diff --git a/charts/stable/immich/Chart.yaml b/charts/stable/immich/Chart.yaml index 59e2c655203..94dbd8f5ff1 100644 --- a/charts/stable/immich/Chart.yaml +++ b/charts/stable/immich/Chart.yaml @@ -22,7 +22,7 @@ name: immich sources: - https://github.com/truecharts/charts/tree/master/charts/stable/immich - https://github.com/immich-app/immich -version: 7.0.16 +version: 7.1.0 annotations: truecharts.org/catagories: | - media diff --git a/charts/stable/immich/questions.yaml b/charts/stable/immich/questions.yaml index 848f6635e01..1720601c3f3 100644 --- a/charts/stable/immich/questions.yaml +++ b/charts/stable/immich/questions.yaml @@ -38,28 +38,25 @@ questions: type: int show_if: [["disable_reverse_geocoding", "=", false]] default: 3 - - variable: mapbox_enable - label: Enable MapBox - schema: - type: boolean - default: false - - variable: mapbox_key - label: MaxBox Key - schema: - type: string - private: true - show_if: [["maxbox_enable", "=", false]] - default: "" - variable: log_level label: Log Level schema: type: string - default: simple + default: log enum: + - value: log + description: log - value: simple - description: simple + description: simple (Switch to log ASAP) + - value: warn + description: warn + - value: error + description: error - value: verbose description: verbose + - value: debug + description: debug + - variable: enable_ml label: Enable Machine Learning Container schema: diff --git a/charts/stable/immich/templates/_config.tpl b/charts/stable/immich/templates/_config.tpl index ee2c480668e..c58ce75b7ca 100644 --- a/charts/stable/immich/templates/_config.tpl +++ b/charts/stable/immich/templates/_config.tpl @@ -1,10 +1,8 @@ {{- define "immich.config" -}} {{- $fname := (include "tc.v1.common.lib.chart.names.fullname" .) -}} {{- $secretName := printf "%s-secret" $fname -}} - {{- $jwtSecret := randAlphaNum 32 -}} {{- $typesenseKey := randAlphaNum 32 -}} {{- with (lookup "v1" "Secret" .Release.Namespace $secretName) -}} - {{- $jwtSecret = index .data "JWT_SECRET" | b64dec -}} {{- $typesenseKey = index .data "TYPESENSE_API_KEY" | b64dec -}} {{- end }} @@ -13,31 +11,42 @@ configmap: enabled: true data: PORT: {{ .Values.service.web.ports.web.port | quote }} + NODE_ENV: production + IMMICH_SERVER_URL: {{ printf "http://%v-server:%v" $fname .Values.service.server.ports.server.port }} + PUBLIC_IMMICH_SERVER_URL: {{ printf "http://%v-server:%v" $fname .Values.service.server.ports.server.port }} + {{- with .Values.immich.public_login_page_message }} + PUBLIC_LOGIN_PAGE_MESSAGE: {{ . }} + {{- end }} + server-config: enabled: true data: - {{/* User Defined */}} - DISABLE_REVERSE_GEOCODING: {{ .Values.immich.disable_reverse_geocoding | quote }} - REVERSE_GEOCODING_PRECISION: {{ .Values.immich.reverse_geocoding_precision | quote }} - ENABLE_MAPBOX: {{ .Values.immich.mapbox_enable | quote }} SERVER_PORT: {{ .Values.service.server.ports.server.port | quote }} + micro-config: enabled: true data: MICROSERVICES_PORT: {{ .Values.service.microservices.ports.microservices.port | quote }} + DISABLE_REVERSE_GEOCODING: {{ .Values.immich.disable_reverse_geocoding | quote }} + REVERSE_GEOCODING_PRECISION: {{ .Values.immich.reverse_geocoding_precision | quote }} REVERSE_GEOCODING_DUMP_DIRECTORY: {{ .Values.persistence.microcache.targetSelector.microservices.microservices.mountPath }} + {{- if .Values.immich.enable_ml }} ml-config: enabled: true data: + NODE_ENV: production MACHINE_LEARNING_PORT: {{ .Values.service.machinelearning.ports.machinelearning.port | quote }} + MACHINE_LEARNING_CACHE_FOLDER: {{ .Values.persistence.mlcache.targetSelector.machinelearning.machinelearning.mountPath }} TRANSFORMERS_CACHE: {{ .Values.persistence.mlcache.targetSelector.machinelearning.machinelearning.mountPath }} {{- end }} + + {{/* Server and Microservices */}} common-config: enabled: true data: - IMMICH_WEB_URL: {{ printf "http://%v-web:%v" $fname .Values.service.web.ports.web.port }} - IMMICH_SERVER_URL: {{ printf "http://%v-server:%v" $fname .Values.service.server.ports.server.port }} + NODE_ENV: production + LOG_LEVEL: {{ .Values.immich.log_level }} {{- if .Values.immich.enable_ml }} IMMICH_MACHINE_LEARNING_URL: {{ printf "http://%v-machinelearning:%v" $fname .Values.service.machinelearning.ports.machinelearning.port }} {{- else }} @@ -45,24 +54,16 @@ configmap: {{- end }} TYPESENSE_ENABLED: {{ .Values.immich.enable_typesense | quote }} {{- if .Values.immich.enable_typesense }} - TYPESENSE_URL: {{ printf "http://%v-typesense:%v" $fname .Values.service.typesense.ports.typesense.port }} TYPESENSE_PROTOCOL: http TYPESENSE_HOST: {{ printf "%v-typesense" $fname }} TYPESENSE_PORT: {{ .Values.service.typesense.ports.typesense.port | quote }} {{- end }} - {{/* - Its unclear where this URL is being used, but poking in their code, seems to be used internally? - Its set to the value of IMMICH_SERVER_URL on their compose. If something doesnt work remotely, - This is the place to start looking - https://github.com/immich-app/immich/blob/b5d75e20167b92de12cc50a816da214779cb0807/web/src/api/api.ts#L55 - */}} - PUBLIC_IMMICH_SERVER_URL: {{ printf "http://%v-server:%v" $fname .Values.service.server.ports.server.port }} - NODE_ENV: production - {{/* User Defined */}} - {{- with .Values.immich.public_login_page_message }} - PUBLIC_LOGIN_PAGE_MESSAGE: {{ . }} - {{- end }} - LOG_LEVEL: {{ .Values.immich.log_level }} + + proxy-config: + enabled: true + data: + IMMICH_WEB_URL: {{ printf "http://%v-web:%v" $fname .Values.service.web.ports.web.port }} + IMMICH_SERVER_URL: {{ printf "http://%v-server:%v" $fname .Values.service.server.ports.server.port }} secret: typesense-secret: @@ -71,15 +72,13 @@ secret: {{/* Secret Key */}} TYPESENSE_API_KEY: {{ $typesenseKey }} TYPESENSE_DATA_DIR: {{ .Values.persistence.typesense.targetSelector.typesense.typesense.mountPath }} + secret: enabled: true data: - {{/* Secret Key */}} - JWT_SECRET: {{ $jwtSecret }} TYPESENSE_API_KEY: {{ $typesenseKey }} - {{- with .Values.immich.mapbox_key }} - MAPBOX_KEY: {{ . }} - {{- end }} + + {{/* Server and Microservices */}} deps-secret: enabled: true data: diff --git a/charts/stable/immich/templates/_machinelearning.tpl b/charts/stable/immich/templates/_machinelearning.tpl index 82740d6a6c0..a5a23281458 100644 --- a/charts/stable/immich/templates/_machinelearning.tpl +++ b/charts/stable/immich/templates/_machinelearning.tpl @@ -1,27 +1,25 @@ {{/* Define the machinelearning container */}} {{- define "immich.machinelearning" -}} +{{- $fname := (include "tc.v1.common.lib.chart.names.fullname" .) -}} +{{- $serverUrl := printf "http://%v-server:%v/server-info/ping" $fname .Values.service.server.ports.server.port }} enabled: true type: Deployment podSpec: initContainers: wait-server: - {{- include "immich.wait" (dict "variable" "IMMICH_SERVER_URL" "path" "server-info/ping") | nindent 6 }} + {{/* Wait for server */}} + {{- include "immich.wait" (dict "url" $serverUrl) | nindent 6 }} containers: machinelearning: enabled: true primary: true imageSelector: mlImage + securityContext: + capabilities: + disableS6Caps: true envFrom: - - configMapRef: - name: common-config - - configMapRef: - name: server-config - configMapRef: name: ml-config - - secretRef: - name: deps-secret - - secretRef: - name: secret probes: readiness: enabled: true @@ -39,16 +37,3 @@ podSpec: path: /ping port: {{ .Values.service.machinelearning.ports.machinelearning.port }} {{- end -}} - -{{- define "immich.machinelearning.service" -}} -enabled: true -type: ClusterIP -targetSelector: machinelearning -ports: - machinelearning: - enabled: true - primary: true - port: 10003 - protocol: http - targetSelector: machinelearning -{{- end -}} diff --git a/charts/stable/immich/templates/_microservices.tpl b/charts/stable/immich/templates/_microservices.tpl index d9263980916..52040d88c31 100644 --- a/charts/stable/immich/templates/_microservices.tpl +++ b/charts/stable/immich/templates/_microservices.tpl @@ -1,16 +1,22 @@ {{- define "immich.microservices" -}} +{{- $fname := (include "tc.v1.common.lib.chart.names.fullname" .) -}} +{{- $serverUrl := printf "http://%v-server:%v/server-info/ping" $fname .Values.service.server.ports.server.port }} enabled: true type: Deployment podSpec: initContainers: wait-server: - {{- include "immich.wait" (dict "variable" "IMMICH_SERVER_URL" "path" "server-info/ping") | nindent 6 }} + {{/* Wait for server */}} + {{- include "immich.wait" (dict "url" $serverUrl) | nindent 6 }} containers: microservices: enabled: true primary: true imageSelector: image args: start-microservices.sh + securityContext: + capabilities: + disableS6Caps: true envFrom: - secretRef: name: secret @@ -18,8 +24,6 @@ podSpec: name: deps-secret - configMapRef: name: common-config - - configMapRef: - name: server-config - configMapRef: name: micro-config probes: @@ -48,16 +52,3 @@ podSpec: - | ps -a | grep -v grep | grep -q microservices {{- end -}} - -{{- define "immich.microservices.service" -}} -enabled: true -type: ClusterIP -targetSelector: microservices -ports: - microservices: - enabled: true - primary: true - port: 10004 - protocol: http - targetSelector: microservices -{{- end -}} diff --git a/charts/stable/immich/templates/_proxy.tpl b/charts/stable/immich/templates/_proxy.tpl index b2f73ed8fc7..16402e04bdd 100644 --- a/charts/stable/immich/templates/_proxy.tpl +++ b/charts/stable/immich/templates/_proxy.tpl @@ -1,18 +1,31 @@ {{- define "immich.proxy" -}} +{{- $fname := (include "tc.v1.common.lib.chart.names.fullname" .) -}} +{{- $serverUrl := printf "http://%v-server:%v/server-info/ping" $fname .Values.service.server.ports.server.port }} +{{- $webUrl := printf "http://%v-web:%v/robots.txt" $fname .Values.service.web.ports.web.port }} enabled: true type: Deployment podSpec: initContainers: wait-server: - {{- include "immich.wait" (dict "variable" "IMMICH_SERVER_URL" "path" "server-info/ping") | nindent 6 }} + {{/* Wait for server */}} + {{- include "immich.wait" (dict "url" $serverUrl) | nindent 6 }} + {{/* Wait for web, otherwise nginx will fail to find host */}} + {{- include "immich.wait" (dict "url" $webUrl) | nindent 6 }} containers: proxy: enabled: true primary: true imageSelector: proxyImage + securityContext: + capabilities: + disableS6Caps: true + add: + - CHOWN + - SETUID + - SETGID envFrom: - configMapRef: - name: common-config + name: proxy-config probes: readiness: enabled: true diff --git a/charts/stable/immich/templates/_server.tpl b/charts/stable/immich/templates/_server.tpl index 1aaa2cc0f81..637313afc22 100644 --- a/charts/stable/immich/templates/_server.tpl +++ b/charts/stable/immich/templates/_server.tpl @@ -3,6 +3,9 @@ enabled: true primary: true imageSelector: image args: start-server.sh +securityContext: + capabilities: + disableS6Caps: true envFrom: - configMapRef: name: server-config diff --git a/charts/stable/immich/templates/_typesense.tpl b/charts/stable/immich/templates/_typesense.tpl index 5ab9c1bfc73..f332658f116 100644 --- a/charts/stable/immich/templates/_typesense.tpl +++ b/charts/stable/immich/templates/_typesense.tpl @@ -8,6 +8,9 @@ podSpec: enabled: true primary: true imageSelector: typesenseImage + securityContext: + capabilities: + disableS6Caps: true envFrom: - secretRef: name: typesense-secret @@ -31,16 +34,3 @@ podSpec: path: /health port: {{ .Values.service.typesense.ports.typesense.port }} {{- end -}} - -{{- define "immich.typesense.service" -}} -enabled: true -type: ClusterIP -targetSelector: typesense -ports: - typesense: - enabled: true - primary: true - port: 10002 - protocol: http - targetSelector: typesense -{{- end -}} diff --git a/charts/stable/immich/templates/_wait.tpl b/charts/stable/immich/templates/_wait.tpl index 27c8fef530c..45bda874fc0 100644 --- a/charts/stable/immich/templates/_wait.tpl +++ b/charts/stable/immich/templates/_wait.tpl @@ -1,20 +1,16 @@ {{- define "immich.wait" -}} -{{- $path := .path | default "" }} -{{- $variable := .variable }} +{{- $url := .url }} enabled: true type: init imageSelector: alpineImage -envFrom: - - configMapRef: - name: common-config command: - /bin/ash - -c - | - echo "Pinging [${{ $variable }}/{{ $path }}] until it is ready..." - until wget --spider --quiet "${{ $variable }}/{{ $path }}"; do - echo "Waiting for [${{ $variable }}/{{ $path }}] to be ready..." + echo "Pinging [{{ $url }}] until it is ready..." + until wget --spider --quiet "{{ $url }}"; do + echo "Waiting for [{{ $url }}] to be ready..." sleep 2 done - echo "URL [${{ $variable }}/{{ $path }}] is ready!" + echo "URL [{{ $url }}] is ready!" {{- end -}} diff --git a/charts/stable/immich/templates/_web.tpl b/charts/stable/immich/templates/_web.tpl index 3b1bd28d9a7..808800a0711 100644 --- a/charts/stable/immich/templates/_web.tpl +++ b/charts/stable/immich/templates/_web.tpl @@ -1,23 +1,28 @@ {{/* Define the web container */}} {{- define "immich.web" -}} +{{- $fname := (include "tc.v1.common.lib.chart.names.fullname" .) -}} +{{- $serverUrl := printf "http://%v-server:%v/server-info/ping" $fname .Values.service.server.ports.server.port }} enabled: true type: Deployment podSpec: initContainers: wait-server: - {{- include "immich.wait" (dict "variable" "IMMICH_SERVER_URL" "path" "server-info/ping") | nindent 6 }} + {{/* Wait for server */}} + {{- include "immich.wait" (dict "url" $serverUrl) | nindent 6 }} containers: web: enabled: true primary: true imageSelector: webImage + securityContext: + capabilities: + disableS6Caps: true + add: + - SETUID + - SETGID envFrom: - - configMapRef: - name: common-config - configMapRef: name: web-config - - secretRef: - name: deps-secret probes: readiness: enabled: true @@ -35,16 +40,3 @@ podSpec: path: /robots.txt port: {{ .Values.service.web.ports.web.port }} {{- end -}} - -{{- define "immich.web.service" -}} -enabled: true -type: ClusterIP -targetSelector: web -ports: - web: - enabled: true - primary: true - port: 10000 - protocol: http - targetSelector: web -{{- end -}} diff --git a/charts/stable/immich/templates/common.yaml b/charts/stable/immich/templates/common.yaml index bc788b40444..9fff86da6bb 100644 --- a/charts/stable/immich/templates/common.yaml +++ b/charts/stable/immich/templates/common.yaml @@ -1,27 +1,42 @@ {{/* Make sure all variables are set properly */}} {{- include "tc.v1.common.loader.init" . }} +{{- $fname := (include "tc.v1.common.lib.chart.names.fullname" .) -}} + +{{/* Render Proxy Workload */}} {{- $_ := set .Values.workload "proxy" (include "immich.proxy" . | fromYaml) -}} {{- $_ := set .Values.workload.main.podSpec.containers "main" (include "immich.server" . | fromYaml) -}} {{- if .Values.immich.enable_typesense -}} - {{- $_ := set .Values.workload.main.podSpec.initContainers "wait-typesense" (include "immich.wait" (dict "variable" "TYPESENSE_URL" "path" "health") | fromYaml) -}} + {{/* Append init container to server, to make sure typesense is ready before starting */}} + {{- $url := printf "http://%v-typesense:%v/health" $fname .Values.service.typesense.ports.typesense.port -}} + {{- $_ := set .Values.workload.main.podSpec.initContainers "wait-typesense" (include "immich.wait" (dict "url" $url) | fromYaml) -}} {{- end -}} -{{- $_ := set .Values.service "web" (include "immich.web.service" . | fromYaml) -}} +{{/* Render Web Workload */}} {{- $_ := set .Values.workload "web" (include "immich.web" . | fromYaml) -}} -{{- $_ := set .Values.service "microservices" (include "immich.microservices.service" . | fromYaml) -}} +{{/* Render Microservices Workload */}} {{- $_ := set .Values.workload "microservices" (include "immich.microservices" . | fromYaml) -}} {{- if .Values.immich.enable_ml -}} - {{- $_ := set .Values.service "machinelearning" (include "immich.machinelearning.service" . | fromYaml) -}} + {{/* Enable Machine Learning Service */}} + {{- $_ := set .Values.service.machinelearning "enabled" true -}} + {{/* Render Machine Learning Workload */}} {{- $_ := set .Values.workload "machinelearning" (include "immich.machinelearning" . | fromYaml) -}} +{{- else -}} + {{/* Disable Machine Learning Service */}} + {{- $_ := set .Values.service.machinelearning "enabled" false -}} {{- end -}} {{- if .Values.immich.enable_typesense -}} - {{- $_ := set .Values.service "typesense" (include "immich.typesense.service" . | fromYaml) -}} + {{/* Enable Typesense Service */}} + {{- $_ := set .Values.service.typesense "enabled" true -}} + {{/* Render Typesense Workload */}} {{- $_ := set .Values.workload "typesense" (include "immich.typesense" . | fromYaml) -}} +{{- else -}} + {{/* Disable Typesense Service */}} + {{- $_ := set .Values.service.typesense "enabled" false -}} {{- end -}} {{/* Render configuration for immich diff --git a/charts/stable/immich/values.yaml b/charts/stable/immich/values.yaml index e4a5ca7cc9e..89f4ce7460c 100644 --- a/charts/stable/immich/values.yaml +++ b/charts/stable/immich/values.yaml @@ -32,10 +32,7 @@ immich: public_login_page_message: Immich disable_reverse_geocoding: false reverse_geocoding_precision: 3 - # simple | verbose - log_level: simple - mapbox_enable: false - mapbox_key: "" + log_level: log service: main: @@ -59,6 +56,50 @@ service: port: 10001 protocol: http targetSelector: main + web: + enabled: true + type: ClusterIP + targetSelector: web + ports: + web: + enabled: true + primary: true + port: 10000 + protocol: http + targetSelector: web + microservices: + enabled: true + type: ClusterIP + targetSelector: microservices + ports: + microservices: + enabled: true + primary: true + port: 10004 + protocol: http + targetSelector: microservices + machinelearning: + enabled: true + type: ClusterIP + targetSelector: machinelearning + ports: + machinelearning: + enabled: true + primary: true + port: 10003 + protocol: http + targetSelector: machinelearning + typesense: + enabled: true + type: ClusterIP + targetSelector: typesense + ports: + typesense: + enabled: true + primary: true + port: 10002 + protocol: http + targetSelector: typesense persistence: mlcache: @@ -91,8 +132,6 @@ persistence: main: {} microservices: microservices: {} - machinelearning: - machinelearning: {} uploads: enabled: true mountPath: /usr/src/app/upload/upload @@ -102,8 +141,6 @@ persistence: main: {} microservices: microservices: {} - machinelearning: - machinelearning: {} thumbs: enabled: true mountPath: /usr/src/app/upload/thumbs @@ -113,8 +150,6 @@ persistence: main: {} microservices: microservices: {} - machinelearning: - machinelearning: {} profile: enabled: true mountPath: /usr/src/app/upload/profile @@ -124,8 +159,6 @@ persistence: main: {} microservices: microservices: {} - machinelearning: - machinelearning: {} video: enabled: true mountPath: /usr/src/app/upload/encoded-video @@ -135,8 +168,6 @@ persistence: main: {} microservices: microservices: {} - machinelearning: - machinelearning: {} cnpg: main: