From b117836b1c09fbe677ad6837b7836f4944055167 Mon Sep 17 00:00:00 2001
From: SeanOMik <seanomik@gmail.com>
Date: Mon, 30 Dec 2024 21:21:12 -0500
Subject: [PATCH] feat(immich): add init container for altering postgres
search_path
---
.../apps/media/immich/app/helm-release.yaml | 15 +++
.../apps/media/immich/app/secret.sops.yaml | 105 +++++++++---------
2 files changed, 68 insertions(+), 52 deletions(-)
diff --git a/kubernetes/main/apps/media/immich/app/helm-release.yaml b/kubernetes/main/apps/media/immich/app/helm-release.yaml
index 25a80370..8e77e960 100644
--- a/kubernetes/main/apps/media/immich/app/helm-release.yaml
+++ b/kubernetes/main/apps/media/immich/app/helm-release.yaml
@@ -21,6 +21,21 @@ spec:
values:
controllers:
immich:
+ initContainers:
+ alter-db-searchpath:
+ image:
+ repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
+ tag: 16.4
+ envFrom: &envFrom
+ - secretRef:
+ name: immich-secret
+ command:
+ - /bin/bash
+ - -c
+ - |
+ export PGHOST=$${DB_HOSTNAME}
+ export PGPASSWORD=$${DB_ROOT_PASSWORD}
+ echo "ALTER SYSTEM SET search_path TO 'immich', public, vectors;" | psql -d immich -U postgres
containers:
app:
image:
diff --git a/kubernetes/main/apps/media/immich/app/secret.sops.yaml b/kubernetes/main/apps/media/immich/app/secret.sops.yaml
index 173ef1c2..cc54276f 100644
--- a/kubernetes/main/apps/media/immich/app/secret.sops.yaml
+++ b/kubernetes/main/apps/media/immich/app/secret.sops.yaml
@@ -4,73 +4,74 @@ metadata:
name: immich-secret
namespace: media
stringData:
- REDIS_HOSTNAME: ENC[AES256_GCM,data:N23mA39hJWo+2yRzPgdOxIulDGWQ1CiJVA==,iv:uTRsHK56nh1ZBBGAnCQKgVypaK7+3GXAMETCCduUB3w=,tag:CAepyPr9rygcwhkKeKxZEw==,type:str]
- REDIS_PASSWORD: ENC[AES256_GCM,data:tBWF0isqFPEZPIu9VkD0uMvBvSi/p0bOUkX9mQo=,iv:mf9weFyzS9ZNMWsGHYAZIFpgkXKC1tWjViu7LBKrJAk=,tag:atOKqcQLF4OoQCkO72S1DQ==,type:str]
- DB_HOSTNAME: ENC[AES256_GCM,data:fvnQKUXDoWmNf9qOwbXXDBH83KJ6PVxha5Y=,iv:g2PtAk/vKhsBSiATsl4uEPYuU6jKSSytRmS3So230QY=,tag:3GBoTH38Zy/X90bu8oTjIw==,type:str]
- DB_DATABASE_NAME: ENC[AES256_GCM,data:Z7ejhq47,iv:Y9pps1IlIEtye0BnQIrosJhn+BaHzY9wvxbHxk/rZeQ=,tag:02+bXrEDQ6t2doRfo1N0mQ==,type:str]
- DB_USERNAME: ENC[AES256_GCM,data:nBwZkvWZ,iv:WHn1YXDieUgBFkJdDEtZFi0hhQYqAy/LCjep0j/Srbc=,tag:+UNkqAtv1BoBtziH0wIhZw==,type:str]
- DB_PASSWORD: ENC[AES256_GCM,data:+0WBuzw3ZApmv1X7hphiPSG+pEjDJcphlASMJNXS1/U=,iv:lnX8rxpC93f2pBQZZp2g3pdxwSYOooNNKcG+NitisaY=,tag:2f3hnGcKE13UVLsCqC0qWA==,type:str]
- IMMICH_MACHINE_LEARNING_URL: ENC[AES256_GCM,data:cypbV64M/Z/bpZ+DPwFcciWHm9kW,iv:LJRiDTHjVOTfOycE3o6bjf9crj6dXWeZBpwGwyYP13A=,tag:u5tn/X3GhyguLL/dGLmTPw==,type:str]
+ REDIS_HOSTNAME: ENC[AES256_GCM,data:4nsNrMpzeEa2latEYKMY3gqdeJHb2uMI1A==,iv:WNeXzxIABhAlg8jwtFiVgqM7ZX4zMRBafJItKYQOjvk=,tag:KfCQ0cvzHU5oiGCvxFXOvQ==,type:str]
+ REDIS_PASSWORD: ENC[AES256_GCM,data:Vbg29adZQFfoQKAYtw/SiVYQLA8ldb6wp0+fANU=,iv:aPDiPlW1eZ3k5LceGsetVa29nK1/Xh4mTPariid9gWA=,tag:BRwR0/P2RJyeo0GA7qnkCg==,type:str]
+ DB_HOSTNAME: ENC[AES256_GCM,data:1Km16AQ7ZI6Vp8gJ2X1GWDueiPSsUARyV1E=,iv:VpUhbBHzYQwNn7w9dkl9SeDjenJGCMtkMxKUNUBSJVQ=,tag:iOh2Z64ZETVh3A9GgVCFQg==,type:str]
+ DB_DATABASE_NAME: ENC[AES256_GCM,data:qnjumUy7,iv:YcHNvN5spm1dQiEnwx+pUoYhYOjyhV2BglSvdvvvBS0=,tag:qp+n+utODDLgIEr5wLxkqA==,type:str]
+ DB_USERNAME: ENC[AES256_GCM,data:5AwXhp2q,iv:BPsl5ksxYBERpEDABG4RCBf7XHInA4rpLbavQ3Joapk=,tag:sEdCDujhTsIYwW8w+ACbWA==,type:str]
+ DB_PASSWORD: ENC[AES256_GCM,data:VLOXKhj4ULr8WdR7WZwLj7L9CKnGho6p/xpbmiyHYRw=,iv:dr2wTeZ1TVG5kiC5BKiedrqGdIACfHGTgfMEvmjz/8E=,tag:061iGQw/11He9PIx0xJ75Q==,type:str]
+ DB_ROOT_PASSWORD: ENC[AES256_GCM,data:T6yzWXz6z3crQRvRzcidMYeApQ3l6T947ZZSYu2R3p3oSlo=,iv:YBRTrIqlKLTc8kd4NsjwbOwJ8jygdqH1OvmbrPzvdeI=,tag:5yjWEoX39rtRu4u36cPuvQ==,type:str]
+ IMMICH_MACHINE_LEARNING_URL: ENC[AES256_GCM,data:hjCUGBZJBHG/vHaHoqZb96u+2XKV,iv:Ly0t+1oRZpyljC43r+3iNvFhs0I/KWcM++QZ+pRzw3o=,tag:40So3dnDNUVVFciU+5yn/g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2024-12-31T00:29:07Z"
- mac: ENC[AES256_GCM,data:Db0zmneVH+WCLyG8gRuTX3+e2GB/LqOyZQInj5ciOma+hJ/RaMZ+HOClzL/E91TXl4mqOjhVMa+MUTeZSg5KT7d2G2ugNl2gaRKTKlJlwikFWV/BXFVjzAq6xre4UekcAo3VKf2Q5yabhUYkw5xDGT9VmxHtjSFHjWbK5IYe/Zw=,iv:PssWY6juAH4RdQ4mHiw4jEQbb6ua115b72jt5T7R8vM=,tag:HL4bFdCCNX5TgUT7m0d7Rg==,type:str]
+ lastmodified: "2024-12-31T02:19:39Z"
+ mac: ENC[AES256_GCM,data:nXE+rMdrJzS64iPt+N6mSZKSyNJq0ba6kQD+DHaBEc3lX/njrWyd49+VWEUL7gZC7PDem2LFZk7AIgb6Gn9HMkTntpMSco2GU2V8TQdR/PqPBs4uqwTGtNz1X1iSpIqS4tFZD/9HA5abbMIgE+QZhYBn7alVbe1H7bFOztxPh5w=,iv:aENXRfDwtx97VSgMur5RFAPf8VE3xbgwpkb/5bDKEtA=,tag:vJ/E6CIzjj0ABYVzreeSWA==,type:str]
pgp:
- - created_at: "2024-12-31T00:29:07Z"
+ - created_at: "2024-12-31T02:19:39Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMAyqlIeyoxYovAQ/8CkN1b8s3J4KQAWs5FYdsUm18wX/Qxvf0MZ2K5bdERSmp
- i1k5N7f/O9CLP9EaXllQR3n2TEDn+y43HkN66kz1s3MpAtJfao3NoiDqo5OdT4ku
- UENfVBJ9ATQzUI5/DjQwBSkfpz6CaFj9eLUIkAEegWeZr2/yh3Ad9oTOmQmlCIWU
- tKtRnzNhs8xUQCL9aucJzjUERzWWgi/d15fNbAHwmwlMNNUft3NUfU3pqjfLG5U1
- yft202HkGceYhgZUkGK2K64A5kelcZOPieKlbVIa52DtRvoOlTLesWGzWGtv2TxO
- wdp4qZLtHj4gKwdJpRN1lSi0WodlUr3ZPyTZjx4VdenlsQYi1jyoRugIINDLOSP6
- XFHuoc20h4pkgz0Iv7G9xgvMAFEP/GQt1WFPSVVpX88dxbcfS0bRhEsziGmW8nhm
- JOB6VK2AVACfRvFptSwj8G4OkkqAcZXno4AnwxPF+iwMUS348s//CxtUcVVIZeoO
- jBymh/a5AWuyCJSok97Cg98NGZTfYeC1uJXnj89pvD7nc5Au5TJD1VD1qqvlqbP7
- vNQm1XeilLQhQm32h7sJCh2nAyTfkHxh5sV7dxaZz5wR0mhL3aNryWXyvWcBDZpM
- H17Nw6QHM+w842d4mT9F+Mdg5nxe+uVTL4vPNAwQruK3q74y0+RO6WkbfcnmH7+F
- AgwDXjg0p2IN1X8BD/9TDuirpoSaTcv6VYEpt5aMiheblxxH/0l+wXIxW7t7W7ek
- On4K2F6ahBemxWdK3IdC4t79DYGWaTWKpKyA9vK9o4P6JNnOYXtANPAU+0xg8JDy
- b/J0fiWP0XTPxAYnWURShPpaJ0FXwxKmYN3WXpSMw6s5STRFY3Jm/oaNhhBW3yma
- 6elqJ7skRDa29Jsy+TKjAhlqTEod4vhavcE3p2ykh/dpv263eiX8NHuv8gstfb/0
- Qeng4IbhZn+KK+ek1ChIaDNoJ3LMTQGcan2o+SUXjuYbVAsnvsLKpp3dE8thD9L8
- u1BD69zkBO4e7Pf5rXLSsOviIxXH774xtEV0AMCzvkDZ0XVcWKEX8zg3fUR58z7B
- tyVzj6IEvK3pXG5S0DJboLeIa/AxY3dXyNpl/CGFpGcTGqtouC8eIlEDWrRvNei1
- sAiBKfjpB6dM33Ki1tB1lAnAg3tF+Sp18bKTslq5jLzdEXnHj862JZ6Ea2RkQ1Gl
- EXmJzcm9N1edQlXmZOzFFakGhiLD5rB8n5IKJAq/PG9Tx34ivFew/7c2Zf3U7sY9
- AdDs1+1OgTYlTP0T5H0tHB68wUYCrdSYZ0P3kQU2fAHfsYazljrRU974+Fd1EXmw
- VTsB7wBVjd9IywXcI2aeEO5rf7y/bcKYuDibysEp6DgWWfiSEV6u7GaQuLVtRdRo
- AQkCEMxMOR7ZGjaby5Zl0QSjnw05JqUYDmBTgxrXi8xx3mlACH/9vZz+t2Yvx+yo
- RnYpAVlH8XRQOyNUTE3jxNJnXBtskMj2r07OfAskiORLJ8eQ2iVy8GpflpSQzFVk
- 1xi167kCJXU=
- =FqcK
+ hQIMAyqlIeyoxYovARAAuvTe9MiIAvkJrPfasQ+B6FpkiqGOZd0FWZf6uUomFQXp
+ /4MApT0Jk2V8IGuyZ5FYeNkLAIiaX5KfT2NHeN5DH+2oyyhpvTeePOyfgSTVmiaq
+ 7Eq8vRmAsNGm0X6E5ukKAw61NfFB5dmjR5Z3ZO/F6f3M0r+f4MaBIRQmYCl7YueJ
+ pmpxIj/I5kyl1Q4P+b2Z0t2l6+m3VnEGLEcL8k2oQwjM8kSiW/j0MtFHSmgyqz/w
+ K1MwwpK+1GBpbYpjthBCSzNFAWA066nZuu89bdA4+1gLJhFdq2zNOm3ATDYbF0a7
+ lLw0ZA5SUHsFOGbxozUNewOqPJufrAcxah02hVq6DrdTsOK9VfOMjTRIOTIZFoJ7
+ JJzZQ5Y7Nb7jCKXXu6pQOe15kh5dHdzHn410w5/xth1bYJOCuCRcALZA+egFIc34
+ jXNB0kkGTEF5JUd+OBYD3BU++39o7eV5QNIdH4dHbiHVEgMFASpYKFqaxKeLNOX/
+ 9ie02/PG2dhp792vnECXprKxJN7BRsbF4vm5E3jiOom0uUVdHWoCpEb3jlq6l7Ch
+ bn4UuK4kwFRJNHRS54hoJeX6s1yjmEcTB7UKEcspUUGtPSt4H0bjQMEeXaztKGeG
+ XjwnrbzCo1kjN5bDGjePbtRoLl2HFD+YTryE1MIycqeVf4D4Uq7+TAefJ3JdFZ+F
+ AgwDXjg0p2IN1X8BD/9oJTQStY5Q09a3c3hfgOsm8vqxInk6fhvPgr4VhpaRfjbc
+ rjaB42IEhg1MZBpcV14jqoD+aD3IdXAFAd4XIxApmwrpIAv6jPpWbEewmLvxrhNj
+ zA69gAKh+n4l2eGENI3EOkVnsYmtmvTqQm8OIW7UXTwwrYuWe8DUwTmmt06t2Vuo
+ gMppzG/Payo31oaSRetMU+flMoesur7T1WWqrM7PAoCmg6IE241z0LjhYa5ms9Nc
+ yaUmWoJ5Yct2WgGunEQ1fHExIk6vcyCmSU86Hzz/d6u40nfu08ILfseKQr4+hhml
+ YIh8asIfD3+BMxlwlflWPhDhqR1rsLpNS+DMa78A0HlOCkS/rFhoWV8e4qrSO95F
+ cD0Cqm56Tv80zEw1yul4/CF23CUG9aFvEIkCxMo4at+jFGhADNfvlgSJbZYrtQiD
+ vk3Od2443fFLeAh6zEEn4xOnwZnesj4xk0FIW0RahctWQJ161R+UOurrYN77j2Nv
+ F/OcxqA5lBBR2yAqvWABUeSDeED8OW/lLVb55qviYK1uaFxTo1HcrWFPeVbec8gx
+ wb8gggNwccVlpkEUldBwQFbW9lmCBHTd5N4rJG9n8asEKhxVijL0aS3cgHVLpvc0
+ KOXhR9HssH81gQ4hWJpXtgItwLv/sF+iKH/mimga+AyvvlLAyg8/7TgZEg3WNNRo
+ AQkCEOlbXVh11uilDr80Pf9wvH/2enP/dqBilyhkuNmffRodr8XiWJT7PXXXNn1q
+ 6oAaZoSpbO1tv26pOPhB0MX9ZDsXd1g2a/tQis6GniADUqjxDlkEY9kb1SnESXMz
+ Fteid2zhWM4=
+ =Z+fR
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- - created_at: "2024-12-31T00:29:07Z"
+ - created_at: "2024-12-31T02:19:39Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMAy5t8IMoPu4VARAAnaRCB32nPrLnIow4QqZ3F30shYg3PF/yf75BDDDCKbeO
- /L3BTXLkRRpIGOYwlT2carTtZVhe7hI8o7VtqTu4hMqqf3Tlv8ZpbqJKxLgioZ8w
- j63scRgR7H5hNil3nxps3e7Zn5daiQaQqI5I8X3frBt1muP0f+lED9P8q/77H1DA
- RfFGSaOq7EHev3viXaPn9YUSZx4JKz8rsdwutKHuBAz+XtS9t54cN5V1EyNzr6kr
- Lv8YaHX7i7JFdB/JkWmrMfmgrmrwGY0YRvqb6k5q5JwEowkKTdk0D0qsDIygFyHF
- ovzixtb8Lq2DzF1/Ip35W5Hzopce2DvLos0Z0PsJAlbjuwGFRnSd/1hyaCDr9uN9
- +yMIMfS5hhcSAx6ZzxSME6Z85YEMVJ4AKX3+dhTrUo7fBZpCRXhnyye+0hv1H3gG
- DT+Fc56iSgZ6oQEBNmEcjEcS0bg7C5KsLBhtKNGNqeOGM08QXSQUpx0IdD11cDtB
- tEqR6mRJOKWCpY5Cnlc7xf9Ajn2vuGWZUm/+tWv3iZ/lQ5Co6utyWY4GscFhya9a
- yKyOo5HeAiSz1Nku7Goa05cAfMkGthz1OlZ/Gv19yrWw/0R4tQUFfP4fkctUbF1H
- tvO4bkk6ujXiGX6a3oUBctS30NSFBSKm+hyJ+ACq/fK29dBepA93YBxn9WmfNf7U
- aAEJAhCowUaeNLUuouwnPnhWGZKiXBs/elNKU6iQ0E6HQn7YsKAi4vqHHP9W/Wjf
- rv8FFmTXgZ1utxlInKZhsKMxWGxo6AtRVZUS0TwBIGo+cyOB/pQ2Xc1zYMljCGzb
- T7NFJuwq3MB0
- =HbZT
+ hQIMAy5t8IMoPu4VAQ/+Nb7iDU+kNeJ5FxJ5mxcxlqdlEZq8St3ST5IAoOZoszPf
+ uy+f0kM3qTLI+AZlQi79+iOROmI4C/3DZ5S4RJ51iZsIFJMVu2O22XTPSqw4DwTb
+ EQBDOd2xsgopqVObjvSUjrKKRD0LBwC/DjJgWqT5+I6vWccx/51+LjX2uwpN146S
+ xg8DkwVJIBwoviAOZxJP2IhBnhaIsyygJyY9JwHbiPEm0b9U+4HdGn00GyLYtNFg
+ TCW2nQoXSR3j48f2udgCDhbbrQ3XurKZy3JpSbbG+WCc0rW7EgOXZQCdhD+6b1ap
+ CPiC2epj4Jr/GDZegVQDtFDHLAYG5vcW2tonFIcnfVh930OT+KCEVmz0VLUvoddU
+ Fqfrssep2JlWYpWVc5L9ocHgGcM3ewk/xtVUskUEf7X4jAoaDMEJNa/vjD44FsvB
+ yVb1FTOo9v6WUcC7sI2wOMM0AJxX2TCrQByM1gBWz0LP4AoVvQtGp1ef5Dwtz92E
+ VX1P2ifpFV+XibcZMB7fEXUtmmCrtQ4vL2yQR4f09wAPSLYNBkxVXeExybhlcypM
+ 2acw1Z7IMRyGZq9iJ/ZI+J/zch5AI8n4GoA3/cQN7g9/xgvelnCQ3gPeGC/gnhGS
+ DYNQB+R45krPrOcA76lI7FtEiLYGXm+CLZKu7N8OUYyMtEYFHvVIf3i2e+F7qGzU
+ aAEJAhAT6RWTS7KgK5AYCOshkWkAzwbs6WDNzG8/HxouaoZgEPGhinOjbRZwAJrt
+ CSSO5zft+ZliEczqbKovyIXoGFs8yL1wbTeUCt7z09YJZsRsAG1775mIlpGixQWt
+ 5zqvSVeF6ILU
+ =vttn
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$