feat(k8s_immich): use official bitnami image with pgvecto.rs extensio…

…n & bump version to 1.3.0 (#13) * feat(k8s_immich): use official bitnami image with pgvecto.rs extension * feat(ci): update change category and bump script * fix(ci): run validate on pull request * chore(dev): bump version to 1.3.0
hiteshnayak305 · Feb 4, 2025 · 3f23981 · 3f23981
1 parent 962b662
commit 3f23981
Show file tree

Hide file tree

Showing 6 changed files with 84 additions and 17 deletions.
diff --git a/.github/changelog-config.json b/.github/changelog-config.json
@@ -1,5 +1,12 @@
 {
     "categories": [
+        {
+            "title": "## 🚨 Breaking",
+            "labels": [
+                "refactor",
+                "breaking"
+            ]
+        },
         {
             "title": "## 🚀 Features",
             "labels": [
@@ -17,11 +24,26 @@
         {
             "title": "## 🧪 Tests",
             "labels": [
-                "test"
+                "test",
+                "tests"
+            ]
+        },
+        {
+            "title": "## 📚 Documentation",
+            "labels": [
+                "doc",
+                "docs"
+            ]
+        },
+        {
+            "title": "## 🧹 Development",
+            "labels": [
+                "chore",
+                "chores"
             ]
         },
         {
-            "title": "## 📦 Other",
+            "title": "## 📦 Other ",
             "labels": []
         }
     ]

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -4,6 +4,12 @@ on:
   push:
     branches:
       - master
+  pull_request:
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
 
 jobs:
   build:

diff --git a/ci/bump-version.sh b/ci/bump-version.sh
@@ -15,5 +15,3 @@ sed -i "s/version: $1/version: $2/1" galaxy.yml
 # push new version to scm
 git add .
 git commit -m "chore(dev): bump version to $2"
-git tag $2
-git push origin master --tags
diff --git a/galaxy.yml b/galaxy.yml
@@ -7,7 +7,7 @@ namespace: hiteshnayak305
 # The name of the collection. Has the same character restrictions as 'namespace'
 name: homelab
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.2.1
+version: 1.3.0
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)

diff --git a/roles/k8s_immich/files/immich_postgresql_values.yml b/roles/k8s_immich/files/immich_postgresql_values.yml
@@ -1,5 +1,5 @@
 ---
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 ## @section Global parameters
@@ -42,8 +42,12 @@ global:
 ##
 image:
   registry: docker.io
-  repository: tensorchord/pgvecto-rs
-  tag: pg14-v0.2.0
+  repository: hiteshnayak305/bitnami-postgresql-pgvecto-rs
+  debug: false
+
+## @param postgresqlSharedPreloadLibraries Shared preload libraries (comma-separated list)
+##
+postgresqlSharedPreloadLibraries: "pgaudit,vectors.so"
 
 ## @param architecture PostgreSQL architecture (`standalone` or `replication`)
 ##
@@ -57,10 +61,8 @@ primary:
   name: primary
 
   ## PostgreSQL Primary resource requests and limits
-  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
-  ## @param primary.resources.limits The resources limits for the PostgreSQL Primary containers
-  ## @param primary.resources.requests.memory The requested memory for the PostgreSQL Primary containers
-  ## @param primary.resources.requests.cpu The requested cpu for the PostgreSQL Primary containers
+  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
   ##
   resources:
     requests:
@@ -104,6 +106,45 @@ primary:
     ##
     size: 1Gi
 
+  ## Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ## @param primary.containerSecurityContext.enabled Enabled containers' Security Context
+  ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+  ## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+  ## @param primary.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
+  ## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
+  ## @param primary.containerSecurityContext.privileged Set container's Security Context privileged
+  ## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+  ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
+  ## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+  ##
+  containerSecurityContext:
+    readOnlyRootFilesystem: false
+
+  # ## Initdb configuration
+  # ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#specifying-initdb-arguments
+  # ##
+  initdb:
+    scripts:
+      initialize-immich-database.sql: |
+        BEGIN;
+        ALTER DATABASE immich OWNER TO immich;
+        CREATE EXTENSION IF NOT EXISTS cube;
+        CREATE EXTENSION IF NOT EXISTS earthdistance CASCADE;
+        CREATE EXTENSION IF NOT EXISTS vectors;
+        ALTER DATABASE immich SET search_path TO "$user", public, vectors;
+        ALTER SCHEMA vectors OWNER TO immich;
+        GRANT USAGE,CREATE ON SCHEMA public TO postgres;
+        GRANT USAGE,CREATE ON SCHEMA vectors TO postgres;
+        COMMIT;
+    ## @param primary.initdb.user Specify the PostgreSQL username to execute the initdb scripts
+    ##
+    user: "postgres"
+    ## @param primary.initdb.password Specify the PostgreSQL password to execute the initdb scripts
+    ##
+    password: "immich"
+
   ## @param primary.startupProbe.enabled Enable startupProbe on PostgreSQL Primary containers
   ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
   ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe
@@ -114,6 +155,7 @@ primary:
   startupProbe:
     enabled: true
     initialDelaySeconds: 120
+    failureThreshold: 120
 
 ## @section Metrics Parameters
 ##
@@ -123,9 +165,8 @@ metrics:
   ##
   enabled: true
   ## PostgreSQL Prometheus exporter resource requests and limits
-  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
-  ## @param metrics.resources.limits The resources limits for the PostgreSQL Prometheus exporter container
-  ## @param metrics.resources.requests The requested resources for the PostgreSQL Prometheus exporter container
+  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
   ##
   resources:
     requests:

diff --git a/roles/k8s_immich/tasks/main.yml b/roles/k8s_immich/tasks/main.yml
@@ -28,11 +28,11 @@
         mode: "0777"
       changed_when: false
 
-    - name: Deploy version 12 of postgresql chart
+    - name: Deploy version 15 of postgresql chart
       kubernetes.core.helm:
         name: immich-postgresql
         chart_ref: bitnami/postgresql
-        chart_version: 12.12.10
+        chart_version: 15.5.38
         update_repo_cache: true
         release_namespace: immich-system
         create_namespace: false