CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

Add Immich application deployment files and configuration

Browse Source 
- Create README.md for Immich app description
- Add example.env for configuration settings
- Implement deployment.yaml for Immich server and microservices
- Set up ingress.yaml for public access with DNS annotations
- Introduce db-init-job.yaml for database initialization
- Configure kustomization.yaml for resource management
- Define manifest.yaml for Immich app installation details
- Create namespace.yaml for isolating Immich resources
- Establish PVCs in pvc.yaml for storage management
- Set up services in service.yaml for server and machine learning components
- Update CoreDNS custom config to handle AAAA records
This commit is contained in:
Paul Payne
2025-05-27 17:19:41 -07:00
parent 2b2c4a0a73
commit 5cbfb9c645
12 changed files with 417 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/immich/README.md Normal file
View File

@@ -0,0 +1 @@
# Immich App

32
apps/immich/config/example.env Normal file
View File

@@ -0,0 +1,32 @@
# Config
IMMICH_DOMAIN=immich.$DOMAIN
IMMICH_STORAGE=100Gi
IMMICH_CACHE_STORAGE=10Gi
TZ=UTC
# Docker Images
IMMICH_SERVER_IMAGE=ghcr.io/immich-app/immich-server:release
IMMICH_ML_IMAGE=ghcr.io/immich-app/immich-machine-learning:release
# Database Configuration
DB_HOSTNAME=postgres.postgres
DB_PORT=5432
DB_USERNAME=immich
DB_DATABASE_NAME=immich
POSTGRES_ADMIN_USER=$POSTGRES_USER
# Redis Configuration
REDIS_HOSTNAME=redis.redis
REDIS_PORT=6379
# Machine Learning Configuration
MACHINE_LEARNING_WORKERS=1
MACHINE_LEARNING_MODEL_TTL=300
# Immich Configuration
IMMICH_ENV=production
IMMICH_LOG_LEVEL=info
# Secrets (populate these in config.env and secrets.env)
DB_PASSWORD=
POSTGRES_ADMIN_PASSWORD=$POSTGRES_PASSWORD

138
apps/immich/deployment.yaml Normal file
View File

@@ -0,0 +1,138 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-server
spec:
replicas: 1
selector:
matchLabels:
app: immich-server
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: immich-server
component: server
spec:
containers:
- image: ghcr.io/immich-app/immich-server:release
name: immich-server
ports:
- containerPort: 2283
protocol: TCP
envFrom:
- secretRef:
name: secrets
- configMapRef:
name: config
env:
- name: REDIS_HOSTNAME
value: redis.redis
- name: DB_HOSTNAME
value: postgres.postgres
- name: TZ
valueFrom:
configMapKeyRef:
key: TZ
name: config
volumeMounts:
- mountPath: /usr/src/app/upload
name: immich-storage
readOnly: false
volumes:
- name: immich-storage
persistentVolumeClaim:
claimName: immich-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-microservices
spec:
replicas: 1
selector:
matchLabels:
app: immich-microservices
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: immich-microservices
component: microservices
spec:
containers:
- image: ghcr.io/immich-app/immich-server:release
name: immich-microservices
envFrom:
- secretRef:
name: secrets
- configMapRef:
name: config
env:
- name: REDIS_HOSTNAME
value: redis.redis
- name: DB_HOSTNAME
value: postgres.postgres
- name: TZ
valueFrom:
configMapKeyRef:
key: TZ
name: config
- name: IMMICH_WORKERS_INCLUDE
value: api
volumeMounts:
- mountPath: /usr/src/app/upload
name: immich-storage
readOnly: false
volumes:
- name: immich-storage
persistentVolumeClaim:
claimName: immich-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-machine-learning
spec:
replicas: 1
selector:
matchLabels:
app: immich-machine-learning
template:
metadata:
labels:
app: immich-machine-learning
component: machine-learning
spec:
containers:
- image: ghcr.io/immich-app/immich-machine-learning:release
name: immich-machine-learning
ports:
- containerPort: 3003
protocol: TCP
envFrom:
- configMapRef:
name: config
env:
- name: TZ
valueFrom:
configMapKeyRef:
key: TZ
name: config
volumeMounts:
- mountPath: /cache
name: immich-cache
readOnly: false
volumes:
- name: immich-cache
persistentVolumeClaim:
claimName: immich-cache-pvc

24
apps/immich/ingress.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: immich-public
annotations:
external-dns.alpha.kubernetes.io/target: your.immich.domain
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec:
rules:
- host: your.immich.domain
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: immich-server
port:
number: 3001
tls:
- secretName: wildcard-internal-sovereign-cloud-tls
hosts:
- your.immich.domain

62
apps/immich/init/db-init-job.yaml Normal file
View File

@@ -0,0 +1,62 @@
apiVersion: batch/v1
kind: Job
metadata:
name: immich-db-init
spec:
template:
spec:
containers:
- name: db-init
image: postgres:15
command: ["/bin/bash", "-c"]
args:
- |
PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${DB_HOSTNAME} -U postgres <<EOF
DO \$\$
BEGIN
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '${DB_USERNAME}') THEN
CREATE USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
ELSE
ALTER USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
END IF;
END
\$\$;
SELECT 'CREATE DATABASE ${DB_DATABASE_NAME}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_DATABASE_NAME}')\gexec
ALTER DATABASE ${DB_DATABASE_NAME} OWNER TO ${DB_USERNAME};
GRANT ALL PRIVILEGES ON DATABASE ${DB_DATABASE_NAME} TO ${DB_USERNAME};
EOF
# Connect to the immich database and enable required extensions
PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${DB_HOSTNAME} -U postgres -d ${DB_DATABASE_NAME} <<EOF
CREATE EXTENSION IF NOT EXISTS vector;
CREATE EXTENSION IF NOT EXISTS cube;
CREATE EXTENSION IF NOT EXISTS earthdistance;
EOF
env:
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: secrets
key: POSTGRES_ADMIN_PASSWORD
- name: DB_HOSTNAME
valueFrom:
configMapKeyRef:
name: config
key: DB_HOSTNAME
- name: DB_DATABASE_NAME
valueFrom:
configMapKeyRef:
name: config
key: DB_DATABASE_NAME
- name: DB_USERNAME
valueFrom:
configMapKeyRef:
name: config
key: DB_USERNAME
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: secrets
key: DB_PASSWORD
restartPolicy: OnFailure

4
apps/immich/init/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- db-init-job.yaml

87
apps/immich/kustomization.yaml Normal file
View File

@@ -0,0 +1,87 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: immich
labels:
- includeSelectors: true
pairs:
app: immich
managedBy: kustomize
partOf: sovereign-cloud
resources:
- deployment.yaml
- ingress.yaml
- namespace.yaml
- pvc.yaml
- service.yaml
- init/
configMapGenerator:
- name: config
envs:
- config/config.env
secretGenerator:
- name: secrets
envs:
- config/secrets.env
replacements:
- source:
kind: ConfigMap
name: config
fieldPath: data.DOMAIN
targets:
- select:
kind: Ingress
name: immich-public
fieldPaths:
- metadata.annotations.[external-dns.alpha.kubernetes.io/target]
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_DOMAIN
targets:
- select:
kind: Ingress
name: immich-public
fieldPaths:
- spec.rules.0.host
- spec.tls.0.hosts.0
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: immich-pvc
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_CACHE_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: immich-cache-pvc
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_SERVER_IMAGE
targets:
- select:
kind: Deployment
name: immich-server
fieldPaths:
- spec.template.spec.containers.0.image
- source:
kind: ConfigMap
name: config
fieldPath: data.IMMICH_ML_IMAGE
targets:
- select:
kind: Deployment
name: immich-machine-learning
fieldPaths:
- spec.template.spec.containers.0.image

8
apps/immich/manifest.yaml Normal file
View File

@@ -0,0 +1,8 @@
name: immich
install: true
description: Immich is a self-hosted photo and video backup solution that allows you to store, manage, and share your media files securely.
version: 1.0.0
icon: https://immich.app/assets/images/logo.png
requires:
- name: redis
- name: postgres

4
apps/immich/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: immich

24
apps/immich/pvc.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-pvc
spec:
storageClassName: longhorn
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 250Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-cache-pvc
spec:
storageClassName: longhorn
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

29
apps/immich/service.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: v1
kind: Service
metadata:
name: immich-server
namespace: immich
labels:
app: immich-server
spec:
ports:
- port: 3001
targetPort: 2283
selector:
app: immich
component: server
---
apiVersion: v1
kind: Service
metadata:
name: immich-machine-learning
namespace: immich
labels:
app: immich-machine-learning
spec:
ports:
- port: 3003
selector:
app: immich
component: machine-learning

4
infrastructure_setup/coredns/coredns-custom-config.yaml
View File

@@ -16,6 +16,10 @@ data:
match (.*)\.internal\.cloud\.payne\.io\. match (.*)\.internal\.cloud\.payne\.io\.
answer "{{ .Name }} 60 IN A 192.168.8.240" answer "{{ .Name }} 60 IN A 192.168.8.240"
} }
template IN AAAA {
match (.*)\.internal\.cloud\.payne\.io\.
rcode NXDOMAIN
}
} }
# Custom override to set external resolvers. # Custom override to set external resolvers.
external.override: | external.override: |