oleksandr/homelab
1
0
Fork 0
Code Pull Requests Activity

refactor(k8s/immich): minor tweaks to match new schema

Browse Source
This commit is contained in:
Oleksandr Berezovskyi
2026-03-11 21:39:50 +02:00
parent b829b3295b
commit 3c8a627c7e
7 changed files with 84 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kubernetes/app/immich/cronjob-backup.yaml
View File

@@ -88,7 +88,7 @@ spec:
restartPolicy: OnFailure
containers:
- name: resticprofile-backup
image: creativeprojects/resticprofile:latest
image: creativeprojects/resticprofile:0.32.0
command:
- sh
- -c

8
kubernetes/app/immich/database.yaml
View File

@@ -20,6 +20,8 @@ spec:
runAsUser: 999
runAsGroup: 999
fsGroup: 999
seccompProfile:
type: RuntimeDefault
containers:
- name: postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
@@ -60,6 +62,12 @@ spec:
port: 5432
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
memory: 1Gi
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data

37
kubernetes/app/immich/networkpolicy.yaml
View File

@@ -44,9 +44,6 @@ spec:
- podSelector:
matchLabels:
app.kubernetes.io/name: server
- podSelector:
matchLabels:
app.kubernetes.io/name: microservices
- podSelector:
matchLabels:
app: immich-db-backup
@@ -68,9 +65,6 @@ spec:
- podSelector:
matchLabels:
app.kubernetes.io/name: server
- podSelector:
matchLabels:
app.kubernetes.io/name: microservices
---
# Allow immich pods to reach machine-learning
apiVersion: networking.k8s.io/v1
@@ -89,6 +83,35 @@ spec:
- podSelector:
matchLabels:
app.kubernetes.io/name: server
---
# Allow backup pods egress to Synology (rest-server), B2, DNS, and DB
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-backup-egress
namespace: immich
spec:
podSelector:
matchLabels:
app: immich-backup
policyTypes:
- Egress
egress:
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
- ports:
- port: 8888
protocol: TCP
- ports:
- port: 443
protocol: TCP
- ports:
- port: 5432
protocol: TCP
to:
- podSelector:
matchLabels:
app.kubernetes.io/name: microservices
app: immich-db

3
kubernetes/app/immich/pv-db.yaml
View File

@@ -11,7 +11,8 @@ spec:
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nointr
- timeo=30
- retrans=3
nfs:
server: synology.storage.lviv
path: /volume3/k8s-storage/immich-db

3
kubernetes/app/immich/pv-library.yaml
View File

@@ -11,7 +11,8 @@ spec:
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nointr
- timeo=30
- retrans=3
nfs:
server: synology.storage.lviv
path: ${IMMICH_UPLOAD_NFS_PATH}

40
kubernetes/app/immich/release.yaml
View File

@@ -19,10 +19,21 @@ spec:
values:
controllers:
main:
strategy: Recreate
pod:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
main:
image:
tag: v2.5.6
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
memory: 2Gi
env:
DB_HOSTNAME: immich-db
DB_USERNAME:
@@ -63,6 +74,21 @@ spec:
secretName: immich-tls
machine-learning:
enabled: true
controllers:
main:
strategy: Recreate
pod:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
main:
resources:
requests:
cpu: 50m
memory: 512Mi
limits:
memory: 2Gi
persistence:
cache:
enabled: true
@@ -72,6 +98,20 @@ spec:
type: persistentVolumeClaim
valkey:
enabled: true
controllers:
main:
pod:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
main:
resources:
requests:
cpu: 25m
memory: 64Mi
limits:
memory: 256Mi
persistence:
data:
enabled: true

4
kubernetes/app/immich/service.yaml
View File

@@ -6,11 +6,9 @@ metadata:
labels:
app: immich-db
spec:
type: ClusterIP
ports:
- name: 5432-5432
- name: postgres
port: 5432
targetPort: 5432
protocol: TCP
selector:
app: immich-db