# Apply: kubectl apply -f manifests/media/immich.yaml # Delete: kubectl delete -f manifests/media/immich.yaml # Description: Immich photo management deployment at immich.home.arpa. # External libraries mounted read-only from NFS. # NOTE: Set the postgres password before first apply (see Secret below). apiVersion: v1 kind: Namespace metadata: name: immich --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: immich-postgres-data namespace: immich annotations: helm.sh/resource-policy: keep spec: accessModes: - ReadWriteOnce storageClassName: local-path resources: requests: storage: 20Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: immich-library namespace: immich annotations: helm.sh/resource-policy: keep spec: accessModes: - ReadWriteOnce storageClassName: local-path resources: requests: storage: 50Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: immich-ml-cache namespace: immich spec: accessModes: - ReadWriteOnce storageClassName: local-path resources: requests: storage: 10Gi --- # ─── Postgres ───────────────────────────────────────────────────────────────── apiVersion: apps/v1 kind: Deployment metadata: name: immich-postgres namespace: immich spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: immich-postgres template: metadata: labels: app: immich-postgres spec: containers: - name: postgres image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0 ports: - containerPort: 5432 env: - name: POSTGRES_DB value: immich - name: POSTGRES_USER value: immich - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: immich-postgres key: password - name: POSTGRES_INITDB_ARGS value: "--data-checksums" - name: PGDATA value: /var/lib/postgresql/data/pgdata volumeMounts: - name: data mountPath: /var/lib/postgresql/data volumes: - name: data persistentVolumeClaim: claimName: immich-postgres-data --- apiVersion: v1 kind: Service metadata: name: immich-postgres namespace: immich spec: selector: app: immich-postgres ports: - port: 5432 targetPort: 5432 --- # ─── Redis ──────────────────────────────────────────────────────────────────── apiVersion: apps/v1 kind: Deployment metadata: name: immich-redis namespace: immich spec: replicas: 1 selector: matchLabels: app: immich-redis template: metadata: labels: app: immich-redis spec: containers: - name: redis image: docker.io/redis:6.2-alpine ports: - containerPort: 6379 volumeMounts: - name: data mountPath: /data volumes: - name: data emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: immich-redis namespace: immich spec: selector: app: immich-redis ports: - port: 6379 targetPort: 6379 --- # ─── Immich Server ──────────────────────────────────────────────────────────── apiVersion: apps/v1 kind: Deployment metadata: name: immich-server namespace: immich spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: immich-server template: metadata: labels: app: immich-server spec: containers: - name: immich-server image: ghcr.io/immich-app/immich-server:v2.7.5 ports: - containerPort: 2283 env: - name: DB_HOSTNAME value: immich-postgres - name: DB_DATABASE_NAME value: immich - name: DB_USERNAME value: immich - name: DB_PASSWORD valueFrom: secretKeyRef: name: immich-postgres key: password - name: REDIS_HOSTNAME value: immich-redis - name: IMMICH_MACHINE_LEARNING_URL value: http://immich-machine-learning:3003 - name: TZ value: Asia/Tokyo volumeMounts: - name: library mountPath: /usr/src/app/upload - name: photos-other mountPath: /mnt/external/other readOnly: true - name: photos-art mountPath: /mnt/external/art readOnly: true volumes: - name: library persistentVolumeClaim: claimName: immich-library - name: photos-other nfs: server: 192.168.7.183 path: /mnt/storage/jellyfin/other - name: photos-art nfs: server: 192.168.7.183 path: /mnt/storage/jellyfin/art --- apiVersion: v1 kind: Service metadata: name: immich-server namespace: immich spec: selector: app: immich-server ports: - port: 2283 targetPort: 2283 --- # ─── Immich Machine Learning ────────────────────────────────────────────────── apiVersion: apps/v1 kind: Deployment metadata: name: immich-machine-learning namespace: immich spec: replicas: 1 selector: matchLabels: app: immich-machine-learning template: metadata: labels: app: immich-machine-learning spec: containers: - name: immich-machine-learning image: ghcr.io/immich-app/immich-machine-learning:v2.7.5 ports: - containerPort: 3003 volumeMounts: - name: cache mountPath: /cache volumes: - name: cache persistentVolumeClaim: claimName: immich-ml-cache --- apiVersion: v1 kind: Service metadata: name: immich-machine-learning namespace: immich spec: selector: app: immich-machine-learning ports: - port: 3003 targetPort: 3003 --- # ─── Ingress / TLS ──────────────────────────────────────────────────────────── apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: immich-tls namespace: immich spec: secretName: immich-tls issuerRef: name: internal-ca-issuer kind: ClusterIssuer dnsNames: - immich.home.arpa --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: immich namespace: immich spec: entryPoints: - websecure routes: - kind: Rule match: Host(`immich.home.arpa`) services: - name: immich-server namespace: immich port: 2283 tls: secretName: immich-tls