giteaadmin/kube-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial git commit saving configs

Browse Source
This commit is contained in:
Adrien
2026-03-31 15:30:40 +00:00
commit 7770e9859c
64 changed files with 2866 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
immich/immich-postgres/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v2
name: immich-postgres
description: CloudNativePG Cluster for Immich with VectorChord
type: application
version: 0.1.0
appVersion: "16"

43
immich/immich-postgres/templates/postgres-cluster.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: {{ .Values.cluster.name }}
spec:
instances: {{ .Values.cluster.instances }}
storage:
pvcTemplate:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: postgres-storage
volumeMode: Filesystem
imageName: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
postgresql:
shared_preload_libraries:
- "vchord.so"
# Optional: you can tweak resources, monitoring, etc. here.
# resources:
# requests:
# cpu: 100m
# memory: 512Mi
# limits:
# cpu: 2
# memory: 2Gi
bootstrap:
initdb:
database: {{ .Values.database.name }}
owner: {{ .Values.database.user }}
dataChecksums: true
secret:
name: {{ ternary .Values.database.existingSecret (printf "%s-app" .Values.cluster.name) (ne .Values.database.existingSecret "") }}
postInitApplicationSQL:
- ALTER USER {{ .Values.database.user }} WITH SUPERUSER;
- CREATE EXTENSION vchord CASCADE;
- CREATE EXTENSION earthdistance CASCADE;

9
immich/immich-postgres/templates/postgres-secret.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.cluster.name }}-app
type: kubernetes.io/basic-auth
stringData:
username: {{ .Values.database.user | quote }}
password: {{ .Values.database.password | quote }}
dbname: {{ .Values.database.name | quote }} # handy for Immich env, CNPG ignores this

16
immich/immich-postgres/values.yaml Normal file
View File

@@ -0,0 +1,16 @@
cluster:
name: immich-postgres # will also be used for services: immich-postgresql-rw, -ro, ...
instances: 1
storage:
size: 10Gi
image:
repository: ghcr.io/tensorchord/cloudnative-vectorchord
tag: "16.9-0.4.3"
database:
name: immich
user: immich
password: "change-me-immich" # for dev; in prod override via --set or external secret

47
immich/notes.md Normal file
View File

@@ -0,0 +1,47 @@
##immich-postgres:
A chart to deploy a cloudnative-pg specificly to be used by immich
Namespace: immich
### Helm
```
helm install immich-postgres ./immich-postgres -n immich
helm delete immich-postgres -n immich
helm upgrade --install immich immich/immich -n immich -f values-immich.yaml
```
## PV:
```
kubectl get pvc -n immich
kubectl get pv
```
## Logs:
```
kubectl -n immich logs <pod> --prefix
```
## Monitoring:
```
kubectl -n immich get svc
kubectl -n immich get pods
kubectl -n immich describe
```
## Traefik ingress
https://doc.traefik.io/traefik/getting-started/kubernetes/
## cert manager in the cluster
https://www.slingacademy.com/article/how-to-set-up-ssl-with-lets-encrypt-in-kubernetes/
## Certificate:
```
kubectl -n immich get certificate
kubectl -n immich describe certificate immich-tls
kubectl -n immich get challenges
```

22
immich/pv-master-node.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-master-node
spec:
capacity:
storage: 500Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
local:
path: /storage/immich-data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- master

22
immich/pv-postgres.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-postgres
spec:
capacity:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: postgres-storage
local:
path: /storage/immich-data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- master

12
immich/pvc-immich.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-immich
namespace: immich
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Gi
storageClassName: local-storage

131
immich/values-immich.yaml Normal file
View File

@@ -0,0 +1,131 @@
## This chart relies on the common library chart from bjw-s
## You can find it at https://github.com/bjw-s-labs/helm-charts/tree/common-4.3.0/charts/library/common
## Refer there for more detail about the supported values
controllers:
main:
containers:
main:
image:
tag: v2.6.3
env:
REDIS_HOSTNAME: '{{ printf "%s-valkey" .Release.Name }}'
IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
DB_HOSTNAME: "immich-postgres-rw"
DB_PORT: "5432"
# Database name matches what we set in the CNPG cluster
DB_DATABASE_NAME: "immich"
# Credentials: reuse the CNPG bootstrap secret
DB_USERNAME:
valueFrom:
secretKeyRef:
name: immich-postgres-app
key: username
DB_PASSWORD:
valueFrom:
secretKeyRef:
name: immich-postgres-app
key: password
immich:
metrics:
# Enabling this will create the service monitors needed to monitor immich with the prometheus operator
enabled: false
persistence:
# Main data store for all photos shared between different components.
library:
# Automatically creating the library volume is not supported by this chart
# You have to specify an existing PVC to use
existingClaim: pvc-immich
# configuration is immich-config.json converted to yaml
# ref: https://immich.app/docs/install/config-file/
#
configuration:
# trash:
# enabled: false
# days: 30
storageTemplate:
enabled: true
template: "{{y}}/{{y}}-{{MM}}/{{filename}}"
# Dependencies
valkey:
enabled: true
controllers:
main:
containers:
main:
image:
repository: docker.io/valkey/valkey
tag: 9.0-alpine@sha256:b4ee67d73e00393e712accc72cfd7003b87d0fcd63f0eba798b23251bfc9c394
pullPolicy: IfNotPresent
persistence:
data:
enabled: true
size: 1Gi
# Optional: Set this to persistentVolumeClaim to keep job queues persistent
type: emptyDir
accessMode: ReadWriteOnce
storageClass: local-storage
# Immich components
server:
enabled: true
controllers:
main:
containers:
main:
image:
repository: ghcr.io/immich-app/immich-server
pullPolicy: IfNotPresent
ingress:
main:
enabled: true
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/proxy-body-size: "0"
hosts:
- host: immich-ad.ovh
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- immich-ad.ovh
secretName: immich-tls
service:
main:
type: ClusterIP
ports:
http:
port: 2283
targetPort: 2283
machine-learning:
enabled: true
controllers:
main:
containers:
main:
image:
repository: ghcr.io/immich-app/immich-machine-learning
pullPolicy: IfNotPresent
env:
TRANSFORMERS_CACHE: /cache
HF_XET_CACHE: /cache/huggingface-xet
MPLCONFIGDIR: /cache/matplotlib-config
persistence:
cache:
enabled: true
size: 10Gi
# Optional: Set this to persistentVolumeClaim to avoid downloading the ML models every start.
type: emptyDir
accessMode: ReadWriteMany
# storageClass: your-class