refactor: change dragonfly to valkey #556
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- also change default password authentication to ACL
--- kubernetes/mydata/immich Kustomization: flux-system/6-immich HelmRelease: mydata/immich
+++ kubernetes/mydata/immich Kustomization: flux-system/6-immich HelmRelease: mydata/immich
@@ -73,13 +73,13 @@
key: DB_URL
name: immich-secret
DB_VECTOR_EXTENSION: pgvector
IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning:3003
IMMICH_MEDIA_LOCATION: /data
IMMICH_WORKERS_EXCLUDE: api
- REDIS_HOSTNAME: immich-dragonfly
+ REDIS_HOSTNAME: immich-valkey
REDIS_PASSWORD:
valueFrom:
secretKeyRef:
key: REDIS_PASSWORD
name: immich-secret
image:
@@ -127,17 +127,22 @@
name: immich-secret
DB_VECTOR_EXTENSION: pgvector
IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning:3003
IMMICH_MEDIA_LOCATION: /data
IMMICH_PORT: 3001
IMMICH_WORKERS_INCLUDE: api
- REDIS_HOSTNAME: immich-dragonfly
+ REDIS_HOSTNAME: immich-valkey
REDIS_PASSWORD:
valueFrom:
secretKeyRef:
key: REDIS_PASSWORD
+ name: immich-secret
+ REDIS_USERNAME:
+ valueFrom:
+ secretKeyRef:
+ key: REDIS_USERNAME
name: immich-secret
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.125.1
probes:
liveness:
--- kubernetes/mydata/immich Kustomization: flux-system/6-immich SecretProviderClass: mydata/immich-secret
+++ kubernetes/mydata/immich Kustomization: flux-system/6-immich SecretProviderClass: mydata/immich-secret
@@ -12,19 +12,23 @@
objects: |
- objectType: ssmparameter
objectName: /amethyst/immich
jmesPath:
- path: DB_URL
objectAlias: DB_URL
+ - path: REDIS_USERNAME
+ objectAlias: REDIS_USERNAME
- path: REDIS_PASSWORD
objectAlias: REDIS_PASSWORD
region: us-west-2
provider: aws
secretObjects:
- data:
- key: DB_URL
objectName: DB_URL
+ - key: REDIS_USERNAME
+ objectName: REDIS_USERNAME
- key: REDIS_PASSWORD
objectName: REDIS_PASSWORD
secretName: immich-secret
type: Opaque
--- kubernetes/mydata/immich Kustomization: flux-system/6-immich CiliumNetworkPolicy: mydata/immich-app-policy
+++ kubernetes/mydata/immich Kustomization: flux-system/6-immich CiliumNetworkPolicy: mydata/immich-app-policy
@@ -71,18 +71,18 @@
- ports:
- port: '53'
protocol: ANY
rules:
dns:
- matchName: immich-postgres-rw.mydata.svc.cluster.local.
- - matchName: immich-dragonfly.mydata.svc.cluster.local.
+ - matchName: immich-valkey.mydata.svc.cluster.local.
- toEndpoints:
- matchLabels:
cnpg.io/cluster: immich-postgres
- matchLabels:
- app.kubernetes.io/name: immich-dragonfly
+ app.kubernetes.io/name: immich-valkey
toPorts:
- ports:
- port: '5432'
protocol: TCP
- port: '6379'
protocol: TCP
--- kubernetes/mydata/immich Kustomization: flux-system/6-immich SecretProviderClass: mydata/immich-dragonfly-secret
+++ kubernetes/mydata/immich Kustomization: flux-system/6-immich SecretProviderClass: mydata/immich-dragonfly-secret
@@ -1,26 +0,0 @@
----
-apiVersion: secrets-store.csi.x-k8s.io/v1
-kind: SecretProviderClass
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: 6-immich
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: immich-dragonfly-secret
- namespace: mydata
-spec:
- parameters:
- objects: |
- - objectType: ssmparameter
- objectName: /amethyst/immich-dragonfly
- jmesPath:
- - path: DFLY_PASSWORD
- objectAlias: DFLY_PASSWORD
- region: us-west-2
- provider: aws
- secretObjects:
- - data:
- - key: DFLY_PASSWORD
- objectName: DFLY_PASSWORD
- secretName: immich-dragonfly-secret
- type: Opaque
-
--- kubernetes/mydata/immich Kustomization: flux-system/6-immich HelmRelease: mydata/immich-dragonfly
+++ kubernetes/mydata/immich Kustomization: flux-system/6-immich HelmRelease: mydata/immich-dragonfly
@@ -1,99 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: 6-immich
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: immich-dragonfly
- namespace: mydata
-spec:
- chart:
- spec:
- chart: app-template
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- version: 3.6.1
- interval: 1h
- maxHistory: 1
- timeout: 1m0s
- values:
- controllers:
- main:
- annotations:
- secret.reloader.stakater.com/reload: immich-dragonfly-secret
- containers:
- main:
- args:
- - --default_lua_flags=allow-undeclared-keys
- - --dir=/data
- env:
- DFLY_requirepass:
- valueFrom:
- secretKeyRef:
- key: DFLY_PASSWORD
- name: immich-dragonfly-secret
- image:
- repository: ghcr.io/dragonflydb/dragonfly
- tag: v1.26.1
- probes:
- liveness:
- enabled: true
- readiness:
- enabled: true
- startup:
- enabled: true
- resources:
- requests:
- cpu: 100m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: false
- runAsGroup: 65534
- runAsNonRoot: true
- runAsUser: 65534
- seccompProfile:
- type: RuntimeDefault
- pod:
- automountServiceAccountToken: false
- securityContext:
- fsGroup: 65534
- replicas: 1
- statefulset:
- volumeClaimTemplates:
- - accessMode: ReadWriteOnce
- globalMounts:
- - path: /data
- name: data
- size: 1Gi
- storageClass: rbd-fast
- strategy: RollingUpdate
- type: statefulset
- persistence:
- secret:
- type: custom
- volumeSpec:
- csi:
- driver: secrets-store.csi.k8s.io
- readOnly: true
- volumeAttributes:
- secretProviderClass: immich-dragonfly-secret
- service:
- main:
- controller: main
- ports:
- redis:
- port: 6379
- primary: true
- protocol: TCP
- primary: true
- serviceAccount:
- annotations:
- eks.amazonaws.com/audience: sts.amazonaws.com
- eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-immich-dragonfly
- create: true
-
--- kubernetes/mydata/immich Kustomization: flux-system/6-immich CiliumNetworkPolicy: mydata/immich-deps-policy
+++ kubernetes/mydata/immich Kustomization: flux-system/6-immich CiliumNetworkPolicy: mydata/immich-deps-policy
@@ -18,13 +18,13 @@
toPorts:
- ports:
- port: '5432'
protocol: TCP
- endpointSelector:
matchLabels:
- app.kubernetes.io/name: immich-dragonfly
+ app.kubernetes.io/name: immich-valkey
ingress:
- fromEndpoints:
- matchLabels:
app.kubernetes.io/name: immich
toPorts:
- ports:
--- kubernetes/mydata/immich Kustomization: flux-system/6-immich SecretProviderClass: mydata/immich-valkey-secret
+++ kubernetes/mydata/immich Kustomization: flux-system/6-immich SecretProviderClass: mydata/immich-valkey-secret
@@ -0,0 +1,18 @@
+---
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: 6-immich
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: immich-valkey-secret
+ namespace: mydata
+spec:
+ parameters:
+ objects: |
+ - objectType: ssmparameter
+ objectName: /amethyst/immich-valkey
+ objectAlias: users.acl
+ region: us-west-2
+ provider: aws
+
--- kubernetes/mydata/immich Kustomization: flux-system/6-immich HelmRelease: mydata/immich-valkey
+++ kubernetes/mydata/immich Kustomization: flux-system/6-immich HelmRelease: mydata/immich-valkey
@@ -0,0 +1,111 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: 6-immich
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: immich-valkey
+ namespace: mydata
+spec:
+ chart:
+ spec:
+ chart: app-template
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ version: 3.6.1
+ interval: 1h
+ maxHistory: 1
+ timeout: 1m0s
+ values:
+ configMaps:
+ config:
+ data:
+ valkey.conf: |
+ bind * -::*
+ aclfile /secret/users.acl
+ # ACL example:
+ # user default off
+ # user {username} {permissions} {access-patterns} {on or off} >{plaintext-password}
+ enabled: true
+ controllers:
+ main:
+ annotations:
+ secret.reloader.stakater.com/reload: immich-valkey-secret
+ containers:
+ main:
+ args:
+ - /config/valkey.conf
+ image:
+ repository: valkey/valkey
+ tag: 8.0.2-alpine
+ probes:
+ liveness:
+ enabled: true
+ readiness:
+ enabled: true
+ startup:
+ enabled: true
+ resources:
+ requests:
+ cpu: 100m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: false
+ runAsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
+ pod:
+ automountServiceAccountToken: false
+ securityContext:
+ fsGroup: 65534
+ replicas: 1
+ statefulset:
+ volumeClaimTemplates:
+ - accessMode: ReadWriteOnce
+ globalMounts:
+ - path: /data
+ name: data
+ size: 1Gi
+ storageClass: rbd-fast
+ strategy: RollingUpdate
+ type: statefulset
+ persistence:
+ config:
+ globalMounts:
+ - path: /config
+ readOnly: true
+ name: immich-valkey-config
+ type: configMap
+ secret:
+ globalMounts:
+ - path: /secret
+ readOnly: true
+ type: custom
+ volumeSpec:
+ csi:
+ driver: secrets-store.csi.k8s.io
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: immich-valkey-secret
+ service:
+ main:
+ controller: main
+ ports:
+ redis:
+ port: 6379
+ primary: true
+ protocol: TCP
+ primary: true
+ serviceAccount:
+ annotations:
+ eks.amazonaws.com/audience: sts.amazonaws.com
+ eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-immich-valkey
+ create: true
+
--- kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud HelmRelease: mydata/nextcloud
+++ kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud HelmRelease: mydata/nextcloud
@@ -24,13 +24,13 @@
annotations:
configmap.reloader.stakater.com/reload: nextcloud-config
secret.reloader.stakater.com/reload: nextcloud-secret
containers:
main:
env:
- _REDIS_HOST: nextcloud-dragonfly
+ _REDIS_HOST: nextcloud-valkey
NEXTCLOUD_ADMIN_PASSWORD:
valueFrom:
secretKeyRef:
key: NEXTCLOUD_ADMIN_PASSWORD
name: nextcloud-secret
NEXTCLOUD_ADMIN_USER:
@@ -57,12 +57,17 @@
REDIS_HOST_PASSWORD:
valueFrom:
secretKeyRef:
key: REDIS_HOST_PASSWORD
name: nextcloud-secret
REDIS_HOST_PORT: 6379
+ REDIS_HOST_USERNAME:
+ valueFrom:
+ secretKeyRef:
+ key: REDIS_HOST_USERNAME
+ name: nextcloud-secret
image:
repository: nextcloud
tag: 30.0.5-apache
probes:
liveness:
enabled: false
--- kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud SecretProviderClass: mydata/nextcloud-secret
+++ kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud SecretProviderClass: mydata/nextcloud-secret
@@ -18,12 +18,14 @@
- path: NEXTCLOUD_ADMIN_PASSWORD
objectAlias: NEXTCLOUD_ADMIN_PASSWORD
- path: POSTGRES_USER
objectAlias: POSTGRES_USER
- path: POSTGRES_PASSWORD
objectAlias: POSTGRES_PASSWORD
+ - path: REDIS_HOST_USERNAME
+ objectAlias: REDIS_HOST_USERNAME
- path: REDIS_HOST_PASSWORD
objectAlias: REDIS_HOST_PASSWORD
region: us-west-2
provider: aws
secretObjects:
- data:
@@ -32,11 +34,13 @@
- key: NEXTCLOUD_ADMIN_PASSWORD
objectName: NEXTCLOUD_ADMIN_PASSWORD
- key: POSTGRES_USER
objectName: POSTGRES_USER
- key: POSTGRES_PASSWORD
objectName: POSTGRES_PASSWORD
+ - key: REDIS_HOST_USERNAME
+ objectName: REDIS_HOST_USERNAME
- key: REDIS_HOST_PASSWORD
objectName: REDIS_HOST_PASSWORD
secretName: nextcloud-secret
type: Opaque
--- kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud ConfigMap: mydata/nextcloud-config
+++ kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud ConfigMap: mydata/nextcloud-config
@@ -28,12 +28,13 @@
'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => [
'host' => getenv('_REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
+ 'user' => getenv('REDIS_HOST_USERNAME'),
'password' => getenv('REDIS_HOST_PASSWORD')
],
# -- Application
'overwriteprotocol' => getenv('OVERWRITEPROTOCOL'),
'overwrite.cli.url' => getenv('OVERWRITECLIURL'),
@@ -58,13 +59,13 @@
'bulkupload.enabled' => true,
'log_type' => 'errorlog',
];
php-config.ini: |
; -- Redis session handler
session.save_handler = redis
- session.save_path = "tcp://${_REDIS_HOST}:${REDIS_HOST_PORT}?auth=${REDIS_HOST_PASSWORD}"
+ session.save_path = "tcp://${_REDIS_HOST}:${REDIS_HOST_PORT}?auth[username]=${REDIS_HOST_USERNAME}&auth[password]=${REDIS_HOST_PASSWORD}"
redis.session.locking_enabled = 1
redis.session.lock_retries = -1
redis.session.lock_wait_time = 10000
ports.conf: |
Listen 8080
kind: ConfigMap
--- kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud CiliumNetworkPolicy: mydata/nextcloud-app-policy
+++ kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud CiliumNetworkPolicy: mydata/nextcloud-app-policy
@@ -29,18 +29,18 @@
- ports:
- port: '53'
protocol: ANY
rules:
dns:
- matchName: nextcloud-postgres-rw.mydata.svc.cluster.local.
- - matchName: nextcloud-dragonfly.mydata.svc.cluster.local.
+ - matchName: nextcloud-valkey.mydata.svc.cluster.local.
- toEndpoints:
- matchLabels:
cnpg.io/cluster: nextcloud-postgres
- matchLabels:
- app.kubernetes.io/name: nextcloud-dragonfly
+ app.kubernetes.io/name: nextcloud-valkey
toPorts:
- ports:
- port: '5432'
protocol: TCP
- port: '6379'
protocol: TCP
--- kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud HelmRelease: mydata/nextcloud-dragonfly
+++ kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud HelmRelease: mydata/nextcloud-dragonfly
@@ -1,99 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: 6-nextcloud
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: nextcloud-dragonfly
- namespace: mydata
-spec:
- chart:
- spec:
- chart: app-template
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- version: 3.6.1
- interval: 1h
- maxHistory: 1
- timeout: 1m0s
- values:
- controllers:
- main:
- annotations:
- secret.reloader.stakater.com/reload: nextcloud-dragonfly-secret
- containers:
- main:
- args:
- - --default_lua_flags=allow-undeclared-keys
- - --dir=/data
- env:
- DFLY_requirepass:
- valueFrom:
- secretKeyRef:
- key: DFLY_PASSWORD
- name: nextcloud-dragonfly-secret
- image:
- repository: ghcr.io/dragonflydb/dragonfly
- tag: v1.26.1
- probes:
- liveness:
- enabled: false
- readiness:
- enabled: false
- startup:
- enabled: false
- resources:
- requests:
- cpu: 100m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: false
- runAsGroup: 65534
- runAsNonRoot: true
- runAsUser: 65534
- seccompProfile:
- type: RuntimeDefault
- pod:
- automountServiceAccountToken: false
- securityContext:
- fsGroup: 65534
- replicas: 1
- statefulset:
- volumeClaimTemplates:
- - accessMode: ReadWriteOnce
- globalMounts:
- - path: /data
- name: data
- size: 1Gi
- storageClass: rbd-fast
- strategy: RollingUpdate
- type: statefulset
- persistence:
- secret:
- type: custom
- volumeSpec:
- csi:
- driver: secrets-store.csi.k8s.io
- readOnly: true
- volumeAttributes:
- secretProviderClass: nextcloud-dragonfly-secret
- service:
- main:
- controller: main
- ports:
- redis:
- port: 6379
- primary: true
- protocol: TCP
- primary: true
- serviceAccount:
- annotations:
- eks.amazonaws.com/audience: sts.amazonaws.com
- eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-nextcloud-dragonfly
- create: true
-
--- kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud SecretProviderClass: mydata/nextcloud-dragonfly-secret
+++ kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud SecretProviderClass: mydata/nextcloud-dragonfly-secret
@@ -1,26 +0,0 @@
----
-apiVersion: secrets-store.csi.x-k8s.io/v1
-kind: SecretProviderClass
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: 6-nextcloud
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: nextcloud-dragonfly-secret
- namespace: mydata
-spec:
- parameters:
- objects: |
- - objectType: ssmparameter
- objectName: /amethyst/nextcloud-dragonfly
- jmesPath:
- - path: DFLY_PASSWORD
- objectAlias: DFLY_PASSWORD
- region: us-west-2
- provider: aws
- secretObjects:
- - data:
- - key: DFLY_PASSWORD
- objectName: DFLY_PASSWORD
- secretName: nextcloud-dragonfly-secret
- type: Opaque
-
--- kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud CiliumNetworkPolicy: mydata/nextcloud-deps-policy
+++ kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud CiliumNetworkPolicy: mydata/nextcloud-deps-policy
@@ -18,13 +18,13 @@
toPorts:
- ports:
- port: '5432'
protocol: TCP
- endpointSelector:
matchLabels:
- app.kubernetes.io/name: nextcloud-dragonfly
+ app.kubernetes.io/name: nextcloud-valkey
ingress:
- fromEndpoints:
- matchLabels:
app.kubernetes.io/name: nextcloud
toPorts:
- ports:
--- kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud HelmRelease: mydata/nextcloud-valkey
+++ kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud HelmRelease: mydata/nextcloud-valkey
@@ -0,0 +1,111 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: 6-nextcloud
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: nextcloud-valkey
+ namespace: mydata
+spec:
+ chart:
+ spec:
+ chart: app-template
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ version: 3.6.1
+ interval: 1h
+ maxHistory: 1
+ timeout: 1m0s
+ values:
+ configMaps:
+ config:
+ data:
+ valkey.conf: |
+ bind * -::*
+ aclfile /secret/users.acl
+ # ACL example:
+ # user default off
+ # user {username} {permissions} {access-patterns} {on or off} >{plaintext-password}
+ enabled: true
+ controllers:
+ main:
+ annotations:
+ secret.reloader.stakater.com/reload: nextcloud-valkey-secret
+ containers:
+ main:
+ args:
+ - /config/valkey.conf
+ image:
+ repository: valkey/valkey
+ tag: 8.0.2-alpine
+ probes:
+ liveness:
+ enabled: true
+ readiness:
+ enabled: true
+ startup:
+ enabled: true
+ resources:
+ requests:
+ cpu: 100m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: false
+ runAsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
+ pod:
+ automountServiceAccountToken: false
+ securityContext:
+ fsGroup: 65534
+ replicas: 1
+ statefulset:
+ volumeClaimTemplates:
+ - accessMode: ReadWriteOnce
+ globalMounts:
+ - path: /data
+ name: data
+ size: 1Gi
+ storageClass: rbd-fast
+ strategy: RollingUpdate
+ type: statefulset
+ persistence:
+ config:
+ globalMounts:
+ - path: /config
+ readOnly: true
+ name: nextcloud-valkey-config
+ type: configMap
+ secret:
+ globalMounts:
+ - path: /secret
+ readOnly: true
+ type: custom
+ volumeSpec:
+ csi:
+ driver: secrets-store.csi.k8s.io
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: nextcloud-valkey-secret
+ service:
+ main:
+ controller: main
+ ports:
+ redis:
+ port: 6379
+ primary: true
+ protocol: TCP
+ primary: true
+ serviceAccount:
+ annotations:
+ eks.amazonaws.com/audience: sts.amazonaws.com
+ eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-nextcloud-valkey
+ create: true
+
--- kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud SecretProviderClass: mydata/nextcloud-valkey-secret
+++ kubernetes/mydata/nextcloud Kustomization: flux-system/6-nextcloud SecretProviderClass: mydata/nextcloud-valkey-secret
@@ -0,0 +1,18 @@
+---
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: 6-nextcloud
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: nextcloud-valkey-secret
+ namespace: mydata
+spec:
+ parameters:
+ objects: |
+ - objectType: ssmparameter
+ objectName: /amethyst/nextcloud-valkey
+ objectAlias: users.acl
+ region: us-west-2
+ provider: aws
+ |
--- HelmRelease: mydata/nextcloud-dragonfly ServiceAccount: mydata/nextcloud-dragonfly
+++ HelmRelease: mydata/nextcloud-dragonfly ServiceAccount: mydata/nextcloud-dragonfly
@@ -1,15 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: nextcloud-dragonfly
- labels:
- app.kubernetes.io/instance: nextcloud-dragonfly
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: nextcloud-dragonfly
- annotations:
- eks.amazonaws.com/audience: sts.amazonaws.com
- eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-nextcloud-dragonfly
-secrets:
-- name: nextcloud-dragonfly-default-sa-token
-
--- HelmRelease: mydata/nextcloud-dragonfly Service: mydata/nextcloud-dragonfly
+++ HelmRelease: mydata/nextcloud-dragonfly Service: mydata/nextcloud-dragonfly
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: nextcloud-dragonfly
- labels:
- app.kubernetes.io/instance: nextcloud-dragonfly
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: nextcloud-dragonfly
- app.kubernetes.io/service: nextcloud-dragonfly
-spec:
- type: ClusterIP
- ports:
- - port: 6379
- targetPort: 6379
- protocol: TCP
- name: redis
- selector:
- app.kubernetes.io/component: main
- app.kubernetes.io/instance: nextcloud-dragonfly
- app.kubernetes.io/name: nextcloud-dragonfly
-
--- HelmRelease: mydata/nextcloud-dragonfly StatefulSet: mydata/nextcloud-dragonfly
+++ HelmRelease: mydata/nextcloud-dragonfly StatefulSet: mydata/nextcloud-dragonfly
@@ -1,91 +0,0 @@
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: nextcloud-dragonfly
- labels:
- app.kubernetes.io/component: main
- app.kubernetes.io/instance: nextcloud-dragonfly
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: nextcloud-dragonfly
- annotations:
- secret.reloader.stakater.com/reload: nextcloud-dragonfly-secret
-spec:
- revisionHistoryLimit: 3
- replicas: 1
- podManagementPolicy: OrderedReady
- updateStrategy:
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/component: main
- app.kubernetes.io/name: nextcloud-dragonfly
- app.kubernetes.io/instance: nextcloud-dragonfly
- serviceName: nextcloud-dragonfly
- template:
- metadata:
- annotations:
- checksum/secrets: f9a2edb516d89dc9e0af00dcf3d13ae57cbe1bc631c4b35d393a497ef218d929
- labels:
- app.kubernetes.io/component: main
- app.kubernetes.io/instance: nextcloud-dragonfly
- app.kubernetes.io/name: nextcloud-dragonfly
- spec:
- enableServiceLinks: false
- serviceAccountName: nextcloud-dragonfly
- automountServiceAccountToken: false
- securityContext:
- fsGroup: 65534
- hostIPC: false
- hostNetwork: false
- hostPID: false
- dnsPolicy: ClusterFirst
- containers:
- - args:
- - --default_lua_flags=allow-undeclared-keys
- - --dir=/data
- env:
- - name: DFLY_requirepass
- valueFrom:
- secretKeyRef:
- key: DFLY_PASSWORD
- name: nextcloud-dragonfly-secret
- image: ghcr.io/dragonflydb/dragonfly:v1.26.1
- name: main
- resources:
- requests:
- cpu: 100m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: false
- runAsGroup: 65534
- runAsNonRoot: true
- runAsUser: 65534
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /secret
- name: secret
- volumes:
- - csi:
- driver: secrets-store.csi.k8s.io
- readOnly: true
- volumeAttributes:
- secretProviderClass: nextcloud-dragonfly-secret
- name: secret
- volumeClaimTemplates:
- - metadata:
- name: data
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- storageClassName: rbd-fast
-
--- HelmRelease: mydata/immich-dragonfly ServiceAccount: mydata/immich-dragonfly
+++ HelmRelease: mydata/immich-dragonfly ServiceAccount: mydata/immich-dragonfly
@@ -1,15 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: immich-dragonfly
- labels:
- app.kubernetes.io/instance: immich-dragonfly
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: immich-dragonfly
- annotations:
- eks.amazonaws.com/audience: sts.amazonaws.com
- eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-immich-dragonfly
-secrets:
-- name: immich-dragonfly-default-sa-token
-
--- HelmRelease: mydata/immich-dragonfly Service: mydata/immich-dragonfly
+++ HelmRelease: mydata/immich-dragonfly Service: mydata/immich-dragonfly
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: immich-dragonfly
- labels:
- app.kubernetes.io/instance: immich-dragonfly
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: immich-dragonfly
- app.kubernetes.io/service: immich-dragonfly
-spec:
- type: ClusterIP
- ports:
- - port: 6379
- targetPort: 6379
- protocol: TCP
- name: redis
- selector:
- app.kubernetes.io/component: main
- app.kubernetes.io/instance: immich-dragonfly
- app.kubernetes.io/name: immich-dragonfly
-
--- HelmRelease: mydata/immich-dragonfly StatefulSet: mydata/immich-dragonfly
+++ HelmRelease: mydata/immich-dragonfly StatefulSet: mydata/immich-dragonfly
@@ -1,112 +0,0 @@
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: immich-dragonfly
- labels:
- app.kubernetes.io/component: main
- app.kubernetes.io/instance: immich-dragonfly
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: immich-dragonfly
- annotations:
- secret.reloader.stakater.com/reload: immich-dragonfly-secret
-spec:
- revisionHistoryLimit: 3
- replicas: 1
- podManagementPolicy: OrderedReady
- updateStrategy:
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/component: main
- app.kubernetes.io/name: immich-dragonfly
- app.kubernetes.io/instance: immich-dragonfly
- serviceName: immich-dragonfly
- template:
- metadata:
- annotations:
- checksum/secrets: f9a2edb516d89dc9e0af00dcf3d13ae57cbe1bc631c4b35d393a497ef218d929
- labels:
- app.kubernetes.io/component: main
- app.kubernetes.io/instance: immich-dragonfly
- app.kubernetes.io/name: immich-dragonfly
- spec:
- enableServiceLinks: false
- serviceAccountName: immich-dragonfly
- automountServiceAccountToken: false
- securityContext:
- fsGroup: 65534
- hostIPC: false
- hostNetwork: false
- hostPID: false
- dnsPolicy: ClusterFirst
- containers:
- - args:
- - --default_lua_flags=allow-undeclared-keys
- - --dir=/data
- env:
- - name: DFLY_requirepass
- valueFrom:
- secretKeyRef:
- key: DFLY_PASSWORD
- name: immich-dragonfly-secret
- image: ghcr.io/dragonflydb/dragonfly:v1.26.1
- livenessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 6379
- timeoutSeconds: 1
- name: main
- readinessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 6379
- timeoutSeconds: 1
- resources:
- requests:
- cpu: 100m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: false
- runAsGroup: 65534
- runAsNonRoot: true
- runAsUser: 65534
- seccompProfile:
- type: RuntimeDefault
- startupProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 6379
- timeoutSeconds: 1
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /secret
- name: secret
- volumes:
- - csi:
- driver: secrets-store.csi.k8s.io
- readOnly: true
- volumeAttributes:
- secretProviderClass: immich-dragonfly-secret
- name: secret
- volumeClaimTemplates:
- - metadata:
- name: data
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- storageClassName: rbd-fast
-
--- HelmRelease: mydata/nextcloud Deployment: mydata/nextcloud
+++ HelmRelease: mydata/nextcloud Deployment: mydata/nextcloud
@@ -79,14 +79,19 @@
valueFrom:
secretKeyRef:
key: REDIS_HOST_PASSWORD
name: nextcloud-secret
- name: REDIS_HOST_PORT
value: '6379'
+ - name: REDIS_HOST_USERNAME
+ valueFrom:
+ secretKeyRef:
+ key: REDIS_HOST_USERNAME
+ name: nextcloud-secret
- name: _REDIS_HOST
- value: nextcloud-dragonfly
+ value: nextcloud-valkey
image: nextcloud:30.0.5-apache
name: main
resources:
limits:
memory: 1Gi
requests:
--- HelmRelease: mydata/immich Deployment: mydata/immich-microservices
+++ HelmRelease: mydata/immich Deployment: mydata/immich-microservices
@@ -51,13 +51,13 @@
value: http://immich-machine-learning:3003
- name: IMMICH_MEDIA_LOCATION
value: /data
- name: IMMICH_WORKERS_EXCLUDE
value: api
- name: REDIS_HOSTNAME
- value: immich-dragonfly
+ value: immich-valkey
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: REDIS_PASSWORD
name: immich-secret
image: ghcr.io/immich-app/immich-server:v1.125.1
--- HelmRelease: mydata/immich Deployment: mydata/immich-server
+++ HelmRelease: mydata/immich Deployment: mydata/immich-server
@@ -53,17 +53,22 @@
value: /data
- name: IMMICH_PORT
value: '3001'
- name: IMMICH_WORKERS_INCLUDE
value: api
- name: REDIS_HOSTNAME
- value: immich-dragonfly
+ value: immich-valkey
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: REDIS_PASSWORD
+ name: immich-secret
+ - name: REDIS_USERNAME
+ valueFrom:
+ secretKeyRef:
+ key: REDIS_USERNAME
name: immich-secret
image: ghcr.io/immich-app/immich-server:v1.125.1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
--- HelmRelease: mydata/nextcloud-valkey ServiceAccount: mydata/nextcloud-valkey
+++ HelmRelease: mydata/nextcloud-valkey ServiceAccount: mydata/nextcloud-valkey
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: nextcloud-valkey
+ labels:
+ app.kubernetes.io/instance: nextcloud-valkey
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: nextcloud-valkey
+ annotations:
+ eks.amazonaws.com/audience: sts.amazonaws.com
+ eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-nextcloud-valkey
+secrets:
+- name: nextcloud-valkey-default-sa-token
+
--- HelmRelease: mydata/nextcloud-valkey ConfigMap: mydata/nextcloud-valkey-config
+++ HelmRelease: mydata/nextcloud-valkey ConfigMap: mydata/nextcloud-valkey-config
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: nextcloud-valkey-config
+ labels:
+ app.kubernetes.io/instance: nextcloud-valkey
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: nextcloud-valkey
+data:
+ valkey.conf: |
+ bind * -::*
+ aclfile /secret/users.acl
+ # ACL example:
+ # user default off
+ # user {username} {permissions} {access-patterns} {on or off} >{plaintext-password}
+
--- HelmRelease: mydata/nextcloud-valkey Service: mydata/nextcloud-valkey
+++ HelmRelease: mydata/nextcloud-valkey Service: mydata/nextcloud-valkey
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nextcloud-valkey
+ labels:
+ app.kubernetes.io/instance: nextcloud-valkey
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: nextcloud-valkey
+ app.kubernetes.io/service: nextcloud-valkey
+spec:
+ type: ClusterIP
+ ports:
+ - port: 6379
+ targetPort: 6379
+ protocol: TCP
+ name: redis
+ selector:
+ app.kubernetes.io/component: main
+ app.kubernetes.io/instance: nextcloud-valkey
+ app.kubernetes.io/name: nextcloud-valkey
+
--- HelmRelease: mydata/nextcloud-valkey StatefulSet: mydata/nextcloud-valkey
+++ HelmRelease: mydata/nextcloud-valkey StatefulSet: mydata/nextcloud-valkey
@@ -0,0 +1,113 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: nextcloud-valkey
+ labels:
+ app.kubernetes.io/component: main
+ app.kubernetes.io/instance: nextcloud-valkey
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: nextcloud-valkey
+ annotations:
+ secret.reloader.stakater.com/reload: nextcloud-valkey-secret
+spec:
+ revisionHistoryLimit: 3
+ replicas: 1
+ podManagementPolicy: OrderedReady
+ updateStrategy:
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: main
+ app.kubernetes.io/name: nextcloud-valkey
+ app.kubernetes.io/instance: nextcloud-valkey
+ serviceName: nextcloud-valkey
+ template:
+ metadata:
+ annotations:
+ checksum/configMaps: da4fca7379c1fb3e7059bdaada15094cc1daa7541164fc009128145b14dcd3e5
+ checksum/secrets: f9a2edb516d89dc9e0af00dcf3d13ae57cbe1bc631c4b35d393a497ef218d929
+ labels:
+ app.kubernetes.io/component: main
+ app.kubernetes.io/instance: nextcloud-valkey
+ app.kubernetes.io/name: nextcloud-valkey
+ spec:
+ enableServiceLinks: false
+ serviceAccountName: nextcloud-valkey
+ automountServiceAccountToken: false
+ securityContext:
+ fsGroup: 65534
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ dnsPolicy: ClusterFirst
+ containers:
+ - args:
+ - /config/valkey.conf
+ image: valkey/valkey:8.0.2-alpine
+ livenessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ tcpSocket:
+ port: 6379
+ timeoutSeconds: 1
+ name: main
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ tcpSocket:
+ port: 6379
+ timeoutSeconds: 1
+ resources:
+ requests:
+ cpu: 100m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: false
+ runAsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
+ startupProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ tcpSocket:
+ port: 6379
+ timeoutSeconds: 1
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ readOnly: true
+ - mountPath: /data
+ name: data
+ - mountPath: /secret
+ name: secret
+ readOnly: true
+ volumes:
+ - configMap:
+ name: nextcloud-valkey-config
+ name: config
+ - csi:
+ driver: secrets-store.csi.k8s.io
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: nextcloud-valkey-secret
+ name: secret
+ volumeClaimTemplates:
+ - metadata:
+ name: data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+ storageClassName: rbd-fast
+
--- HelmRelease: mydata/immich-valkey ServiceAccount: mydata/immich-valkey
+++ HelmRelease: mydata/immich-valkey ServiceAccount: mydata/immich-valkey
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: immich-valkey
+ labels:
+ app.kubernetes.io/instance: immich-valkey
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: immich-valkey
+ annotations:
+ eks.amazonaws.com/audience: sts.amazonaws.com
+ eks.amazonaws.com/role-arn: arn:aws:iam::262264826613:role/amethyst-immich-valkey
+secrets:
+- name: immich-valkey-default-sa-token
+
--- HelmRelease: mydata/immich-valkey ConfigMap: mydata/immich-valkey-config
+++ HelmRelease: mydata/immich-valkey ConfigMap: mydata/immich-valkey-config
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: immich-valkey-config
+ labels:
+ app.kubernetes.io/instance: immich-valkey
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: immich-valkey
+data:
+ valkey.conf: |
+ bind * -::*
+ aclfile /secret/users.acl
+ # ACL example:
+ # user default off
+ # user {username} {permissions} {access-patterns} {on or off} >{plaintext-password}
+
--- HelmRelease: mydata/immich-valkey Service: mydata/immich-valkey
+++ HelmRelease: mydata/immich-valkey Service: mydata/immich-valkey
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: immich-valkey
+ labels:
+ app.kubernetes.io/instance: immich-valkey
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: immich-valkey
+ app.kubernetes.io/service: immich-valkey
+spec:
+ type: ClusterIP
+ ports:
+ - port: 6379
+ targetPort: 6379
+ protocol: TCP
+ name: redis
+ selector:
+ app.kubernetes.io/component: main
+ app.kubernetes.io/instance: immich-valkey
+ app.kubernetes.io/name: immich-valkey
+
--- HelmRelease: mydata/immich-valkey StatefulSet: mydata/immich-valkey
+++ HelmRelease: mydata/immich-valkey StatefulSet: mydata/immich-valkey
@@ -0,0 +1,113 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: immich-valkey
+ labels:
+ app.kubernetes.io/component: main
+ app.kubernetes.io/instance: immich-valkey
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: immich-valkey
+ annotations:
+ secret.reloader.stakater.com/reload: immich-valkey-secret
+spec:
+ revisionHistoryLimit: 3
+ replicas: 1
+ podManagementPolicy: OrderedReady
+ updateStrategy:
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: main
+ app.kubernetes.io/name: immich-valkey
+ app.kubernetes.io/instance: immich-valkey
+ serviceName: immich-valkey
+ template:
+ metadata:
+ annotations:
+ checksum/configMaps: da4fca7379c1fb3e7059bdaada15094cc1daa7541164fc009128145b14dcd3e5
+ checksum/secrets: f9a2edb516d89dc9e0af00dcf3d13ae57cbe1bc631c4b35d393a497ef218d929
+ labels:
+ app.kubernetes.io/component: main
+ app.kubernetes.io/instance: immich-valkey
+ app.kubernetes.io/name: immich-valkey
+ spec:
+ enableServiceLinks: false
+ serviceAccountName: immich-valkey
+ automountServiceAccountToken: false
+ securityContext:
+ fsGroup: 65534
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ dnsPolicy: ClusterFirst
+ containers:
+ - args:
+ - /config/valkey.conf
+ image: valkey/valkey:8.0.2-alpine
+ livenessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ tcpSocket:
+ port: 6379
+ timeoutSeconds: 1
+ name: main
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ tcpSocket:
+ port: 6379
+ timeoutSeconds: 1
+ resources:
+ requests:
+ cpu: 100m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: false
+ runAsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
+ startupProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ tcpSocket:
+ port: 6379
+ timeoutSeconds: 1
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ readOnly: true
+ - mountPath: /data
+ name: data
+ - mountPath: /secret
+ name: secret
+ readOnly: true
+ volumes:
+ - configMap:
+ name: immich-valkey-config
+ name: config
+ - csi:
+ driver: secrets-store.csi.k8s.io
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: immich-valkey-secret
+ name: secret
+ volumeClaimTemplates:
+ - metadata:
+ name: data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+ storageClassName: rbd-fast
+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR changes nextcloud and immich redis dependency from Dragonfly to Valkey.
Authentication method is also changed from default user to ACL.