From eadb65db028c4b0ade4ff9c75f59d65116de4360 Mon Sep 17 00:00:00 2001 From: Timtor Chen Date: Wed, 13 Mar 2024 15:17:31 +0800 Subject: [PATCH] chore(amethyst): upgrade immich to 1.95.1 - specific postgres version to 15.6 - integrate immich-web into immich-server after v1.88.0 https://github.com/immich-app/immich/releases/tag/v1.88.0 - remove typesense and change search to pgvector/pgvecto.rs postgres extension after v1.91.0 https://github.com/immich-app/immich/releases/tag/v1.91.0 --- .../kubernetes/mydata/immich/app/immich.yaml | 84 ++----------------- .../mydata/immich/deps/immich-postgres.yaml | 1 + .../deps/immich-typesense-backup-secret.yaml | 34 -------- .../immich/deps/immich-typesense-backup.yaml | 84 ------------------- .../immich/deps/immich-typesense-data.yaml | 13 --- .../immich/deps/immich-typesense-secret.yaml | 22 ----- .../mydata/immich/deps/immich-typesense.yaml | 83 ------------------ .../mydata/immich/kustomization.yaml | 5 -- 8 files changed, 7 insertions(+), 319 deletions(-) delete mode 100644 amethyst/kubernetes/mydata/immich/deps/immich-typesense-backup-secret.yaml delete mode 100644 amethyst/kubernetes/mydata/immich/deps/immich-typesense-backup.yaml delete mode 100644 amethyst/kubernetes/mydata/immich/deps/immich-typesense-data.yaml delete mode 100644 amethyst/kubernetes/mydata/immich/deps/immich-typesense-secret.yaml delete mode 100644 amethyst/kubernetes/mydata/immich/deps/immich-typesense.yaml diff --git a/amethyst/kubernetes/mydata/immich/app/immich.yaml b/amethyst/kubernetes/mydata/immich/app/immich.yaml index a4218a18..be9e39a6 100644 --- a/amethyst/kubernetes/mydata/immich/app/immich.yaml +++ b/amethyst/kubernetes/mydata/immich/app/immich.yaml @@ -10,65 +10,6 @@ metadata: --- apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease -metadata: - namespace: mydata - name: immich-web -spec: - chart: - spec: - sourceRef: - kind: HelmRepository - name: bjw-s - # renovate: registryUrl=https://bjw-s.github.io/helm-charts - chart: app-template - version: 1.5.1 - interval: 1h - maxHistory: 1 - values: - image: - # renovate: - repository: ghcr.io/immich-app/immich-web - tag: v1.71.0 - env: - IMMICH_API_URL_EXTERNAL: https://photo.timtor.dev/api - probes: - liveness: - enabled: false - readiness: - enabled: false - - podSecurityContext: - fsGroup: 65534 - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: ["ALL"] - seccompProfile: - type: RuntimeDefault - - service: - main: - enabled: true - ports: - http: - port: 3000 - - ingress: - main: - enabled: true - ingressClassName: nginx - hosts: - - host: photo.timtor.dev - paths: - - path: / - pathType: Prefix ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease metadata: namespace: mydata name: immich-server @@ -89,7 +30,7 @@ spec: image: # renovate: repository: ghcr.io/immich-app/immich-server - tag: v1.71.0 + tag: v1.95.1 command: ["./start.sh", "immich"] serviceAccount: @@ -102,7 +43,7 @@ spec: SERVER_PORT: &port 3001 IMMICH_MEDIA_LOCATION: &data /data REDIS_HOSTNAME: immich-dragonfly - TYPESENSE_HOST: immich-typesense + DB_VECTOR_EXTENSION: pgvector DB_URL: valueFrom: secretKeyRef: @@ -113,11 +54,6 @@ spec: secretKeyRef: name: *s key: REDIS_PASSWORD - TYPESENSE_API_KEY: - valueFrom: - secretKeyRef: - name: *s - key: TYPESENSE_API_KEY persistence: data: @@ -165,13 +101,10 @@ spec: main: enabled: true ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$1 - nginx.ingress.kubernetes.io/proxy-body-size: "0" hosts: - host: photo.timtor.dev paths: - - path: /api/(.*) + - path: / pathType: Prefix --- apiVersion: helm.toolkit.fluxcd.io/v2beta2 @@ -196,7 +129,7 @@ spec: image: # renovate: repository: ghcr.io/immich-app/immich-server - tag: v1.71.0 + tag: v1.95.1 command: ["./start.sh", "microservices"] serviceAccount: @@ -210,7 +143,7 @@ spec: IMMICH_MEDIA_LOCATION: &media /data REVERSE_GEOCODING_DUMP_DIRECTORY: &dump /geocode REDIS_HOSTNAME: immich-dragonfly - TYPESENSE_HOST: immich-typesense + DB_VECTOR_EXTENSION: pgvector DB_URL: valueFrom: secretKeyRef: @@ -221,11 +154,6 @@ spec: secretKeyRef: name: *s key: REDIS_PASSWORD - TYPESENSE_API_KEY: - valueFrom: - secretKeyRef: - name: *s - key: TYPESENSE_API_KEY persistence: media: @@ -295,7 +223,7 @@ spec: image: # renovate: repository: ghcr.io/immich-app/immich-machine-learning - tag: v1.71.0 + tag: v1.95.1 env: MACHINE_LEARNING_CACHE_FOLDER: &cache /cache TRANSFORMERS_CACHE: *cache diff --git a/amethyst/kubernetes/mydata/immich/deps/immich-postgres.yaml b/amethyst/kubernetes/mydata/immich/deps/immich-postgres.yaml index cbc4bfda..f23fdb7f 100644 --- a/amethyst/kubernetes/mydata/immich/deps/immich-postgres.yaml +++ b/amethyst/kubernetes/mydata/immich/deps/immich-postgres.yaml @@ -6,6 +6,7 @@ metadata: name: immich-postgres spec: instances: 2 + imageName: ghcr.io/cloudnative-pg/postgresql:15.6 storage: pvcTemplate: storageClassName: fs-fast diff --git a/amethyst/kubernetes/mydata/immich/deps/immich-typesense-backup-secret.yaml b/amethyst/kubernetes/mydata/immich/deps/immich-typesense-backup-secret.yaml deleted file mode 100644 index edddc41d..00000000 --- a/amethyst/kubernetes/mydata/immich/deps/immich-typesense-backup-secret.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -apiVersion: secrets-store.csi.x-k8s.io/v1 -kind: SecretProviderClass -metadata: - namespace: mydata - name: &name immich-typesense-backup-secret -spec: - provider: aws - parameters: - region: us-west-2 - objects: | - - objectType: ssmparameter - objectName: /amethyst/immich-typesense-backup - jmesPath: - - path: RESTIC_REPOSITORY - objectAlias: RESTIC_REPOSITORY - - path: AWS_ACCESS_KEY_ID - objectAlias: AWS_ACCESS_KEY_ID - - path: AWS_SECRET_ACCESS_KEY - objectAlias: AWS_SECRET_ACCESS_KEY - - path: RESTIC_PASSWORD - objectAlias: RESTIC_PASSWORD - secretObjects: - - secretName: *name - type: Opaque - data: - - key: RESTIC_REPOSITORY - objectName: RESTIC_REPOSITORY - - key: AWS_ACCESS_KEY_ID - objectName: AWS_ACCESS_KEY_ID - - key: AWS_SECRET_ACCESS_KEY - objectName: AWS_SECRET_ACCESS_KEY - - key: RESTIC_PASSWORD - objectName: RESTIC_PASSWORD diff --git a/amethyst/kubernetes/mydata/immich/deps/immich-typesense-backup.yaml b/amethyst/kubernetes/mydata/immich/deps/immich-typesense-backup.yaml deleted file mode 100644 index c81bddaa..00000000 --- a/amethyst/kubernetes/mydata/immich/deps/immich-typesense-backup.yaml +++ /dev/null @@ -1,84 +0,0 @@ ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - namespace: mydata - name: immich-typesense-backup -spec: - sourcePVC: immich-typesense-data - trigger: - schedule: "0 0/12 * * *" - restic: - pruneIntervalDays: 14 - repository: immich-typesense-backup-secret - retain: - daily: 5 - weekly: 4 - monthly: 3 - copyMethod: Snapshot - volumeSnapshotClassName: rook-ceph-fs - storageClassName: fs-fast-volatile - accessModes: ["ReadWriteOnce"] - cacheStorageClassName: rbd-fast-volatile - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 1Gi - moverSecurityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - fsGroup: 65534 - seccompProfile: - type: RuntimeDefault ---- -## workaround to hold backup secret -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: mydata - name: immich-typesense-backup-secret-holder - annotations: - eks.amazonaws.com/audience: sts.amazonaws.com - eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-immich-typesense-backup-secret-holder ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: mydata - name: &n immich-typesense-backup-secret-holder -spec: - replicas: 1 - selector: - matchLabels: - app: *n - template: - metadata: - labels: - app: *n - spec: - serviceAccount: *n - volumes: - - name: &s immich-typesense-backup-secret - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: *s - containers: - - name: *n - image: busybox:latest - command: ["sleep", "infinity"] - volumeMounts: - - name: *s - mountPath: /immich-typesense-backup-secret - readOnly: true - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: ["ALL"] - seccompProfile: - type: RuntimeDefault - resources: {} diff --git a/amethyst/kubernetes/mydata/immich/deps/immich-typesense-data.yaml b/amethyst/kubernetes/mydata/immich/deps/immich-typesense-data.yaml deleted file mode 100644 index d805e958..00000000 --- a/amethyst/kubernetes/mydata/immich/deps/immich-typesense-data.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - namespace: mydata - name: immich-typesense-data -spec: - storageClassName: fs-fast - resources: - requests: - storage: 1Gi - accessModes: - - ReadWriteOnce diff --git a/amethyst/kubernetes/mydata/immich/deps/immich-typesense-secret.yaml b/amethyst/kubernetes/mydata/immich/deps/immich-typesense-secret.yaml deleted file mode 100644 index c9680d4c..00000000 --- a/amethyst/kubernetes/mydata/immich/deps/immich-typesense-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: secrets-store.csi.x-k8s.io/v1 -kind: SecretProviderClass -metadata: - namespace: mydata - name: &name immich-typesense-secret -spec: - provider: aws - parameters: - region: us-west-2 - objects: | - - objectType: ssmparameter - objectName: /amethyst/immich-typesense - jmesPath: - - path: TYPESENSE_API_KEY - objectAlias: TYPESENSE_API_KEY - secretObjects: - - secretName: *name - type: Opaque - data: - - key: TYPESENSE_API_KEY - objectName: TYPESENSE_API_KEY diff --git a/amethyst/kubernetes/mydata/immich/deps/immich-typesense.yaml b/amethyst/kubernetes/mydata/immich/deps/immich-typesense.yaml deleted file mode 100644 index 35a925bc..00000000 --- a/amethyst/kubernetes/mydata/immich/deps/immich-typesense.yaml +++ /dev/null @@ -1,83 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - namespace: mydata - name: immich-typesense -spec: - chart: - spec: - sourceRef: - kind: HelmRepository - name: bjw-s - # renovate: registryUrl=https://bjw-s.github.io/helm-charts - chart: app-template - version: 1.5.1 - interval: 1h - maxHistory: 1 - values: - controller: - type: deployment - replicas: 1 - image: - # renovate: - repository: typesense/typesense - tag: 0.24.1 - - serviceAccount: - create: true - annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-immich-typesense - eks.amazonaws.com/audience: sts.amazonaws.com - podAnnotations: - secret.reloader.stakater.com/reload: &s immich-typesense-secret - - env: - TYPESENSE_DATA_DIR: &data /data - TYPESENSE_API_KEY: - valueFrom: - secretKeyRef: - name: *s - key: TYPESENSE_API_KEY - - persistence: - data: - enabled: true - type: pvc - mountPath: *data - existingClaim: immich-typesense-data - secret: - enabled: true - type: custom - volumeSpec: - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: *s - - podSecurityContext: - fsGroup: 65534 - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: RuntimeDefault - - service: - main: - enabled: true - ports: - http: - port: 8108 - - probes: - liveness: - enabled: false - readiness: - enabled: false diff --git a/amethyst/kubernetes/mydata/immich/kustomization.yaml b/amethyst/kubernetes/mydata/immich/kustomization.yaml index 6afb12d7..1bb39918 100644 --- a/amethyst/kubernetes/mydata/immich/kustomization.yaml +++ b/amethyst/kubernetes/mydata/immich/kustomization.yaml @@ -7,11 +7,6 @@ resources: - deps/immich-postgres.yaml - deps/immich-dragonfly.yaml - deps/immich-dragonfly-secret.yaml - - deps/immich-typesense-backup-secret.yaml - - deps/immich-typesense-backup.yaml - - deps/immich-typesense-data.yaml - - deps/immich-typesense.yaml - - deps/immich-typesense-secret.yaml - app/immich-backup-secret.yaml - app/immich-backup.yaml - app/immich-data.yaml