migrate immich

apps/charts/immich/templates/deployment.yaml

@@ -53,17 +53,17 @@ spec:
             - name: OAUTH_ISSUER_URL
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
-                  key: configuration
+                  name: "{{ .Release.Name }}-oidc-credentials"
+                  key: issuer
             - name: OAUTH_CLIENT_ID
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
+                  name: "{{ .Release.Name }}-oidc-credentials"
                   key: clientId
             - name: OAUTH_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
+                  name: "{{ .Release.Name }}-oidc-credentials"
                   key: clientSecret
             - name: OAUTH_SCOPE
               value: "openid profile email"

apps/charts/immich/templates/oidc.yaml

@@ -0,0 +1 @@
+{{ include "common.oidc" . }}

apps/charts/immich/templates/pvc.yaml

@@ -1,37 +1 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: "{{ .Release.Name }}-upload"
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 100Gi
-  storageClassName: "{{ .Values.globals.environment }}"
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: "{{ .Release.Name }}-library"
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 100Gi
-  storageClassName: "{{ .Values.globals.environment }}"
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: "{{ .Release.Name }}-model-cache"
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
-  storageClassName: "{{ .Values.globals.environment }}"
+{{ include "common.pvc" . }}

apps/charts/immich/templates/virtual-service.yaml

@@ -1,39 +1,2 @@
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-public"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.public }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
-
----
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-private"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.private }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
+{{ include "common.virtualService" . }}
 

apps/charts/immich/values.yaml

@@ -1,4 +1,6 @@
 subdomain: immich
+
+# Image configurations for multiple deployments
 server:
   image:
     repository: ghcr.io/immich-app/immich-server
@@ -23,3 +25,29 @@ postgres:
 # Database configuration
 database:
   enabled: true
+
+# Persistent volume claims
+persistentVolumeClaims:
+  - name: upload
+    size: 100Gi
+  - name: library
+    size: 100Gi
+  - name: model-cache
+    size: 10Gi
+
+# Note: Services are kept custom due to different selectors for each deployment
+
+# VirtualService configuration
+virtualService:
+  enabled: true
+  gateways:
+    public: true
+    private: true
+  servicePort: 80  # Port of the main server service
+
+# OIDC client configuration
+oidc:
+  enabled: true
+  redirectUris:
+    - "/api/auth/callback/authentik"
+  subjectMode: user_username