RogerSik/k8s-public-manifests
1
0
Fork 0
Code Issues Pull Requests Activity

immich added

Browse Source
This commit is contained in:
Roger Sikorski
2025-10-27 09:44:37 +01:00
commit e6f3536e9e
37 changed files with 2670 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
cluster/apps/immich/server/ImageAutomation/ImagePolicy.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImagePolicy
metadata:
name: immich-server
namespace: immich
spec:
imageRepositoryRef:
name: immich-server
policy:
# https://github.com/immich-app/immich/releases
semver:
range: '2.*.*'
filterTags:
pattern: 'v.*'

14
cluster/apps/immich/server/ImageAutomation/ImageRepository.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageRepository
metadata:
name: immich-server
namespace: immich
spec:
# https://github.com/immich-app/immich/pkgs/container/immich-server
image: ghcr.io/immich-app/immich-server
interval: 24h
exclusionList:
- pr*
- main
- main*

25
cluster/apps/immich/server/IngressRoute.yml Normal file
View File

@@ -0,0 +1,25 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: immich-server
namespace: immich
labels:
app: immich-server
spec:
entryPoints:
- websecure
routes:
- match: Host(`immich.example.cloud`)
kind: Rule
services:
- name: immich-server
port: http
middlewares:
- name: security
namespace: traefik
tls:
secretName: wildcard-example-cloud-cert
options:
name: tls-security
namespace: traefik

21
cluster/apps/immich/server/Service.yaml Normal file
View File

@@ -0,0 +1,21 @@
---
apiVersion: v1
kind: Service
metadata:
name: immich-server
namespace: immich
labels:
app: immich-server
spec:
ports:
- name: http
port: 80
targetPort: http
- name: api-metrics
targetPort: 8081
port: 8081
- name: microservices-metrics
targetPort: 8082
port: 8082
selector:
app: immich-server

28
cluster/apps/immich/server/ServiceMonitor.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: immich-server
namespace: immich
labels:
app: immich-server
spec:
selector:
matchLabels:
app: immich-server
namespaceSelector:
matchNames:
- immich
endpoints:
- port: api-metrics # port name of service
scheme: http
interval: 15s
metricRelabelings:
- action: labeldrop
regex: (instance|pod)
- port: microservices-metrics # port name of service
scheme: http
interval: 15s
metricRelabelings:
- action: labeldrop
regex: (instance|pod)

99
cluster/apps/immich/server/deployment.yaml Normal file
View File

@@ -0,0 +1,99 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: immich-server
namespace: immich
annotations:
reloader.stakater.com/auto: 'true'
labels:
app: immich-server
spec:
replicas: 1
selector:
matchLabels:
app: immich-server
template:
metadata:
labels:
app: immich-server
spec:
automountServiceAccountToken: false
containers:
- name: immich-server
image: ghcr.io/immich-app/immich-server:v2.1.0 # {"$imagepolicy": "immich:immich-server"}
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 8Gi
requests:
memory: 1Gi
cpu: 1000m
ports:
- name: http
containerPort: 2283
protocol: TCP
env:
- name: DB_HOSTNAME
valueFrom:
secretKeyRef:
name: immich-db-app
key: host
optional: false
- name: DB_DATABASE_NAME
valueFrom:
secretKeyRef:
name: immich-db-app
key: dbname
optional: false
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: immich-db-app
key: username
optional: false
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: immich-db-app
key: password
optional: false
envFrom:
- configMapRef:
name: immich
optional: false
livenessProbe:
httpGet:
path: /api/server/ping
port: http
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
readinessProbe:
httpGet:
path: /api/server/ping
port: http
failureThreshold: 6
periodSeconds: 10
securityContext:
privileged: true # for intel quick sync
volumeMounts:
- name: immich
mountPath: /data/
- name: immich-upload
mountPath: /data/upload/
- name: synology-photos
mountPath: /mnt/synology-photos/
readOnly: false
nodeSelector:
intel.feature.node.kubernetes.io/gpu: 'true'
volumes:
# unraid NFFS
- name: immich
persistentVolumeClaim:
claimName: immich
- name: immich-upload
persistentVolumeClaim:
claimName: immich-upload
- name: synology-photos
persistentVolumeClaim:
claimName: immich-synology-photos

16
cluster/apps/immich/server/pvc/app.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich
namespace: immich
labels:
app: immich-server
velero.io/exclude-from-backup: 'true' # because this is nfs storage and velero will try to create snapshots which are will fails
spec:
accessModes:
- ReadWriteMany
storageClassName: k8s-nfs-ssd
resources:
requests:
storage: 500Gi

16
cluster/apps/immich/server/pvc/synology-photos.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-synology-photos
namespace: immich
labels:
app: immich-server
velero.io/exclude-from-backup: 'true' # because this is nfs storage and velero will try to create snapshots which are will fails
spec:
accessModes:
- ReadWriteMany
storageClassName: k8s-nfs-hdd
resources:
requests:
storage: 100Gi

16
cluster/apps/immich/server/pvc/upload.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-upload
namespace: immich
labels:
app: immich-server
velero.io/exclude-from-backup: 'true' # because this is nfs storage and velero will try to create snapshots which are will fails
spec:
accessModes:
- ReadWriteMany
storageClassName: k8s-nfs-hdd
resources:
requests:
storage: 2Ti