectors.so"
- "vchord.so"
managed:
roles:
- name: immich
superuser: true
login: true
postgresql:
shared_preload_libraries:
- "vchord.so"
bootstrap:
initdb:
postInitApplicationSQL:
- CREATE EXTENSION vchord CASCADE;
- CREATE EXTENSION earthdistance CASCADE;
plugins:
- name: barman-cloud.cloudnative-pg.io
isWALArchiver: true
parameters:
barmanObjectName: immich-minio-store
storage:
storageClass: longhorn-2x
size: 5Gi

33
kubernetes/immich/values.yaml
View File

@ -5,17 +5,17 @@
# These entries are shared between all the Immich components
env:
# REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}'
DB_HOSTNAME: pg-backup-rw.immich.svc.cluster.local
REDIS_HOSTNAME: '{{ printf "%s-valkey" .Release.Name }}'
DB_HOSTNAME: immich-database-rw.immich.svc.cluster.local
DB_USERNAME: placeholder
DB_DATABASE_NAME: immich
# -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
DB_PASSWORD: placeholder
IMMICH_IGNORE_MOUNT_CHECK_ERRORS: "true"
# IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
image:
tag: v1.119.0
tag: v2.0.1
immich:
metrics:
@ -38,19 +38,22 @@ immich:
enabled: true
template: "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}"
# Dependencies
# DEPRECATED
# The postgres subchart is deprecated and will be removed in chart version 0.10.0
# See https://github.com/immich-app/immich-charts/issues/149 for more detail.
postgresql:
redis:
enabled: false
redis:
valkey:
enabled: true
architecture: standalone
auth:
enabled: false
image:
repository: docker.io/valkey/valkey
tag: 8.0-alpine
pullPolicy: IfNotPresent
persistence:
data:
enabled: true
size: 1Gi
# Optional: Set this to pvc to keep job queues persistent
type: pvc
accessMode: ReadWriteOnce
# Immich components
server:
@ -74,7 +77,7 @@ server:
- placeholder.immich.app
machine-learning:
enabled: false # disabled due to resource constraints
enabled: true
image:
repository: ghcr.io/immich-app/immich-machine-learning
pullPolicy: IfNotPresent