add immich deployment [ci skip]

2023-11-18 14:54:55 +00:00 · 2023-11-18 14:54:55 +00:00 · b219a5259c
commit b219a5259c
parent 0bad0a5522
4 changed files with 305 additions and 0 deletions
--- a/main.tf
+++ b/main.tf
@ -55,6 +55,7 @@ variable "finance_app_graphql_api_secret" {}
 variable "finance_app_gocardless_secret_key" {}
 variable "finance_app_gocardless_secret_id" {}
 variable "headscale_config" {}
 variable "immich_postgresql_password" {}
 variable "ansible_prefix" {
  default     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
@ -277,6 +278,8 @@ module "kubernetes_cluster" {
  finance_app_gocardless_secret_id       = var.finance_app_gocardless_secret_id
  headscale_config = var.headscale_config
  immich_postgresql_password = var.immich_postgresql_password
 }
--- a/modules/kubernetes/immich/chart_values.tpl
+++ b/modules/kubernetes/immich/chart_values.tpl
@ -0,0 +1,128 @@
 ## This chart relies on the common library chart from bjw-s
 ## You can find it at https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
 ## Refer there for more detail about the supported values
 # These entries are shared between all the Immich components
 env:
  # REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}'
  REDIS_HOSTNAME: "redis.redis.svc.cluster.local"
  #   DB_HOSTNAME: "{{ .Release.Name }}-postgresql"
  #   DB_USERNAME: "{{ .Values.postgresql.global.postgresql.auth.username }}"
  #   DB_DATABASE_NAME: "{{ .Values.postgresql.global.postgresql.auth.database }}"
  #   # -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
  #   DB_PASSWORD: "{{ .Values.postgresql.global.postgresql.auth.password }}"
  # TYPESENSE_ENABLED: "{{ .Values.typesense.enabled }}"
  TYPESENSE_ENABLED: "1"
  #   TYPESENSE_API_KEY: "{{ .Values.typesense.env.TYPESENSE_API_KEY }}"
  #   TYPESENSE_HOST: '{{ printf "%s-typesense" .Release.Name }}'
  #   IMMICH_WEB_URL: '{{ printf "http://%s-web:3000" .Release.Name }}'
  IMMICH_WEB_URL: "http://immich-web.immich.svc.cluster.local:3000"
  #   IMMICH_SERVER_URL: '{{ printf "http://%s-server:3001" .Release.Name }}'
  IMMICH_SERVER_URL: "http://immich-server.immich.svc.cluster.local:3001"
  #   IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
  IMMICH_MACHINE_LEARNING_URL: "http://immich-machine-learning.immich.svc.cluster.local:3003"
 image:
  tag: v1.87.0
 immich:
  persistence:
    # Main data store for all photos shared between different components.
    library:
      # Automatically creating the library volume is not supported by this chart
      # You have to specify an existing PVC to use
      existingClaim: immich
 # Dependencies
 postgresql:
  enabled: true
  global:
    postgresql:
      auth:
        username: immich
        database: immich
        password: "${postgresql_password}"
 redis:
  enabled: false
  architecture: standalone
  auth:
    enabled: false
 typesense:
  enabled: true
  env:
    TYPESENSE_DATA_DIR: /tsdata
    TYPESENSE_API_KEY: typesense
  persistence:
    tsdata:
      # Enabling typesense persistence is recommended to avoid slow reindexing
      enabled: true
      accessMode: ReadWriteOnce
      size: 1Gi
      # storageClass: storage-class
  image:
    repository: docker.io/typesense/typesense
    tag: 0.24.0
    pullPolicy: IfNotPresent
 # Immich components
 server:
  enabled: true
  image:
    repository: ghcr.io/immich-app/immich-server
    pullPolicy: IfNotPresent
 microservices:
  enabled: true
  env:
    REVERSE_GEOCODING_DUMP_DIRECTORY: /geodata-cache
  persistence:
    geodata-cache:
      enabled: true
      size: 1Gi
      # Optional: Set this to pvc to avoid downloading the geodata every start.
      type: emptyDir
      accessMode: ReadWriteMany
      # storageClass: your-class
  image:
    repository: ghcr.io/immich-app/immich-server
    pullPolicy: IfNotPresent
 machine-learning:
  enabled: true
  image:
    repository: ghcr.io/immich-app/immich-machine-learning
    pullPolicy: IfNotPresent
  env:
    TRANSFORMERS_CACHE: /cache
  persistence:
    cache:
      enabled: true
      size: 10Gi
      # Optional: Set this to pvc to avoid downloading the ML models every start.
      type: emptyDir
      accessMode: ReadWriteMany
      # storageClass: your-class
 web:
  enabled: true
  image:
    repository: ghcr.io/immich-app/immich-web
    pullPolicy: IfNotPresent
  persistence:
    library:
      enabled: false
 proxy:
  enabled: true
  image:
    repository: ghcr.io/immich-app/immich-proxy
    pullPolicy: IfNotPresent
  persistence:
    library:
      enabled: false
--- a/modules/kubernetes/immich/main.tf
+++ b/modules/kubernetes/immich/main.tf
@ -0,0 +1,163 @@
 variable "tls_secret_name" {}
 variable "postgresql_password" {}
 module "tls_secret" {
  source          = "../setup_tls_secret"
  namespace       = "immich"
  tls_secret_name = var.tls_secret_name
 }
 resource "kubernetes_namespace" "immich" {
  metadata {
    name = "immich"
  }
 }
 resource "kubernetes_persistent_volume" "immich-postgresql" {
  metadata {
    name = "immich-postgresql"
  }
  spec {
    capacity = {
      "storage" = "10Gi"
    }
    access_modes = ["ReadWriteOnce"]
    persistent_volume_source {
      nfs {
        path   = "/mnt/main/immich/data-immich-postgresql"
        server = "10.0.10.15"
      }
    }
  }
 }
 resource "kubernetes_persistent_volume" "immich" {
  metadata {
    name = "immich"
  }
  spec {
    capacity = {
      "storage" = "100Gi"
    }
    access_modes = ["ReadWriteOnce"]
    persistent_volume_source {
      nfs {
        path   = "/mnt/main/immich/immich"
        server = "10.0.10.15"
      }
    }
  }
 }
 resource "kubernetes_persistent_volume" "immich-typesense-tsdata" {
  metadata {
    name = "immich-typesense-tsdata"
  }
  spec {
    capacity = {
      "storage" = "5Gi"
    }
    access_modes = ["ReadWriteOnce"]
    persistent_volume_source {
      nfs {
        path   = "/mnt/main/immich/typesense-tsdata"
        server = "10.0.10.15"
      }
    }
  }
 }
 resource "kubernetes_persistent_volume_claim" "immich" {
  metadata {
    name      = "immich"
    namespace = "immich"
  }
  spec {
    access_modes = ["ReadWriteOnce"]
    resources {
      requests = {
        "storage" = "20Gi"
      }
    }
    volume_name = "immich"
  }
 }
 resource "helm_release" "immich" {
  namespace = "immich"
  name      = "immich"
  repository = "https://immich-app.github.io/immich-charts"
  chart      = "immich"
  atomic     = true
  values = [templatefile("${path.module}/chart_values.tpl", { postgresql_password = var.postgresql_password })]
 }
 resource "kubernetes_ingress_v1" "immich" {
  metadata {
    name      = "immich"
    namespace = "immich"
    annotations = {
      "kubernetes.io/ingress.class" = "nginx"
      # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
      # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
      "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"
    }
  }
  spec {
    tls {
      hosts       = ["immich.viktorbarzin.me"]
      secret_name = var.tls_secret_name
    }
    rule {
      host = "immich.viktorbarzin.me"
      http {
        path {
          path = "/"
          backend {
            service {
              name = "immich-proxy"
              port {
                number = 8080
              }
            }
          }
        }
      }
    }
  }
 }
 resource "kubernetes_ingress_v1" "photos" {
  metadata {
    name      = "photos"
    namespace = "immich"
    annotations = {
      "kubernetes.io/ingress.class" = "nginx"
      "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"
    }
  }
  spec {
    tls {
      hosts       = ["photos.viktorbarzin.me"]
      secret_name = var.tls_secret_name
    }
    rule {
      host = "photos.viktorbarzin.me"
      http {
        path {
          path = "/"
          backend {
            service {
              name = "immich-proxy"
              port {
                number = 8080
              }
            }
          }
        }
      }
    }
  }
 }
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@ -42,6 +42,7 @@ variable "finance_app_graphql_api_secret" {}
 variable "finance_app_gocardless_secret_key" {}
 variable "finance_app_gocardless_secret_id" {}
 variable "headscale_config" {}
 variable "immich_postgresql_password" {}
 resource "null_resource" "core_services" {
  # List all the core modules that must be provisioned first
@ -332,3 +333,13 @@ module "ytdlp" {
  source          = "./youtube_dl"
  tls_secret_name = var.tls_secret_name
 }
 module "immich" {
  source              = "./immich"
  tls_secret_name     = var.tls_secret_name
  postgresql_password = var.immich_postgresql_password
 }
 # module "nginx-ingress" {
 #   source = "./nginx-ingress"
 # }