Trouble with kubernetes deployments. Getting random `ECONNREFUSED` and 404s.
Been trying to get the latest version deployed in my k3s cluster.
I'm not using the helm charts, but instead crafted some simple service & deployment manifests from comparing the helm releases in the k8s-at-home community charts and the docker-compose manifests provided by immich in the main docs.
That said, I've got everything in a running state, listening in the cluster. I think, however, I'm not applying the my ingress resources correctly? I'm really unsure, but I've attached a screen of the errors I get when I
port-forward on port 3000 to the immich-web pod and use the browser to sign up. When refreshing on that page, I either get ECONNREFUSED or it appears to let me sign up, but 404s when attempting to submit.
Happy to provide any additional detail, and appreciate any advice!
35 Replies
My ingress manifest I think is the issue, but I'm unsure what the backend should be when it's not using the /api prefix.
Non API request should be sent to immich-web
Are you still running the immich-proxy? If so then just send all request to that. It'll forward them between the immich-web and immich-server
Ah I am using the proxy
Got it, I'll give that a shot
Should I still be applying the rewrite annotations to the ingress when using the proxy-service?
Nah, the proxy should take care of that
I think you can either ignore all of that stuff and send everything to the proxy (recommended) or try to add all of the immich proxy stuff here and then not run the proxy at all.
Indeed. Proxy is the easy way out
At the end of the day your can treat immich proxy port 8080 as a single point of entry for the immich website and API, so just send everything there and you'll be golden.
Hm, still getting different errors, but it seems I'm hitting the proxy backend -
Those are logs from the proxy container. The web container just says
Listening on 0.0.0.0:3000
The only the other thing interesting so far is the server container logs have a few entries of...
š¤·āāļøThis happens when you're running redis 7 instead of 6 iirc
I am pretty sure that checks out
This one I'm not sure about. If you ping and curl the web service from inside proxy, does it work?
Hm, interesting, I can't
curl http://immich-web-service.immich.svc.cluster.local:3000 from the proxy...
ClusterIP is at least... there... and the container says listening.. š¤Do you have networkpolicies or anything like that in your cluster?
Nope, it's pretty barebones
k3s on baremetal ubuntu
Hmmm
Gonna try the IP next
Of the svc
Worked.
It's always DNS!
dig immich-web-service?I have
dnsPolicy: ClusterFirst in the deployment yaml for each of these pods...That's the default as well, so that shouldn't be an issue
No
dig or nslookup on the proxy containerAh, dangit
Seems it's actually intermittent, actually, with IP š
Do pretty much the same behavior I was seeing in the browser where about 1/10 would get a response from the backend
Should I rollback to Redis 6? Could that be breaking the whole experience?
Redis shouldn't be involved on the web side, so that's unlikely
Was this with the ingress still, or through immich-proxy?
It looks to me like this is a networking issue, not an immich one š¤
Just wanted to circle back on this one, it was a problem with Label/Selectors. š
Got into the admin panel for the first time just now.
Another question for you fine gents - should I be using the
release or v1.49.0 tag for image?
Upon getting into the mobile app, it complained about my server version
Figured that out as well - same hash.Yeah, i think everyone uses the release tag
I'm onto what I'm thinking a permissions issue, perhaps?
It looks like it can't
mkdir in my NFS share PVCYeah it'll definitely need to create a few directories on the upload folder path.
Seems legit; would there be anything beyond making sure the PGID/PUID match perms on the filesystem?
I see the share in an exec
ls on the pod
That should be all you need i believe. What are the permissions on the upload folder?
I think it's a path issue, I'm onto to it. When I
ls that "upload" directory you see in that shot, it actually points at the base directory of the share, not the upload folder I suspected it would point to
Awesome, first backup in progress. Thanks again for all the assistance, hopefully I can make time to contribute in some meaningful way in the near future!We don't use puid/pgid at all, I believe?