====== Photoprism ======
https://photoprism.app/\\
https://docs.photoprism.app/\\
https://dl.photoprism.app/docker/docker-compose.yml\\
https://docs.photoprism.app/getting-started/advanced/kubernetes/\\
===== k8s =====
==== Учётные данные (secret) ====
(''echo -n 'password' |base64'')
++++ photoprism-secret.yaml |
apiVersion: v1
kind: Secret
metadata:
name: photoprism
type: Opaque
data:
admin-pass: YWRtaW4=
mysql-user: cGhvdG9wcmlzbQ==
mysql-pass: cGFzc3dvcmQ=
mysql-root-pass: cm9vdHBhc3N3b3Jk
++++
==== Конфигурация ====
Конфиг site-url должен быть тем же, к которому обращается пользователь, для генерации правильных ссылок доступа.
++++ photoprism-conf.yaml |
apiVersion: v1
kind: ConfigMap
metadata:
name: photoprism
data:
site-url: "http://docker:32342/"
site-title: "Test photo site"
site-caption: "My photos"
site-description: "This is my lovely photosite"
site-author: "Viacheslav"
home: "/photoprism"
uid: "1000"
gid: "1000"
db-driver: "mysql"
db-server: "photoprism-db:3306"
db-name: "photoprism"
++++
==== База данных ====
Под БД + сервис ClusterIP
++++ photoprism-db-deploy.yaml |
apiVersion: apps/v1
kind: Deployment
metadata:
name: photoprism-db
labels:
app: photoprism-db
spec:
selector:
matchLabels:
app: photoprism-db
template:
metadata:
labels:
app: photoprism-db
spec:
containers:
- name: photoprism-db
image: mariadb
resources:
limits:
memory: "128Mi"
cpu: "500m"
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: photoprism
key: mysql-root-pass
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: photoprism
key: db-name
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: photoprism
key: mysql-user
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: photoprism
key: mysql-pass
volumeMounts:
- mountPath: /var/lib/mysql
name: photoprism-db
ports:
- containerPort: 3306
volumes:
- name: photoprism-db
hostPath:
path: /home/user/volumes/photoprism-db
type: DirectoryOrCreate
---
apiVersion: v1
kind: Service
metadata:
name: photoprism-db
spec:
selector:
app: photoprism-db
ports:
- port: 3306
targetPort: 3306
++++
==== Приложение ====
Под приложения + сервис NodePort
++++ photoprism-deploy.yaml |
apiVersion: apps/v1
kind: Deployment
metadata:
name: photoprism
labels:
app: photoprism
spec:
selector:
matchLabels:
app: photoprism
template:
metadata:
labels:
app: photoprism
spec:
containers:
- name: photoprism
image: photoprism/photoprism
resources:
limits:
memory: "128Mi"
cpu: "500m"
env:
- name: PHOTOPRISM_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: photoprism
key: admin-pass
- name: PHOTOPRISM_SITE_URL
valueFrom:
configMapKeyRef:
name: photoprism
key: site-url
- name: PHOTOPRISM_DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: photoprism
key: db-driver
- name: PHOTOPRISM_DATABASE_SERVER
valueFrom:
configMapKeyRef:
name: photoprism
key: db-server
- name: PHOTOPRISM_DATABASE_NAME
valueFrom:
configMapKeyRef:
name: photoprism
key: db-name
- name: PHOTOPRISM_DATABASE_USER
valueFrom:
secretKeyRef:
name: photoprism
key: mysql-user
- name: PHOTOPRISM_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: photoprism
key: mysql-pass
- name: PHOTOPRISM_SITE_TITLE
valueFrom:
configMapKeyRef:
name: photoprism
key: site-title
- name: PHOTOPRISM_SITE_CAPTION
valueFrom:
configMapKeyRef:
name: photoprism
key: site-caption
- name: PHOTOPRISM_SITE_DESCRIPTION
valueFrom:
configMapKeyRef:
name: photoprism
key: site-description
- name: PHOTOPRISM_SITE_AUTHOR
valueFrom:
configMapKeyRef:
name: photoprism
key: site-author
- name: HOME
valueFrom:
configMapKeyRef:
name: photoprism
key: home
- name: PHOTOPRISM_UID
valueFrom:
configMapKeyRef:
name: photoprism
key: uid
- name: PHOTOPRISM_GID
valueFrom:
configMapKeyRef:
name: photoprism
key: gid
workingDir: "/photoprism"
volumeMounts:
- mountPath: "/photoprism/storage"
name: photoprism
ports:
- containerPort: 2342
volumes:
- name: photoprism
hostPath:
path: /home/user/volumes/photoprism
type: DirectoryOrCreate
---
apiVersion: v1
kind: Service
metadata:
name: photoprism
spec:
type: NodePort
selector:
app: photoprism
ports:
- port: 2342
targetPort: 2342
nodePort: 32342
++++
==== Ingress ====
При использовании Ingress нужно убрать NodePort из сервиса.
Сначала нужно создать секрет с сертификатом. Если есть промежуточные сертификаты, их нужно все добавить в tls.crt.\\
k create secret tls domain.ru-wildcard-tls --cert=tls.crt --key=tls.key
Сертификат заработал только тогда, когда секрет с ним находился в том же пространстве имён, что и целевой под, а вовсе не в пространстве имён ingress, как говорится в некоторых роликах в интернете.
В объекте Ingress необходимо соответствие имён хостов в разделах tls и rules, даже если сертификат wildcard.
++++ photoprism-ingress.yaml |
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 4g
nginx.ingress.kubernetes.io/proxy-buffering: "off"
spec:
tls:
- hosts:
- docker.domain.ru
secretName: domain.ru-wildcard-tls
rules:
- host: docker.domain.ru
http:
paths:
- path: /photo
pathType: Prefix
backend:
service:
name: photoprism
port:
number: 2342
++++
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/\\
https://kubernetes.io/docs/concepts/services-networking/ingress\\
https://www.youtube.com/watch?v=7K0gAYmWWho