# The app can be reached at https://photoprism.<FQDN>:8443
# Change the following variables to adapt the recipe to your needs.
{% set runAsUser = 'nobody' %}
{% set runAsGroup = 'users' %}
# Insert the name of the shared folder you want to use. Make sure the
# configured UID/GID the container is running with has access to that
# directory.
{% set originalsSharedFolderName = '<MODIFY>' %}
{% set storageSharedFolderName = '<MODIFY>' %}
{% set importSharedFolderName = '<MODIFY>' %}
{% set mariaDbSharedFolderName = '<MODIFY>' %}
# !!! Only modify the following manifest if you need to make custom changes. !!!
---
apiVersion: v1
kind: Namespace
metadata:
  name: photoprism-app
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/instance: photoprism
    app.kubernetes.io/name: photoprism
  name: photoprism
  namespace: photoprism-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/instance: photoprism
      app.kubernetes.io/name: photoprism
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: photoprism
        app.kubernetes.io/name: photoprism
    spec:
      containers:
        - image: docker.io/photoprism/photoprism:latest
          imagePullPolicy: IfNotPresent
          name: photoprism
          ports:
            - containerPort: 2342
          securityContext:
            runAsNonRoot: true
            # Specifies the UID for the process running in the container.
            runAsUser: {{ uid(runAsUser) }}
            # Specifies the GID for the process running in the container.
            runAsGroup: {{ gid(runAsGroup) }}
          env:
            - name: PHOTOPRISM_HTTP_PORT
              value: "2342"
            - name: PHOTOPRISM_SITE_URL
              value: "https://photoprism.{{ fqdn() }}:{{ conf_get('conf.service.k8s') | get('websecureport') }}"
            - name: PHOTOPRISM_DISABLE_TLS
              value: "true"
          envFrom:
            - secretRef:
                name: photoprism
            - configMapRef:
                name: photoprism
            - configMapRef:
                name: photoprism-db
          volumeMounts:
            - name: originals-volume
              mountPath: /photoprism/originals
            - name: storage-volume
              mountPath: /photoprism/storage
            # - name: import-volume
            #   mountPath: /photoprism/import
      restartPolicy: Always
      volumes:
        # Folder to store original media files (DO NOT REMOVE).
        - name: originals-volume
          hostPath:
            type: Directory
            # Insert the name of the shared folder you want to use.
            # Make sure the configured UID/GID the container is running
            # with has access to that directory.
            path: {{ sharedfolder_path(originalsSharedFolderName) }}
        # Folder for cache, database, and sidecar files (DO NOT REMOVE).
        - name: storage-volume
          hostPath:
            type: Directory
            # Insert the name of the shared folder you want to use.
            # Make sure the configured UID/GID the container is running
            # with has access to that directory.
            path: {{ sharedfolder_path(storageSharedFolderName) }}
        # Folder from which files can be imported to originals.
        # - name: import-volume
        #   hostPath:
        #     type: Directory
        #     # Insert the name of the shared folder you want to use.
        #     # Make sure the configured UID/GID the container is running
        #     # with has access to that directory.
        #     path: {{ sharedfolder_path(importSharedFolderName) }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/instance: mariadb
    app.kubernetes.io/name: mariadb
  name: mariadb
  namespace: photoprism-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/instance: mariadb
      app.kubernetes.io/name: mariadb
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: mariadb
        app.kubernetes.io/name: mariadb
    spec:
      containers:
        - image: docker.io/mariadb:11
          imagePullPolicy: IfNotPresent
          name: mariadb
          ports:
            - containerPort: 3306
          securityContext:
            runAsNonRoot: true
            # Specifies the UID for the process running in the container.
            runAsUser: {{ uid(runAsUser) }}
            # Specifies the GID for the process running in the container.
            runAsGroup: {{ gid(runAsGroup) }}
          args:
            - --innodb-buffer-pool-size=512M
            - --transaction-isolation=READ-COMMITTED
            - --character-set-server=utf8mb4
            - --collation-server=utf8mb4_unicode_ci
            - --max-connections=512
            - --innodb-rollback-on-timeout=OFF
            - --innodb-lock-wait-timeout=120
          envFrom:
            - secretRef:
                name: mariadb
            - configMapRef:
                name: mariadb
          volumeMounts:
            - name: db-volume
              mountPath: /var/lib/mysql
      restartPolicy: Always
      volumes:
        - name: db-volume
          hostPath:
            type: Directory
            # Insert the name of the shared folder you want to use.
            # Make sure the configured UID/GID the container is running
            # with has access to that directory.
            path: {{ sharedfolder_path(mariadbSharedFolderName) }}
---
apiVersion: v1
kind: Secret
metadata:
  name: photoprism
  namespace: photoprism-app
  labels:
    app.kubernetes.io/instance: photoprism
    app.kubernetes.io/name: photoprism
stringData:
  PHOTOPRISM_ADMIN_PASSWORD: "admin"
  PHOTOPRISM_DATABASE_PASSWORD: "photoprism"
---
apiVersion: v1
kind: Secret
metadata:
  name: mariadb
  namespace: photoprism-app
  labels:
    app.kubernetes.io/instance: photoprism
    app.kubernetes.io/name: photoprism
stringData:
  MARIADB_PASSWORD: "photoprism"
  MARIADB_ROOT_PASSWORD: "photoprism"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: photoprism
  namespace: photoprism-app
data:
  # https://docs.photoprism.app/getting-started/config-options/
  PHOTOPRISM_READONLY: "false"
  PHOTOPRISM_PUBLIC: "false"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: photoprism-db
  namespace: photoprism-app
  labels:
    app.kubernetes.io/instance: photoprism
    app.kubernetes.io/name: photoprism
data:
  PHOTOPRISM_DATABASE_DRIVER: "mysql"
  PHOTOPRISM_DATABASE_SERVER: "mariadb:3306"
  PHOTOPRISM_DATABASE_NAME: "photoprism"
  PHOTOPRISM_DATABASE_USER: "photoprism"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: mariadb
  namespace: photoprism-app
  labels:
    app.kubernetes.io/instance: photoprism
    app.kubernetes.io/name: photoprism
data:
  MARIADB_AUTO_UPGRADE: "1"
  MARIADB_INITDB_SKIP_TZINFO: "1"
  MARIADB_DATABASE: "photoprism"
  MARIADB_USER: "photoprism"
---
apiVersion: v1
kind: Service
metadata:
  name: photoprism
  namespace: photoprism-app
  labels:
    app.kubernetes.io/instance: photoprism
    app.kubernetes.io/name: photoprism
spec:
  type: ClusterIP
  ports:
    - port: 2342
      protocol: TCP
      targetPort: 2342
  selector:
    app.kubernetes.io/instance: photoprism
    app.kubernetes.io/name: photoprism
---
apiVersion: v1
kind: Service
metadata:
  name: mariadb
  namespace: photoprism-app
  labels:
    app.kubernetes.io/instance: mariadb
    app.kubernetes.io/name: mariadb
spec:
  type: ClusterIP
  ports:
    - port: 3306
      protocol: TCP
      targetPort: 3306
  selector:
    app.kubernetes.io/instance: mariadb
    app.kubernetes.io/name: mariadb
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: photoprism-websecure
  namespace: photoprism-app
  labels:
    app.kubernetes.io/instance: photoprism
    app.kubernetes.io/name: photoprism
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`photoprism.{{ fqdn() }}`)
      kind: Rule
      services:
        - name: photoprism
          port: 2342
  tls: {}