CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

Refactor Immich configuration to use templated values for images, ports, and storage. Remove obsolete config maps and secrets.

Browse Source
This commit is contained in:
Paul Payne
2025-06-08 09:18:07 -07:00
parent d31c8388d3
commit 088741003f
10 changed files with 58 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
apps/immich/config/example.env
View File

@@ -1,21 +0,0 @@
IMMICH_DOMAIN=immich.$DOMAIN
IMMICH_STORAGE=100Gi
IMMICH_CACHE_STORAGE=10Gi
TZ=UTC
IMMICH_SERVER_IMAGE=ghcr.io/immich-app/immich-server:release
IMMICH_ML_IMAGE=ghcr.io/immich-app/immich-machine-learning:release
DB_HOSTNAME=postgres.postgres
DB_PORT=5432
DB_USERNAME=immich
DB_DATABASE_NAME=immich
POSTGRES_ADMIN_USER=$POSTGRES_USER
REDIS_HOSTNAME=redis.redis
REDIS_PORT=6379
MACHINE_LEARNING_WORKERS=1
MACHINE_LEARNING_MODEL_TTL=300
IMMICH_ENV=production
IMMICH_LOG_LEVEL=info
# Secrets
DB_PASSWORD=
POSTGRES_ADMIN_PASSWORD=$POSTGRES_PASSWORD

29
apps/immich/db-init-job.yaml
View File

@@ -21,12 +21,12 @@ spec:
END IF; END IF;
END END
\$\$; \$\$;
SELECT 'CREATE DATABASE ${DB_DATABASE_NAME}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_DATABASE_NAME}')\gexec SELECT 'CREATE DATABASE ${DB_DATABASE_NAME}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_DATABASE_NAME}')\gexec
ALTER DATABASE ${DB_DATABASE_NAME} OWNER TO ${DB_USERNAME}; ALTER DATABASE ${DB_DATABASE_NAME} OWNER TO ${DB_USERNAME};
GRANT ALL PRIVILEGES ON DATABASE ${DB_DATABASE_NAME} TO ${DB_USERNAME}; GRANT ALL PRIVILEGES ON DATABASE ${DB_DATABASE_NAME} TO ${DB_USERNAME};
EOF EOF
# Connect to the immich database and enable required extensions # Connect to the immich database and enable required extensions
PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${DB_HOSTNAME} -U postgres -d ${DB_DATABASE_NAME} <<EOF PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${DB_HOSTNAME} -U postgres -d ${DB_DATABASE_NAME} <<EOF
DO \$\$ DO \$\$
@@ -52,26 +52,17 @@ spec:
- name: POSTGRES_ADMIN_PASSWORD - name: POSTGRES_ADMIN_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: secrets name: postgres-secrets
key: POSTGRES_ADMIN_PASSWORD key: password
- name: DB_HOSTNAME - name: DB_HOSTNAME
valueFrom: value: "{{ .config.apps.immich.dbHostname }}"
configMapKeyRef:
name: config
key: DB_HOSTNAME
- name: DB_DATABASE_NAME - name: DB_DATABASE_NAME
valueFrom: value: "{{ .config.apps.immich.dbUsername }}"
configMapKeyRef:
name: config
key: DB_DATABASE_NAME
- name: DB_USERNAME - name: DB_USERNAME
valueFrom: value: "{{ .config.apps.immich.dbUsername }}"
configMapKeyRef:
name: config
key: DB_USERNAME
- name: DB_PASSWORD - name: DB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: secrets name: immich-secrets
key: DB_PASSWORD key: dbPassword
restartPolicy: OnFailure restartPolicy: OnFailure

12
apps/immich/deployment-machine-learning.yaml
View File

@@ -15,20 +15,14 @@ spec:
component: machine-learning component: machine-learning
spec: spec:
containers: containers:
- image: ghcr.io/immich-app/immich-machine-learning:release - image: "{{ .config.apps.immich.mlImage }}"
name: immich-machine-learning name: immich-machine-learning
ports: ports:
- containerPort: 3003 - containerPort: {{ .config.apps.immich.mlPort }}
protocol: TCP protocol: TCP
envFrom:
- configMapRef:
name: config
env: env:
- name: TZ - name: TZ
valueFrom: value: "{{ .config.apps.immich.timezone }}"
configMapKeyRef:
key: TZ
name: config
volumeMounts: volumeMounts:
- mountPath: /cache - mountPath: /cache
name: immich-cache name: immich-cache

23
apps/immich/deployment-microservices.yaml
View File

@@ -20,23 +20,22 @@ spec:
component: microservices component: microservices
spec: spec:
containers: containers:
- image: ghcr.io/immich-app/immich-server:release - image: "{{ .config.apps.immich.serverImage }}"
name: immich-microservices name: immich-microservices
envFrom:
- secretRef:
name: secrets
- configMapRef:
name: config
env: env:
- name: REDIS_HOSTNAME - name: REDIS_HOSTNAME
value: redis.redis.svc.cluster.local value: "{{ .config.apps.immich.redisHostname }}"
- name: DB_HOSTNAME - name: DB_HOSTNAME
value: postgres.postgres.svc.cluster.local value: "{{ .config.apps.immich.dbHostname }}"
- name: TZ - name: DB_USERNAME
value: "{{ .config.apps.immich.dbUsername }}"
- name: DB_PASSWORD
valueFrom: valueFrom:
configMapKeyRef: secretKeyRef:
key: TZ name: immich-secrets
name: config key: dbPassword
- name: TZ
value: "{{ .config.apps.immich.timezone }}"
- name: IMMICH_WORKERS_EXCLUDE - name: IMMICH_WORKERS_EXCLUDE
value: api value: api
volumeMounts: volumeMounts:

25
apps/immich/deployment-server.yaml
View File

@@ -20,26 +20,25 @@ spec:
component: server component: server
spec: spec:
containers: containers:
- image: ghcr.io/immich-app/immich-server:release - image: "{{ .config.apps.immich.serverImage }}"
name: immich-server name: immich-server
ports: ports:
- containerPort: 2283 - containerPort: {{ .config.apps.immich.serverPort }}
protocol: TCP protocol: TCP
envFrom:
- secretRef:
name: secrets
- configMapRef:
name: config
env: env:
- name: REDIS_HOSTNAME - name: REDIS_HOSTNAME
value: redis.redis.svc.cluster.local value: "{{ .config.apps.immich.redisHostname }}"
- name: DB_HOSTNAME - name: DB_HOSTNAME
value: postgres.postgres.svc.cluster.local value: "{{ .config.apps.immich.dbHostname }}"
- name: TZ - name: DB_USERNAME
value: "{{ .config.apps.immich.dbUsername }}"
- name: DB_PASSWORD
valueFrom: valueFrom:
configMapKeyRef: secretKeyRef:
key: TZ name: immich-secrets
name: config key: dbPassword
- name: TZ
value: "{{ .config.apps.immich.timezone }}"
- name: IMMICH_WORKERS_EXCLUDE - name: IMMICH_WORKERS_EXCLUDE
value: microservices value: microservices
volumeMounts: volumeMounts:

6
apps/immich/ingress.yaml
View File

@@ -4,11 +4,11 @@ kind: Ingress
metadata: metadata:
name: immich-public name: immich-public
annotations: annotations:
external-dns.alpha.kubernetes.io/target: your.immich.domain external-dns.alpha.kubernetes.io/target: "{{ .config.apps.immich.domain }}"
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec: spec:
rules: rules:
- host: your.immich.domain - host: "{{ .config.apps.immich.domain }}"
http: http:
paths: paths:
- path: / - path: /
@@ -21,4 +21,4 @@ spec:
tls: tls:
- secretName: wildcard-internal-wild-cloud-tls - secretName: wildcard-internal-wild-cloud-tls
hosts: hosts:
- your.immich.domain - "{{ .config.apps.immich.domain }}"

71
apps/immich/kustomization.yaml
View File

@@ -16,74 +16,3 @@ resources:
- pvc.yaml - pvc.yaml
- service.yaml - service.yaml
- db-init-job.yaml - db-init-job.yaml
configMapGenerator:
- name: config
envs:
- config/config.env
secretGenerator:
- name: secrets
envs:
- config/secrets.env
replacements:
- source:
kind: ConfigMap
name: config
fieldPath: data.DOMAIN
targets:
- select:
kind: Ingress
name: immich-public
fieldPaths:
- metadata.annotations.[external-dns.alpha.kubernetes.io/target]
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_DOMAIN
targets:
- select:
kind: Ingress
name: immich-public
fieldPaths:
- spec.rules.0.host
- spec.tls.0.hosts.0
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: immich-pvc
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_CACHE_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: immich-cache-pvc
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_SERVER_IMAGE
targets:
- select:
kind: Deployment
name: immich-server
fieldPaths:
- spec.template.spec.containers.0.image
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_ML_IMAGE
targets:
- select:
kind: Deployment
name: immich-machine-learning
fieldPaths:
- spec.template.spec.containers.0.image

15
apps/immich/manifest.yaml
View File

@@ -6,3 +6,18 @@ icon: https://immich.app/assets/images/logo.png
requires: requires:
- name: redis - name: redis
- name: postgres - name: postgres
defaultConfig:
serverImage: ghcr.io/immich-app/immich-server:release
mlImage: ghcr.io/immich-app/immich-machine-learning:release
timezone: UTC
serverPort: 2283
mlPort: 3003
storage: 250Gi
cacheStorage: 10Gi
redisHostname: redis.redis.svc.cluster.local
dbHostname: postgres.postgres.svc.cluster.local
dbUsername: immich
domain: immich.example.com
requiredSecrets:
- apps.immich.dbPassword
- apps.postgres.password

4
apps/immich/pvc.yaml
View File

@@ -9,7 +9,7 @@ spec:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 250Gi storage: {{ .config.apps.immich.storage }}
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@@ -21,4 +21,4 @@ spec:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 10Gi storage: {{ .config.apps.immich.cacheStorage }}

4
apps/immich/service.yaml
View File

@@ -9,7 +9,7 @@ metadata:
spec: spec:
ports: ports:
- port: 3001 - port: 3001
targetPort: 2283 targetPort: {{ .config.apps.immich.serverPort }}
selector: selector:
app: immich app: immich
component: server component: server
@@ -25,7 +25,7 @@ metadata:
app: immich-machine-learning app: immich-machine-learning
spec: spec:
ports: ports:
- port: 3003 - port: {{ .config.apps.immich.mlPort }}
selector: selector:
app: immich app: immich
component: machine-learning component: machine-learning