From d6c36bfafcae872decd3e9f6f173d856612278ab Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Sat, 4 May 2024 21:15:16 -0400 Subject: [PATCH] Add immich and invidious --- .../immich-machine-learning-deployment.yaml | 46 ++++++++++++++ immich/immich-microservices-deployment.yaml | 55 +++++++++++++++++ immich/immich-microservices-service.yaml | 0 immich/immich-pvc-library.yaml | 12 ++++ immich/immich-server-deployment.yaml | 57 +++++++++++++++++ immich/immich-server-service.yaml | 12 ++++ immich/redis-secret.yaml | 14 +++++ immich/sealed-secret.yaml | 16 +++++ invidious/invidious-deployment.yaml | 61 +++++++++++++++++++ invidious/invidious-service.yaml | 13 ++++ invidious/sealed-secret.yaml | 15 +++++ 11 files changed, 301 insertions(+) create mode 100644 immich/immich-machine-learning-deployment.yaml create mode 100644 immich/immich-microservices-deployment.yaml create mode 100644 immich/immich-microservices-service.yaml create mode 100644 immich/immich-pvc-library.yaml create mode 100644 immich/immich-server-deployment.yaml create mode 100644 immich/immich-server-service.yaml create mode 100644 immich/redis-secret.yaml create mode 100644 immich/sealed-secret.yaml create mode 100644 invidious/invidious-deployment.yaml create mode 100644 invidious/invidious-service.yaml create mode 100644 invidious/sealed-secret.yaml diff --git a/immich/immich-machine-learning-deployment.yaml b/immich/immich-machine-learning-deployment.yaml new file mode 100644 index 0000000..43c7e8f --- /dev/null +++ b/immich/immich-machine-learning-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-machine-learning + namespace: immich-ns +spec: + replicas: 1 + selector: + matchLabels: + app: immich-machine-learning + template: + metadata: + labels: + app: immich-machine-learning + spec: + containers: + - name: immich-machine-learning + image: ghcr.io/immich-app/immich-machine-learning:release + env: + - name: UPLOAD_LOCATION + value: /usr/src/app/upload + - name: DB_HOSTNAME + value: postgresql.postgresql-system.svc.cluster.local + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: immich-secret + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: immich-secret + key: password + - name: DB_DATABASE_NAME + valueFrom: + secretKeyRef: + name: immich-secret + key: database + - name: REDIS_HOSTNAME + value: redis-master.redis-system.svc.cluster.local + volumeMounts: + - name: model-cache + mountPath: /cache + volumes: + - name: model-cache + emptyDir: {} diff --git a/immich/immich-microservices-deployment.yaml b/immich/immich-microservices-deployment.yaml new file mode 100644 index 0000000..aeccd13 --- /dev/null +++ b/immich/immich-microservices-deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-microservices + namespace: immich-ns +spec: + replicas: 1 + selector: + matchLabels: + app: immich-microservices + template: + metadata: + labels: + app: immich-microservices + spec: + containers: + - name: immich-microservices + image: ghcr.io/immich-app/immich-server:release + args: ["start.sh", "microservices"] + env: + - name: UPLOAD_LOCATION + value: /usr/src/app/upload + - name: DB_VECTOR_EXTENSION + value: pgvector + - name: DB_HOSTNAME + value: postgresql.postgresql-system.svc.cluster.local + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: immich-secret + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: immich-secret + key: password + - name: DB_DATABASE_NAME + valueFrom: + secretKeyRef: + name: immich-secret + key: database + - name: REDIS_HOSTNAME + value: redis-master.redis-system.svc.cluster.local + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-immich-secret + key: REDIS_PASS + volumeMounts: + - name: upload-volume + mountPath: /usr/src/app/upload + volumes: + - name: upload-volume + persistentVolumeClaim: + claimName: immich-library-pvc diff --git a/immich/immich-microservices-service.yaml b/immich/immich-microservices-service.yaml new file mode 100644 index 0000000..e69de29 diff --git a/immich/immich-pvc-library.yaml b/immich/immich-pvc-library.yaml new file mode 100644 index 0000000..9954244 --- /dev/null +++ b/immich/immich-pvc-library.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-library-pvc + namespace: immich-ns +spec: + accessModes: + - ReadWriteMany + storageClassName: longhorn + resources: + requests: + storage: 100Gi diff --git a/immich/immich-server-deployment.yaml b/immich/immich-server-deployment.yaml new file mode 100644 index 0000000..a69bbca --- /dev/null +++ b/immich/immich-server-deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-server + namespace: immich-ns +spec: + replicas: 1 + selector: + matchLabels: + app: immich-server + template: + metadata: + labels: + app: immich-server + spec: + containers: + - name: immich-server + image: ghcr.io/immich-app/immich-server:release + args: ["start.sh", "immich"] + ports: + - containerPort: 3001 + env: + - name: UPLOAD_LOCATION + value: /usr/src/app/upload + - name: DB_VECTOR_EXTENSION + value: pgvector + - name: DB_HOSTNAME + value: postgresql.postgresql-system.svc.cluster.local + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: immich-secret + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: immich-secret + key: password + - name: DB_DATABASE_NAME + valueFrom: + secretKeyRef: + name: immich-secret + key: database + - name: REDIS_HOSTNAME + value: redis-master.redis-system.svc.cluster.local + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-immich-secret + key: REDIS_PASS + volumeMounts: + - name: upload-volume + mountPath: /usr/src/app/upload + volumes: + - name: upload-volume + persistentVolumeClaim: + claimName: immich-library-pvc diff --git a/immich/immich-server-service.yaml b/immich/immich-server-service.yaml new file mode 100644 index 0000000..f1acc8a --- /dev/null +++ b/immich/immich-server-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: immich-server-service + namespace: immich-ns +spec: + type: LoadBalancer + ports: + - port: 80 + targetPort: 3001 + selector: + app: immich-server diff --git a/immich/redis-secret.yaml b/immich/redis-secret.yaml new file mode 100644 index 0000000..90421ef --- /dev/null +++ b/immich/redis-secret.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: redis-immich-secret + namespace: immich-ns +spec: + encryptedData: + REDIS_PASS: AgA87rwcuMmDmgvDRl6pcObFFNBPKSH1qCkXUFgIqB/jX/ursxPgP+5f9ANY7PZjZTJ3QSAenJKPKUu9ER5B04o9b09EIcSpTQ0eVQRl6jwMRRzCbFWedb1bsNPuNyQBaf7IhaLshfQPSsjamp4oAaczLjbQPs/musn/3TUYVThIdgWBltv9i/12+BkbA98sS3gsMVWyP+cCcVQ+mMTGNsLZbxP1XC50yAAWifqJk6NbT+m9CA1wnesgegyr1W7KUGxudKnRA7iaGiP+fC+LbLIbD63tkme6/65b9x5qXZLM9qpiBEX+Yrv7YTn+ZJ94KwMnDjV8Y3Izom4etOawnLaRIIal/PGJPjSLE+PqtVRKXpTO8I3ExKSHb3MfLpfqTQ24N1yoNOnYu6dv2Rhd0Q9lMA6RBX4XUfsjYxHwIWyN1HhdAkbAS+ZqIlcnzT/rVIkkLcU/3/2Ptjj1IRDHFZplibUTbmkiKBvSDeOWDDRXC0FPvMegcfv2mYXY03W70N1uW39JVd0hcDhMxVaaW7yB7rmNEdOpFmpSPBScNtJj7bjEkAQCqXfqogclPs7FJOkrEJKK92Mon8ZMRdeD7GAbh4UqiRIe/SnjD2PsxWKDIMX3uqHN4PpxtsI5F3cY8mQNLG9nP4QzS5b8uU3vfJ4aSX2WpY7UhCXZ1ZuZDMNUDyQ9ULNcFh0FAkB3KzFi35Kqlxf6CsiY2pkxmtHm4w1WJkq09n2iNlsORJayzwDu6Q== + template: + metadata: + creationTimestamp: null + name: redis-immich-secret + namespace: immich-ns diff --git a/immich/sealed-secret.yaml b/immich/sealed-secret.yaml new file mode 100644 index 0000000..b8d3ad1 --- /dev/null +++ b/immich/sealed-secret.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: immich-secret + namespace: immich-ns +spec: + encryptedData: + database: AgA+Vgab29fZ+NPF1PxzvcT3StAlEiOOKO77tYH+IgfKhdK7wTP4q+OVdV6gWPahK1ssZ8lPISml1HDMPx/IIlCYHmp1xi+wtoOgvyOGq5/8czupMQ4dLwiMVWFyRnCUm94119dCA9KImIqyhrNZ/FebqrcqvykI3h8/XDGCZujjMlHhnhRSUF3AohL3cW72tnZkDeSKebp1Mkmi0LEij2v0/+dZXuIEsfLPVHgxJKvCfPX7ND3TigBlFsa1VQOSZY19MI283rS9keqX0pFP+h0LAT6iGw/4p9fOjVYPNZySVn/z/XXcxnKjO477edJp9TGb+xd1m/kSmUhKF2w58jkKoZMlUwwCxteh9H1zj9rHMQfSmVG+tg9j5WoSsfIaWbDIFIf91l07XSwa8MGJ91NE6nvHEgf7C/OtZ52SjHTKEielLHsvTPRn2lIi14P9tMadI1z11POTf416CIcB2fXzuu619FHARSJseBpBLYwPM5pSpF0XKqTl7mW0kypa46kikjGou6CuJWhrFkh8Yqpth6hfsIV0BkLxXUpoWW9/dMQztfnuB7OvogNUJRTn+g9tzGLyY5bWddokV9s6uxyyaDAi9wPe48HRhX6bGwOgEPdprV5VRSuXu7A2g2YGYsxvvsEr9dXZA3rY9dW63wAzIhydxO8i0+9JHd9CMKohj60S5Llh402p4fDm3JIXchpeNwJzyo4= + password: AgC68pWUzY4eghLcYSxEkwVtBL7BlQ8ytG11hk8NuGcPK+B9kA0VFtw5gFTYMIb0UL95O0BN/L7A6O7oXZm6skWlwOaYmUUOhdCnws1vRA7RamA+gWiT6qV+aFVdeiWLm2pgTdwquqB/Ky2/K3FF2tLoA2Gmp+uGGbet8txMb5RlCWA5jdb6xqsszCFu8NKpcb85kaRtBAP1AzXwWWnP1E+ITM8FjsL1QXlwkxra/uChN99w6Sc66GR8VUb3M3lmtv26AX2hHhqOeWNNJzIbWpmThS+DuluopF4UF+rEixTnR5jBtl8Let6ZA/UwgZ0sfBOijFLyoSFK0ly0f1p3bDH7jtgL2f7OQNPv/VkY6RKi5LViE20m2fYKmt2Fx+FdrIAw64jK3fhLuWF9MKuHOLhgbcrpCvuIMcR1P+/TEPoOrwLy8qzSyGlHZlYHo2m16FqdHqvwHF2vd3A2OnblBx8RN51Hxr0PaRb11FxGQSdQgVU4IoQp0GlvDrhzRXHU1g4G7BnG7+fQpFHujw5QB0rrSLP8WgfWkdYOo6E7xF5EXZ+E2vWsRPRJ2bkVH0mywIo8BC1e7WCR28uLK29e2kBMxiwzDxu+7x/g8rbXxLZGVakEhvZMlWPUSBpcU6rEdW1x7+TEJCGxxBUf3/e6K60MqvOQIe3gRrevY8DddkCFbi6+ZIPmTpd95K9MwnwDDWub+CzKZaWBn6+23NMiBkMa2mgFIWn0QMxEtazTWwJITw== + username: AgA/sz7ukcLAtrSfiGncgMC/VkekQYAYhUmsVTR/sS9di8gv98+pBZbC2i1CC+Qy0yagVEmpstqD46AlkI4d/38S1YLoEolJomEn8KUcdvle7RXK5d+HXSDQCbWdhdhJsbw094rLd2pPzJ1ykVpJglbg+Ec9pzydorjS5LA8vXyujmH3YXW3OU2GCI+B8rgiedetlP6zyZciKuSNd/yDPB7cYzch0lmheGHREulvAzXE6xPv4hiyZtY0FA26zjixtQjW/CJnmwzD6/F1MBZWXtColxZob6I9I5DY4zGawNgS8n4qF/bRoIr75LYkD77KEfBWba5QkQcfnvsEmJWKFmMBchdrM8+wHulgElzTRn8HIfaslk6Aq9RBasXEBDtumBgLiOVCr4TNNX6RHNooyF6uc+Ms4zTdTsibBmMs3X0W8ON1qZx+oXf5M7QW3x+rz+cl7o1TQUsGaHeAcLjh1xGJWddSo1gRL8kqX7wlVucm2LZwIwdWnGT+Bp97FJmJ+R+xgjrmzy9lhboSK58LnpHk65psIngp0XCZ6b3pNrKbDc7H/v8EAjElSAhTGwX7nIwZ4jGCdgPICcX0FtWW17nlJIXJoHmQL08fPa7dqqkpx2JgLQ2E19TywfItxxRApYtRP2AXuf53XLiyQjDgo6STldASysj4MgpJti0lKZNUQkK2QedaXKhyLO3/n53SADSac+P8s0E= + template: + metadata: + creationTimestamp: null + name: immich-secret + namespace: immich-ns diff --git a/invidious/invidious-deployment.yaml b/invidious/invidious-deployment.yaml new file mode 100644 index 0000000..944a9ea --- /dev/null +++ b/invidious/invidious-deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious + namespace: invidious-ns +spec: + replicas: 1 + selector: + matchLabels: + app: invidious + template: + metadata: + labels: + app: invidious + spec: + containers: + - name: wait-and-die + image: alpine:latest + command: ["/bin/sh", "-c"] + args: ["sleep 21600; exit 0"] + - name: invidious + image: quay.io/invidious/invidious:2024.03.31-08390ac + env: + - name: INVIDIOUS_PORT + value: "3000" + - name: INVIDIOUS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: invidious-secret + key: invidious-postgres-password + - name: INVIDIOUS_HMAC_KEY + valueFrom: + secretKeyRef: + name: invidious-secret + key: hmac + - name: INVIDIOUS_CONFIG + value: | + db: + dbname: Invidious + user: invidious + password: $(INVIDIOUS_DB_PASSWORD) + host: postgresql.postgresql-system.svc.cluster.local + port: 5432 + check_tables: true + hmac_key: "$(INVIDIOUS_HMAC_KEY)" + pool_size: 100 + statistics_enabled: true + admins: ["tyler"] + channel_threads: 2 + channel_refresh_interval: 15m + feed_threads: 2 + banner: "Lol. Lmao even." + default_user_preferences: + default_home: "Subscriptions" + quality: dash + save_player_pos: true + port: 3000 + #external_port: 443 + #domain: watch.clortox.com + ports: + - containerPort: 3000 diff --git a/invidious/invidious-service.yaml b/invidious/invidious-service.yaml new file mode 100644 index 0000000..0f6065d --- /dev/null +++ b/invidious/invidious-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: invidious + namespace: invidious-ns +spec: + type: LoadBalancer + ports: + - protocol: TCP + port: 80 + targetPort: 3000 + selector: + app: invidious diff --git a/invidious/sealed-secret.yaml b/invidious/sealed-secret.yaml new file mode 100644 index 0000000..153cb5d --- /dev/null +++ b/invidious/sealed-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: invidious-secret + namespace: invidious-ns +spec: + encryptedData: + hmac: AgBnXw0QxXIHdSyv1jruFE7gKlnWZwHjIF6yqpx/VwXdV1G6WWCfvv+ZMA9RNvnFGP3QmNttNpErFXgpGJKP6a9gr7nIK9ilPgm9oZZP0gt8MDnNSm/17sLeMv0X84uT5SfKCbzukTPKQj2NICWLYO9M3XV5x4CXNi+1E7r+F5qtAYV/V0ZPdo35QHALKjDYv5hofsvJNaUXxamMGzMjrOBtMZKDAGx4K0ftOVr348IbKb8R3WgSrJDN2YQdk+8U1lyRZoK2yBsMYEx1/z3/YsYF/ZvE8Z6tPnRCImJSr+jkEDde0So0DkXTESdBKVnkRQ2e31pyRHGu7+z3dqZlNITFbVt3YN54+P7jDMGEEbPEgVfjJTk/MhqsfaY2WrqONXJvBFcsfVooDXG3rQinG5UkPUBLWPCnInD1mvbSyN5whC7oVh5+qwCrEN3WSsEpMUig8re10sVDwmwXehf0TqWwsIPdT/4OxYnBjzjqJ5HYopBHqCcHxeHD6o+6fNjZPSofNo2YkIX1yI+9laSjEHBmIwdFBCty10yaDsF625X07zlqFBMzSaPRcK3MVReFfUrI5w7mZuM+bzT4OG3Zf4bolQp18glzltSPxWPOsc7RRRImkcjf+PkyXmGVwZ2oPXISX+8xuOIuxhMMGAke0a7b8R7hNb/vvZ6dbtStMwZWUd0IB3Rnmb8rWmdy5qHoANYbmVmwTfcDSKxp0hqfoPNYBG7xJKAg3FjdoYjcmVmbAQ== + invidious-postgres-password: AgDCqXfmNpRx1XQeKqVrXw7u9BXLvoyWiy16S3H5MgGf7SkBffIM9fbE3bFsOI8ow0obxd1vJRw/7XZtFoGYwumoGvFLU/5N1AeluHLD8c6muBNEH7hBQmXj7rGlZ2PGKIZ+C0iqMLrt0xWpiPsPKuSxeXBwyTuZpdcw5PpTQ9N6pWhLyAM5Aw7BHXzWN3PiH4dplWnYcilj0MkNAueTwQtwksHrmPrA7ezE965adfhWzn+IWS0Rco5/QqNMArmFQqYKNkfh0mkCKz258TOLGGbznNbvWU5PQklElBUTqB2r1nJc5nYdAN0cOYYRbXhql5s61Q0S4REXG0gZVfqZMxGFpomeVx09tQRbYHKW/ptp4HKb0x2GbA/Wk1qcvvHAOqhU9f1/+MhIeyUShNeQdTthbm2hnS3Z46KPw0EEdLuSo9xG8hu+saak/xIs4bOaKbtkjSqdeTH3UzEKCjK0bQDoB6JvS6tq+CVzxoUGVYYDzbS0ADDKgdVGkOsGzVswtUOo7yYzOY9jLHanbMCZjvDfOByyYdTnegtS/iIExCPhM0V/9WzY1Y1/crX2RIgdWzTsV2djG24/tZvIggMTZE3PZH83pEduWzcMyi4JED/OYCaWlJRWFqhq+3g/K/0DgM3YPDRwul3yGhoKiWr3bRDC2RPMRTlINd10ctocnDupV1yxFzgLPimrG0LLxcmk2foRkTeJ2d/3LtjN0HfvmLSvVKrAOUDOTVcOsenoyVauNg== + template: + metadata: + creationTimestamp: null + name: invidious-secret + namespace: invidious-ns