CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

Refactor Immich configuration to use templated values for images, ports, and storage. Remove obsolete config maps and secrets.

Browse Source
This commit is contained in:
Paul Payne
2025-06-08 09:18:07 -07:00
parent d31c8388d3
commit 088741003f
10 changed files with 58 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
apps/immich/config/example.env
View File

@@ -1,21 +0,0 @@
IMMICH_DOMAIN=immich.$DOMAIN
IMMICH_STORAGE=100Gi
IMMICH_CACHE_STORAGE=10Gi
TZ=UTC
IMMICH_SERVER_IMAGE=ghcr.io/immich-app/immich-server:release
IMMICH_ML_IMAGE=ghcr.io/immich-app/immich-machine-learning:release
DB_HOSTNAME=postgres.postgres
DB_PORT=5432
DB_USERNAME=immich
DB_DATABASE_NAME=immich
POSTGRES_ADMIN_USER=$POSTGRES_USER
REDIS_HOSTNAME=redis.redis
REDIS_PORT=6379
MACHINE_LEARNING_WORKERS=1
MACHINE_LEARNING_MODEL_TTL=300
IMMICH_ENV=production
IMMICH_LOG_LEVEL=info
# Secrets
DB_PASSWORD=
POSTGRES_ADMIN_PASSWORD=$POSTGRES_PASSWORD

23
apps/immich/db-init-job.yaml
View File

@@ -52,26 +52,17 @@ spec:
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: secrets
key: POSTGRES_ADMIN_PASSWORD
name: postgres-secrets
key: password
- name: DB_HOSTNAME
valueFrom:
configMapKeyRef:
name: config
key: DB_HOSTNAME
value: "{{ .config.apps.immich.dbHostname }}"
- name: DB_DATABASE_NAME
valueFrom:
configMapKeyRef:
name: config
key: DB_DATABASE_NAME
value: "{{ .config.apps.immich.dbUsername }}"
- name: DB_USERNAME
valueFrom:
configMapKeyRef:
name: config
key: DB_USERNAME
value: "{{ .config.apps.immich.dbUsername }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: secrets
key: DB_PASSWORD
name: immich-secrets
key: dbPassword
restartPolicy: OnFailure

12
apps/immich/deployment-machine-learning.yaml
View File

@@ -15,20 +15,14 @@ spec:
component: machine-learning
spec:
containers:
- image: ghcr.io/immich-app/immich-machine-learning:release
- image: "{{ .config.apps.immich.mlImage }}"
name: immich-machine-learning
ports:
- containerPort: 3003
- containerPort: {{ .config.apps.immich.mlPort }}
protocol: TCP
envFrom:
- configMapRef:
name: config
env:
- name: TZ
valueFrom:
configMapKeyRef:
key: TZ
name: config
value: "{{ .config.apps.immich.timezone }}"
volumeMounts:
- mountPath: /cache
name: immich-cache

23
apps/immich/deployment-microservices.yaml
View File

@@ -20,23 +20,22 @@ spec:
component: microservices
spec:
containers:
- image: ghcr.io/immich-app/immich-server:release
- image: "{{ .config.apps.immich.serverImage }}"
name: immich-microservices
envFrom:
- secretRef:
name: secrets
- configMapRef:
name: config
env:
- name: REDIS_HOSTNAME
value: redis.redis.svc.cluster.local
value: "{{ .config.apps.immich.redisHostname }}"
- name: DB_HOSTNAME
value: postgres.postgres.svc.cluster.local
- name: TZ
value: "{{ .config.apps.immich.dbHostname }}"
- name: DB_USERNAME
value: "{{ .config.apps.immich.dbUsername }}"
- name: DB_PASSWORD
valueFrom:
configMapKeyRef:
key: TZ
name: config
secretKeyRef:
name: immich-secrets
key: dbPassword
- name: TZ
value: "{{ .config.apps.immich.timezone }}"
- name: IMMICH_WORKERS_EXCLUDE
value: api
volumeMounts:

25
apps/immich/deployment-server.yaml
View File

@@ -20,26 +20,25 @@ spec:
component: server
spec:
containers:
- image: ghcr.io/immich-app/immich-server:release
- image: "{{ .config.apps.immich.serverImage }}"
name: immich-server
ports:
- containerPort: 2283
- containerPort: {{ .config.apps.immich.serverPort }}
protocol: TCP
envFrom:
- secretRef:
name: secrets
- configMapRef:
name: config
env:
- name: REDIS_HOSTNAME
value: redis.redis.svc.cluster.local
value: "{{ .config.apps.immich.redisHostname }}"
- name: DB_HOSTNAME
value: postgres.postgres.svc.cluster.local
- name: TZ
value: "{{ .config.apps.immich.dbHostname }}"
- name: DB_USERNAME
value: "{{ .config.apps.immich.dbUsername }}"
- name: DB_PASSWORD
valueFrom:
configMapKeyRef:
key: TZ
name: config
secretKeyRef:
name: immich-secrets
key: dbPassword
- name: TZ
value: "{{ .config.apps.immich.timezone }}"
- name: IMMICH_WORKERS_EXCLUDE
value: microservices
volumeMounts:

6
apps/immich/ingress.yaml
View File

@@ -4,11 +4,11 @@ kind: Ingress
metadata:
name: immich-public
annotations:
external-dns.alpha.kubernetes.io/target: your.immich.domain
external-dns.alpha.kubernetes.io/target: "{{ .config.apps.immich.domain }}"
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec:
rules:
- host: your.immich.domain
- host: "{{ .config.apps.immich.domain }}"
http:
paths:
- path: /
@@ -21,4 +21,4 @@ spec:
tls:
- secretName: wildcard-internal-wild-cloud-tls
hosts:
- your.immich.domain
- "{{ .config.apps.immich.domain }}"

71
apps/immich/kustomization.yaml
View File

@@ -16,74 +16,3 @@ resources:
- pvc.yaml
- service.yaml
- db-init-job.yaml
configMapGenerator:
- name: config
envs:
- config/config.env
secretGenerator:
- name: secrets
envs:
- config/secrets.env
replacements:
- source:
kind: ConfigMap
name: config
fieldPath: data.DOMAIN
targets:
- select:
kind: Ingress
name: immich-public
fieldPaths:
- metadata.annotations.[external-dns.alpha.kubernetes.io/target]
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_DOMAIN
targets:
- select:
kind: Ingress
name: immich-public
fieldPaths:
- spec.rules.0.host
- spec.tls.0.hosts.0
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: immich-pvc
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_CACHE_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: immich-cache-pvc
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_SERVER_IMAGE
targets:
- select:
kind: Deployment
name: immich-server
fieldPaths:
- spec.template.spec.containers.0.image
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_ML_IMAGE
targets:
- select:
kind: Deployment
name: immich-machine-learning
fieldPaths:
- spec.template.spec.containers.0.image

15
apps/immich/manifest.yaml
View File

@@ -6,3 +6,18 @@ icon: https://immich.app/assets/images/logo.png
requires:
- name: redis
- name: postgres
defaultConfig:
serverImage: ghcr.io/immich-app/immich-server:release
mlImage: ghcr.io/immich-app/immich-machine-learning:release
timezone: UTC
serverPort: 2283
mlPort: 3003
storage: 250Gi
cacheStorage: 10Gi
redisHostname: redis.redis.svc.cluster.local
dbHostname: postgres.postgres.svc.cluster.local
dbUsername: immich
domain: immich.example.com
requiredSecrets:
- apps.immich.dbPassword
- apps.postgres.password

4
apps/immich/pvc.yaml
View File

@@ -9,7 +9,7 @@ spec:
- ReadWriteOnce
resources:
requests:
storage: 250Gi
storage: {{ .config.apps.immich.storage }}
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -21,4 +21,4 @@ spec:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storage: {{ .config.apps.immich.cacheStorage }}

4
apps/immich/service.yaml
View File

@@ -9,7 +9,7 @@ metadata:
spec:
ports:
- port: 3001
targetPort: 2283
targetPort: {{ .config.apps.immich.serverPort }}
selector:
app: immich
component: server
@@ -25,7 +25,7 @@ metadata:
app: immich-machine-learning
spec:
ports:
- port: 3003
- port: {{ .config.apps.immich.mlPort }}
selector:
app: immich
component: machine-learning