oleksandr/homelab
1
0
Fork 0
Code Pull Requests Activity

refactor(k8s/immich): minor tweaks to match new schema

Browse Source
This commit is contained in:
Oleksandr Berezovskyi
2026-03-11 21:39:50 +02:00
parent b829b3295b
commit 3c8a627c7e
7 changed files with 84 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kubernetes/app/immich/cronjob-backup.yaml
View File

@@ -88,7 +88,7 @@ spec:
restartPolicy: OnFailure restartPolicy: OnFailure
containers: containers:
- name: resticprofile-backup - name: resticprofile-backup
image: creativeprojects/resticprofile:latest image: creativeprojects/resticprofile:0.32.0
command: command:
- sh - sh
- -c - -c

8
kubernetes/app/immich/database.yaml
View File

@@ -20,6 +20,8 @@ spec:
runAsUser: 999 runAsUser: 999
runAsGroup: 999 runAsGroup: 999
fsGroup: 999 fsGroup: 999
seccompProfile:
type: RuntimeDefault
containers: containers:
- name: postgres - name: postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0 image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
@@ -60,6 +62,12 @@ spec:
port: 5432 port: 5432
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 10 periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
memory: 1Gi
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /var/lib/postgresql/data mountPath: /var/lib/postgresql/data

37
kubernetes/app/immich/networkpolicy.yaml
View File

@@ -44,9 +44,6 @@ spec:
- podSelector: - podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: server app.kubernetes.io/name: server
- podSelector:
matchLabels:
app.kubernetes.io/name: microservices
- podSelector: - podSelector:
matchLabels: matchLabels:
app: immich-db-backup app: immich-db-backup
@@ -68,9 +65,6 @@ spec:
- podSelector: - podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: server app.kubernetes.io/name: server
- podSelector:
matchLabels:
app.kubernetes.io/name: microservices
--- ---
# Allow immich pods to reach machine-learning # Allow immich pods to reach machine-learning
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
@@ -89,6 +83,35 @@ spec:
- podSelector: - podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: server app.kubernetes.io/name: server
---
# Allow backup pods egress to Synology (rest-server), B2, DNS, and DB
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-backup-egress
namespace: immich
spec:
podSelector:
matchLabels:
app: immich-backup
policyTypes:
- Egress
egress:
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
- ports:
- port: 8888
protocol: TCP
- ports:
- port: 443
protocol: TCP
- ports:
- port: 5432
protocol: TCP
to:
- podSelector: - podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: microservices app: immich-db

3
kubernetes/app/immich/pv-db.yaml
View File

@@ -11,7 +11,8 @@ spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
mountOptions: mountOptions:
- hard - hard
- nointr - timeo=30
- retrans=3
nfs: nfs:
server: synology.storage.lviv server: synology.storage.lviv
path: /volume3/k8s-storage/immich-db path: /volume3/k8s-storage/immich-db

3
kubernetes/app/immich/pv-library.yaml
View File

@@ -11,7 +11,8 @@ spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
mountOptions: mountOptions:
- hard - hard
- nointr - timeo=30
- retrans=3
nfs: nfs:
server: synology.storage.lviv server: synology.storage.lviv
path: ${IMMICH_UPLOAD_NFS_PATH} path: ${IMMICH_UPLOAD_NFS_PATH}

40
kubernetes/app/immich/release.yaml
View File

@@ -19,10 +19,21 @@ spec:
values: values:
controllers: controllers:
main: main:
strategy: Recreate
pod:
securityContext:
seccompProfile:
type: RuntimeDefault
containers: containers:
main: main:
image: image:
tag: v2.5.6 tag: v2.5.6
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
memory: 2Gi
env: env:
DB_HOSTNAME: immich-db DB_HOSTNAME: immich-db
DB_USERNAME: DB_USERNAME:
@@ -63,6 +74,21 @@ spec:
secretName: immich-tls secretName: immich-tls
machine-learning: machine-learning:
enabled: true enabled: true
controllers:
main:
strategy: Recreate
pod:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
main:
resources:
requests:
cpu: 50m
memory: 512Mi
limits:
memory: 2Gi
persistence: persistence:
cache: cache:
enabled: true enabled: true
@@ -72,6 +98,20 @@ spec:
type: persistentVolumeClaim type: persistentVolumeClaim
valkey: valkey:
enabled: true enabled: true
controllers:
main:
pod:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
main:
resources:
requests:
cpu: 25m
memory: 64Mi
limits:
memory: 256Mi
persistence: persistence:
data: data:
enabled: true enabled: true

4
kubernetes/app/immich/service.yaml
View File

@@ -6,11 +6,9 @@ metadata:
labels: labels:
app: immich-db app: immich-db
spec: spec:
type: ClusterIP
ports: ports:
- name: 5432-5432 - name: postgres
port: 5432 port: 5432
targetPort: 5432 targetPort: 5432
protocol: TCP
selector: selector:
app: immich-db app: immich-db