taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kubernetes: add and update new and existing projects
All checks were successful
ci/woodpecker/push/demo-workflow Pipeline was successful
Details

Browse Source
This commit is contained in:
Taqi Tahmid
2025-10-05 16:32:56 +03:00
parent d9b3ceff6b
commit 2ee0c95869
21 changed files with 291319 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
kubernetes/README.md
View File

@ -462,7 +462,10 @@ kubectl get secret wildcard-cert-secret --namespace=cert -o yaml \
source .env source .env
helm upgrade --install adguard \ helm upgrade --install adguard \
-f adguard/values.yaml \ --namespace adguard \
--create-namespace \
--atomic \
-f adguard-helm-chart/values.yaml \
--set ingress.hosts[0].host=$ADGUARD_HOST \ --set ingress.hosts[0].host=$ADGUARD_HOST \
--set host=$ADGUARD_HOST \ --set host=$ADGUARD_HOST \
--atomic adguard-helm-chart --atomic adguard-helm-chart
@ -797,6 +800,23 @@ envsubst < cloud-native-pg/cloudnative-pg.yaml | kubectl apply -n immich -f -
kubectl apply -f cloud-native-pg/backup.yaml -n immich kubectl apply -f cloud-native-pg/backup.yaml -n immich
``` ```
## Barnman Cloud Plugin Implementation
The cloudnative PG does not require the barman utility to be installed within
the image anymore for backup and recovery. Instead barman plugin and the
objectStore needs to be deployed in the destination namespace.
Ref: https://cloudnative-pg.io/plugin-barman-cloud/docs/usage/
```bash
# Barman Cloud Plugin
kubectl apply -f \
https://github.com/cloudnative-pg/plugin-barman-cloud/releases/download/v0.6.0/manifest.yaml
# Object Store
envsubst < cloud-native-pg/objectStore.yaml | kubectl apply -n immich -f -
```
## Recovery from Backup ## Recovery from Backup
Ref: https://cloudnative-pg.io/documentation/1.20/recovery/ Ref: https://cloudnative-pg.io/documentation/1.20/recovery/
@ -889,14 +909,14 @@ Finally, deploy the Immich helm chart with the following values:
```bash ```bash
source .env source .env
helm upgrade --install \ helm upgrade --install \
--namespace immich immich oci://ghcr.io/immich-app/immich-charts/immich \ --namespace immich immich immich/immich-helm-chart \
-f immich/values.yaml \ -f immich/immich-helm-chart/values.yaml \
--set env.DB_USERNAME=$IMMICH_DB_USER \ --set env.DB_USERNAME=$IMMICH_DB_USER \
--set env.DB_PASSWORD=$IMMICH_DB_PASSWORD \ --set env.DB_PASSWORD=$IMMICH_DB_PASSWORD \
--set env.DB_DATABASE_NAME=$IMMICH_DB_NAME \ --set env.DB_DATABASE_NAME=$IMMICH_DB_NAME \
--set server.ingress.main.hosts[0].host=$IMMICH_HOST \ --set server.ingress.main.hosts[0].host=$IMMICH_HOST \
--set server.ingress.main.tls[0].hosts[0]=$IMMICH_HOST \ --set server.ingress.main.tls[0].hosts[0]=$IMMICH_HOST \
--atomic --atomic
``` ```
# Cron Jobs for Periodic Tasks # Cron Jobs for Periodic Tasks
@ -980,3 +1000,16 @@ helm upgrade --install kube-prometheus prometheus-community/kube-prometheus-stac
--set grafana.ingress.tls[0].hosts[0]=$GRAFANA_HOST \ --set grafana.ingress.tls[0].hosts[0]=$GRAFANA_HOST \
--atomic --atomic
``` ```
# Paperless-ngx
Paperless-ngx is a document management system that allows you to manage your
documents in a digital way. It provides features such as document scanning,
OCR (Optical Character Recognition), and a web interface for easy access
to your documents. The main advantage is finding documents quickly and easily
using powerful search capabilities.
```bash
source .env
envsubst < paperless-ngx/manifest.yaml | kubectl apply -f -
```

20
kubernetes/cloud-native-pg/objectStore.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: barmancloud.cnpg.io/v1
kind: ObjectStore
metadata:
name: immich-minio-store
spec:
configuration:
destinationPath: s3://immich
endpointURL: ${MINIO_ENDPOINT_URL}
s3Credentials:
accessKeyId:
name: minio-creds
key: ACCESS_KEY_ID
secretAccessKey:
name: minio-creds
key: ACCESS_SECRET_KEY
wal:
compression: gzip
data:
compression: gzip
retentionPolicy: "15d"

51
kubernetes/immich/backup/immich-intermediate-db.yaml Normal file
View File

@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: immich-migration-db
spec:
serviceName: "immich-migration-db"
replicas: 1
selector:
matchLabels:
app: immich-migration-db
template:
metadata:
labels:
app: immich-migration-db
spec:
containers:
- name: postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: immich
- name: POSTGRES_USER
value: immich
- name: POSTGRES_PASSWORD
value: arsehole
volumeMounts:
- name: pgdata
mountPath: /var/lib/postgresql/data
volumeClaimTemplates:
- metadata:
name: pgdata
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
name: immich-migration-db
spec:
selector:
app: immich-migration-db
ports:
- name: postgres
port: 5432
targetPort: 5432
type: LoadBalancer

290541
kubernetes/immich/backup/immich_dump.sql Normal file
View File

File diff suppressed because one or more lines are too long

30
kubernetes/immich/immich-helm-chart/.helmignore Normal file
View File

@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS
# helm-docs templates
*.gotmpl
# helm unit tests
tests/

6
kubernetes/immich/immich-helm-chart/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://bjw-s-labs.github.io/helm-charts
version: 1.4.0
digest: sha256:7acd0966a8a046c2dc4f5eecdc4c34439c1f0fcacc4dcb99630721d21414234c
generated: "2025-10-05T00:42:21.037899892+03:00"

25
kubernetes/immich/immich-helm-chart/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: v2
description: A chart to power Immich (immich.app) running on kubernetes
name: immich
version: 0.9.3
appVersion: v1.143.1
home: https://immich.app/
icon: https://raw.githubusercontent.com/immich-app/immich/main/design/immich-logo.svg
sources:
- https://github.com/immich-app/immich-charts/tree/main/charts/immich
- https://github.com/immich-app/immich
maintainers:
- name: PixelJonas
email: 5434875+PixelJonas@users.noreply.github.com
- name: bo0tzz
email: immich@bo0tzz.me
dependencies:
- name: common
repository: https://bjw-s-labs.github.io/helm-charts
version: 1.4.0
annotations:
artifacthub.io/category: storage
artifacthub.io/changes: |-
- kind: added
description: Made chart available through OCI repository

BIN
kubernetes/immich/immich-helm-chart/charts/common-1.4.0.tgz Normal file
View File

Binary file not shown.

12
kubernetes/immich/immich-helm-chart/templates/checks.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- $name := .Values.immich.persistence.library.existingClaim | required ".Values.immich.persistence.library.existingClaim is required." -}}
{{- if not (kindIs "string" $name) -}}{{- fail ".Values.immich.persistence.library.existingClaim must be a string" -}}{{- end -}}
{{ if .Values.postgresql }}
{{ fail "The postgres subchart has been removed. Please see https://github.com/immich-app/immich-charts/issues/149 for more detail." }}
{{ end }}
{{ if hasKey .Values "redis" }}
{{ if .Values.redis.enabled }}
{{ fail "The bitnami redis subchart has been deprecated and removed. Please use the included valkey deployment or an external instance."}}
{{ end }}
{{ end }}

15
kubernetes/immich/immich-helm-chart/templates/immich-config.yml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.immich.configuration }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-immich-config
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ .Chart.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: {{ printf "%s-%s\n" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
data:
immich-config.yaml: |
{{- .Values.immich.configuration | toYaml | nindent 4 }}
{{- end }}

52
kubernetes/immich/immich-helm-chart/templates/machine-learning.yaml Normal file
View File

@ -0,0 +1,52 @@
{{- define "immich.machine-learning.hardcodedValues" -}}
global:
nameOverride: machine-learning
controller:
strategy: RollingUpdate
service:
main:
enabled: true
primary: true
type: ClusterIP
ports:
http:
enabled: true
primary: true
port: 3003
protocol: HTTP
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 60
{{- end }}
{{- /* Have to reference with index here because the dash breaks a normal dereference */}}
{{ if (index .Values "machine-learning").enabled }}
{{- $ctx := deepCopy . -}}
{{- $_ := get .Values "machine-learning" | mergeOverwrite $ctx.Values -}}
{{- $_ = include "immich.machine-learning.hardcodedValues" . | fromYaml | merge $ctx.Values -}}
{{- include "bjw-s.common.loader.all" $ctx }}
{{ end }}

94
kubernetes/immich/immich-helm-chart/templates/server.yaml Normal file
View File

@ -0,0 +1,94 @@
{{- define "immich.server.hardcodedValues" -}}
global:
nameOverride: server
env:
{{ if .Values.immich.metrics.enabled }}
IMMICH_TELEMETRY_INCLUDE: all
{{ end }}
{{- if .Values.immich.configuration }}
IMMICH_CONFIG_FILE: /config/immich-config.yaml
{{- end }}
{{- if .Values.immich.configuration }}
podAnnotations:
checksum/config: {{ .Values.immich.configuration | toYaml | sha256sum }}
{{- end }}
controller:
strategy: RollingUpdate
service:
main:
enabled: true
primary: true
type: ClusterIP
ports:
http:
enabled: true
primary: true
port: 2283
protocol: HTTP
metrics-api:
enabled: {{ .Values.immich.metrics.enabled }}
port: 8081
protocol: HTTP
metrics-ms:
enabled: {{ .Values.immich.metrics.enabled }}
port: 8082
protocol: HTTP
serviceMonitor:
main:
enabled: {{ .Values.immich.metrics.enabled }}
endpoints:
- port: metrics-api
scheme: http
- port: metrics-ms
scheme: http
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /api/server/ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: true
custom: true
spec:
httpGet:
path: /api/server/ping
port: http
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 30
persistence:
{{- if .Values.immich.configuration }}
config:
enabled: true
type: configMap
name: {{ .Release.Name }}-immich-config
{{- end }}
library:
enabled: true
mountPath: /usr/src/app/upload
existingClaim: {{ .Values.immich.persistence.library.existingClaim }}
{{- end }}
{{ if .Values.server.enabled }}
{{- $ctx := deepCopy . -}}
{{- $_ := get .Values "server" | mergeOverwrite $ctx.Values -}}
{{- $_ = include "immich.server.hardcodedValues" . | fromYaml | merge $ctx.Values -}}
{{- include "bjw-s.common.loader.all" $ctx }}
{{ end }}

69
kubernetes/immich/immich-helm-chart/templates/valkey.yaml Normal file
View File

@ -0,0 +1,69 @@
{{- define "valkey.hardcodedValues" -}}
global:
nameOverride: valkey
controller:
strategy: Recreate
service:
main:
enabled: true
primary: true
type: ClusterIP
ports:
redis:
enabled: true
primary: true
port: 6379
protocol: TCP
http:
enabled: false
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- sh
- -c
- "valkey-cli ping | grep PONG"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readiness:
enabled: true
custom: true
spec:
exec:
command:
- sh
- -c
- "valkey-cli ping | grep PONG"
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startup:
enabled: true
custom: true
spec:
exec:
command:
- sh
- -c
- "valkey-cli ping | grep PONG"
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
{{- end }}
{{ if .Values.valkey.enabled }}
{{- $ctx := deepCopy . -}}
{{- $_ := get .Values "valkey" | mergeOverwrite $ctx.Values -}}
{{- $_ = include "valkey.hardcodedValues" . | fromYaml | merge $ctx.Values -}}
{{- include "bjw-s.common.loader.all" $ctx }}
{{ end }}

92
kubernetes/immich/immich-helm-chart/values.yaml Normal file
View File

@ -0,0 +1,92 @@
## This chart relies on the common library chart from bjw-s
## You can find it at https://github.com/bjw-s-labs/helm-charts/tree/923ef40a39520979c98f354ea23963ee54f54433/charts/library/common
## Refer there for more detail about the supported values
# These entries are shared between all the Immich components
env:
REDIS_HOSTNAME: '{{ printf "%s-valkey" .Release.Name }}'
DB_HOSTNAME: immich-database-rw.immich.svc.cluster.local
DB_USERNAME: placeholder
DB_DATABASE_NAME: immich
# -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
DB_PASSWORD: placeholder
IMMICH_IGNORE_MOUNT_CHECK_ERRORS: "true"
IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
image:
tag: v2.0.1
immich:
metrics:
# Enabling this will create the service monitors needed to monitor immich with the prometheus operator
enabled: false
persistence:
# Main data store for all photos shared between different components.
library:
# Automatically creating the library volume is not supported by this chart
# You have to specify an existing PVC to use
existingClaim: immich-library
# configuration is immich-config.json converted to yaml
# ref: https://immich.app/docs/install/config-file/
#
configuration:
trash:
enabled: true
days: 30
storageTemplate:
enabled: true
template: "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}"
redis:
enabled: false
valkey:
enabled: true
image:
repository: docker.io/valkey/valkey
tag: 8.0-alpine
pullPolicy: IfNotPresent
persistence:
data:
enabled: true
size: 1Gi
# Optional: Set this to pvc to keep job queues persistent
type: pvc
accessMode: ReadWriteOnce
# Immich components
server:
enabled: true
image:
repository: ghcr.io/immich-app/immich-server
pullPolicy: IfNotPresent
ingress:
main:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
cert-manager.io/cluster-issuer: "acme-issuer"
hosts:
- host: placeholder.immich.app
paths:
- path: "/"
tls:
- secretName: immich-tls
hosts:
- placeholder.immich.app
machine-learning:
enabled: true
image:
repository: ghcr.io/immich-app/immich-machine-learning
pullPolicy: IfNotPresent
env:
TRANSFORMERS_CACHE: /cache
persistence:
cache:
enabled: true
size: 10Gi
# Optional: Set this to pvc to avoid downloading the ML models every start.
type: pvc
accessMode: ReadWriteMany

37
kubernetes/immich/immichDatabase.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: immich-database
spec:
instances: 1
imageName: ghcr.io/tensorchord/cloudnative-vectorchord:16.9-0.4.3
postgresql:
shared_preload_libraries:
- "vectors.so"
- "vchord.so"
managed:
roles:
- name: immich
superuser: true
login: true
postgresql:
shared_preload_libraries:
- "vchord.so"
bootstrap:
initdb:
postInitApplicationSQL:
- CREATE EXTENSION vchord CASCADE;
- CREATE EXTENSION earthdistance CASCADE;
plugins:
- name: barman-cloud.cloudnative-pg.io
isWALArchiver: true
parameters:
barmanObjectName: immich-minio-store
storage:
storageClass: longhorn-2x
size: 5Gi

33
kubernetes/immich/values.yaml
View File

@ -5,17 +5,17 @@
# These entries are shared between all the Immich components # These entries are shared between all the Immich components
env: env:
# REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}' REDIS_HOSTNAME: '{{ printf "%s-valkey" .Release.Name }}'
DB_HOSTNAME: pg-backup-rw.immich.svc.cluster.local DB_HOSTNAME: immich-database-rw.immich.svc.cluster.local
DB_USERNAME: placeholder DB_USERNAME: placeholder
DB_DATABASE_NAME: immich DB_DATABASE_NAME: immich
# -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance # -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
DB_PASSWORD: placeholder DB_PASSWORD: placeholder
IMMICH_IGNORE_MOUNT_CHECK_ERRORS: "true" IMMICH_IGNORE_MOUNT_CHECK_ERRORS: "true"
# IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}' IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
image: image:
tag: v1.119.0 tag: v2.0.1
immich: immich:
metrics: metrics:
@ -38,19 +38,22 @@ immich:
enabled: true enabled: true
template: "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}" template: "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}"
# Dependencies redis:
# DEPRECATED
# The postgres subchart is deprecated and will be removed in chart version 0.10.0
# See https://github.com/immich-app/immich-charts/issues/149 for more detail.
postgresql:
enabled: false enabled: false
redis: valkey:
enabled: true enabled: true
architecture: standalone image:
auth: repository: docker.io/valkey/valkey
enabled: false tag: 8.0-alpine
pullPolicy: IfNotPresent
persistence:
data:
enabled: true
size: 1Gi
# Optional: Set this to pvc to keep job queues persistent
type: pvc
accessMode: ReadWriteOnce
# Immich components # Immich components
server: server:
@ -74,7 +77,7 @@ server:
- placeholder.immich.app - placeholder.immich.app
machine-learning: machine-learning:
enabled: false # disabled due to resource constraints enabled: true
image: image:
repository: ghcr.io/immich-app/immich-machine-learning repository: ghcr.io/immich-app/immich-machine-learning
pullPolicy: IfNotPresent pullPolicy: IfNotPresent

4
kubernetes/media/jellyfin-deploy.yaml
View File

@ -35,7 +35,7 @@ spec:
spec: spec:
containers: containers:
- name: jellyfin - name: jellyfin
image: jellyfin/jellyfin:latest image: jellyfin/jellyfin:10.10.7
ports: ports:
- containerPort: 8096 - containerPort: 8096
volumeMounts: volumeMounts:
@ -52,7 +52,7 @@ spec:
claimName: media-nfs-pvc claimName: media-nfs-pvc
- name: config - name: config
persistentVolumeClaim: persistentVolumeClaim:
claimName: plex-config-pvc claimName: jellyfin-config-pvc
- name: network-config - name: network-config
configMap: configMap:
name: jellyfin-network-config name: jellyfin-network-config

17
kubernetes/media/jellyfin-fix.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: jellyfin-fix
namespace: media
spec:
containers:
- name: helper
image: busybox
command: ["sleep", "3600"]
volumeMounts:
- name: jellyfin-config
mountPath: /config
volumes:
- name: jellyfin-config
persistentVolumeClaim:
claimName: plex-config-pvc

2
kubernetes/media/pvc-longhorn.yaml
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: plex-config-pvc name: jellyfin-config-pvc
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce

3
kubernetes/minio/values-tenant.yaml
View File

@ -497,10 +497,7 @@ ingress:
ingressClassName: "nginx" ingressClassName: "nginx"
labels: {} labels: {}
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
cert-manager.io/cluster-issuer: "acme-issuer" cert-manager.io/cluster-issuer: "acme-issuer"
traefik.ingress.kubernetes.io/service.serversTransport: insecure-transport
traefik.ingress.kubernetes.io/router.middlewares: kube-system-ip-whitelist@kubernetescrd
tls: tls:
- secretName: minio-console-tls - secretName: minio-console-tls
hosts: hosts:

195
kubernetes/paperless-ngx/manifest.yaml Normal file
View File

@ -0,0 +1,195 @@
apiVersion: v1
kind: Namespace
metadata:
name: paperless-ngx
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redis-data
namespace: paperless-ngx
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: paperless-config
namespace: paperless-ngx
data:
PAPERLESS_REDIS: "redis://redis:6379"
PAPERLESS_URL: "https://${PAPERLESS_HOST}"
PAPERLESS_TIME_ZONE: "Europe/Helsinki"
PAPERLESS_OCR_LANGUAGE: "eng"
PAPERLESS_SECRET_KEY: "change-me-to-a-secure-secret-key"
PAPERLESS_CSRF_TRUSTED_ORIGINS: "https://${PAPERLESS_HOST}"
PAPERLESS_USE_X_FORWARD_HOST: "true"
PAPERLESS_USE_X_FORWARD_PORT: "true"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: paperless-data
namespace: paperless-ngx
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: paperless-media
namespace: paperless-ngx
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: paperless-ngx
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:7
ports:
- containerPort: 6379
volumeMounts:
- name: redis-data
mountPath: /data
resources:
requests:
memory: "128Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "200m"
volumes:
- name: redis-data
persistentVolumeClaim:
claimName: redis-data
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: paperless-ngx
namespace: paperless-ngx
spec:
replicas: 1
selector:
matchLabels:
app: paperless-ngx
template:
metadata:
labels:
app: paperless-ngx
spec:
containers:
- name: paperless-ngx
image: ghcr.io/paperless-ngx/paperless-ngx:latest
ports:
- containerPort: 8000
envFrom:
- configMapRef:
name: paperless-config
volumeMounts:
- name: paperless-data
mountPath: /usr/src/paperless/data
- name: paperless-media
mountPath: /usr/src/paperless/media
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "2Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /
port: 8000
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /
port: 8000
initialDelaySeconds: 30
periodSeconds: 10
volumes:
- name: paperless-data
persistentVolumeClaim:
claimName: paperless-data
- name: paperless-media
persistentVolumeClaim:
claimName: paperless-media
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: paperless-ngx
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
---
apiVersion: v1
kind: Service
metadata:
name: paperless-ngx
namespace: paperless-ngx
spec:
selector:
app: paperless-ngx
ports:
- port: 8000
targetPort: 8000
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: paperless-ngx-ingress
namespace: paperless-ngx
annotations:
cert-manager.io/cluster-issuer: "acme-issuer"
spec:
ingressClassName: nginx
tls:
- hosts:
- "${PAPERLESS_HOST}"
secretName: paperless-tls
rules:
- host: "${PAPERLESS_HOST}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: paperless-ngx
port:
number: 8000