Single pod alternative deployment

README.md

@@ -70,6 +70,42 @@ the first start can fail if downloading the images takes more than the default s
 
 The containers should start on the next boot automatically.
 
+# Alternative single-pod deployment
+
+## SELinux
+On SELinux-enabled systems, the context of mapped host directories needs to be set manually. If all the mapped directories are under `/path/to/immich`, set the context with
+```
+chcon -R -t container_file_t /path/to/immich
+```
+
+## rootful
+
+Copy the contents of the `alternative/` directory to `/etc/containers/systemd/`
+or a subdirectory within, e.g. `/etc/containers/systemd/immich/`
+
+Edit the environment variables in `immich-configMap.yaml` according to the Immich upstream docker-compose instructions and change the published port in `immich.kube`. Edit host directory mappings in `immich-pod.yaml`
+
+Reload systemd units and start the service:
+```
+systemctl daemon-reload`
+systemctl start immich
+```
+
+## rootless
+
+Create and configure the user like above, username is `immich` in this example. Copy the contents of `alternative/` to `~/.config/containers/systemd/` or a subdirectory within.
+
+Edit `immich-configMap.yaml`, `immich-pod.yaml` and `immich.kube` like with the rootful deployment.
+
+Change ownership of the host directories to the created user. This user's UID will be mapped as root inside the containers.
+
+Start the user session, and the pod:
+```
+systemctl start user@$(id -u immich)`
+systemctl --user -M [email protected] start immich.service
+```
+
+
 
 # TODO 
 - write a makefile or a justfile that insert the variables in the unit files maybe ? Right now it requires some copy and pasting.

alternative/immich-configMap.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: immich-config
+data:
+    TZ: Etc/UTC
+    NODE_ENV: production
+    # LOG_LEVEL: verbose, debug, warn, error
+    LOG_LEVEL: warn
+    #IMMICH_MEDIA_LOCATION: "./upload"
+    #IMMICH_CONFIG_FILE:
+    #IMMICH_WEB_ROOT:
+    #IMMICH_REVERSE_GEOCODING_ROOT:
+    #HOST: 0.0.0.0
+    #SERVER_PORT: 3001
+    #MICROSERVICES_PORT: 3002
+    #MACHINE_LEARNING_HOST: 0.0.0.0
+    #MACHINE_LEARNING_PORT: 3003
+    #DB_URL:
+    DB_HOSTNAME: localhost
+    DB_PORT: 5432
+    DB_USERNAME: immich
+    DB_PASSWORD: Your-Secret-Postgres-Password
+    DB_DATABASE_NAME: immich
+    REDIS_HOST: 127.0.0.1
+    REDIS_PORT: 6379
+    #REDIS_URL:
+    #REDIS_USERNAME:
+    #REDIS_PASSWORD:
+

alternative/immich-pod.yaml

@@ -0,0 +1,123 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: immich
+  labels:
+    app: immich
+  annotations:
+spec:
+
+  ## Volume definitions
+  volumes:
+    - name: immich-data-host
+      hostPath:
+        ## Equivalent of UPLOAD_LOCATION in docker-compose
+        path: /path/to/immich/data
+        type: Directory
+    - name: immich-psql
+      hostPath:
+        path: /path/to/immich/model-cache
+        type: Directory
+      name: immich-model-cache-host
+      persistentVolumeClaim:
+        claimName: immich-psql
+    - name: immich-redis-host
+      hostPath:
+        path: /path/to/immich/redis
+        type: Directory
+
+  ## Container definitions  
+  containers:
+    ## Starting from v1.106.1 the separate microservices
+    ## container is no longer necessary
+    - name: server
+      image: ghcr.io/immich-app/immich-server:v1.114.0
+      envFrom:
+      - configMapRef:
+          name: immich-config
+          optional: false
+      securityContext:
+        capabilities:
+          drop:
+          - CAP_MKNOD
+          - CAP_NET_RAW
+          - CAP_AUDIT_WRITE
+      volumeMounts:
+      - mountPath: /usr/src/app/upload
+        name: immich-data-host
+      - mountPath: /nextcloud/nc-user
+        name: nextcloud-nc-user
+        readOnly: true
+
+    - name: machine-learning
+      image: ghcr.io/immich-app/immich-machine-learning:v1.114.0
+      envFrom:
+      - configMapRef:
+          name: immich-config
+          optional: false
+      securityContext:
+        capabilities:
+          drop:
+          - CAP_MKNOD
+          - CAP_NET_RAW
+          - CAP_AUDIT_WRITE
+      volumeMounts:
+      - mountPath: /usr/src/app/upload
+        name: immich-data-host
+      - mountPath: /cache
+        name: immich-model-cache-host
+
+    - name: psql
+      image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0
+      resource: {}
+      securityContext:
+        capabilities:
+          drop:
+          - CAP_MKNOD
+          - CAP_NET_RAW
+          - CAP_AUDIT_WRITE
+      volumeMounts:
+      - mountPath: /var/lib/postgresql/data
+        name: immich-psql
+      env:
+      - name: POSTGRES_USER
+        valueFrom:
+          configMapKeyRef:
+            name: immich-config
+            key: DB_USERNAME
+      - name: POSTGRES_PASSWORD
+        valueFrom:
+          configMapKeyRef:
+            name: immich-config
+            key: DB_PASSWORD
+      - name: POSTGRES_DB
+        valueFrom:
+          configMapKeyRef:
+            name: immich-config
+            key: DB_DATABASE_NAME
+      - name: POSTGRES_INITDB_ARGS
+        value: "--data-checksums"
+      args: ["-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
+
+    - name: redis
+      image: docker.io/library/redis:6.2-alpine
+      args:
+      - redis-server
+      - --save
+      - 60
+      - 1
+      - --loglevel
+      - warning
+      resources: {}
+      securityContext:
+        capabilities:
+          drop:
+          - CAP_MKNOD
+          - CAP_NET_RAW
+          - CAP_AUDIT_WRITE
+      volumeMounts:
+      - mountPath: /data
+        name: immich-redis-host
+
+  restartPolicy: Always
+status: {}

alternative/immich.kube

@@ -0,0 +1,7 @@
+[Install]
+WantedBy=default.target
+
+[Kube]
+Yaml=immich-pod.yaml
+PublishPort=3001:3001
+ConfigMap=immich-configMap.yaml