From ee02130120e7689b68f26d523eafc86b10034bdd Mon Sep 17 00:00:00 2001
From: aggarwalakshun <aggarwalakshun@gmail.com>
Date: Wed, 15 Oct 2025 06:44:11 +0530
Subject: [PATCH] Add Kubernetes configurations for Immich deployment,
 including database, machine learning, services, and secrets

---
 clusters/default/media/immich/immich-db.yml   | 47 +++++++++++++
 clusters/default/media/immich/immich-ml.yml   | 42 ++++++++++++
 clusters/default/media/immich/immich-pvc.yml  | 55 +++++++++++++++
 .../default/media/immich/immich-secrets.yml   | 14 ++++
 clusters/default/media/immich/immich-svc.yml  | 55 +++++++++++++++
 clusters/default/media/immich/immich.yml      | 67 +++++++++++++++++++
 6 files changed, 280 insertions(+)
 create mode 100644 clusters/default/media/immich/immich-db.yml
 create mode 100644 clusters/default/media/immich/immich-ml.yml
 create mode 100644 clusters/default/media/immich/immich-pvc.yml
 create mode 100644 clusters/default/media/immich/immich-secrets.yml
 create mode 100644 clusters/default/media/immich/immich-svc.yml
 create mode 100644 clusters/default/media/immich/immich.yml

diff --git a/clusters/default/media/immich/immich-db.yml b/clusters/default/media/immich/immich-db.yml
new file mode 100644
index 0000000..4c19bd8
--- /dev/null
+++ b/clusters/default/media/immich/immich-db.yml
@@ -0,0 +1,47 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: immich-db
+  namespace: media
+spec:
+  selector:
+    matchLabels:
+      app: immich-db
+  template:
+    metadata:
+      labels:
+        app: immich-db
+    spec:
+      containers:
+      - name: redis
+        image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+        env:
+        - name: REDIS_HOSTNAME
+          value: "localhost"
+        ports:
+        - containerPort: 6379
+      - name: immich-psql
+        image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
+        ports:
+        - containerPort: 5432
+        env:
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: immich-postgres-secret
+              key: password
+        - name: POSTGRES_USER
+          value: "postgres"
+        - name: POSTGRES_DB
+          value: "immich"
+        - name: POSTGRES_INITDB_ARGS
+          value: "--data-checksums"
+        volumeMounts:
+        - mountPath: /var/lib/postgresql/data
+          name: immich
+      volumes:
+      - name: immich
+        nfs: 
+          server: 10.0.0.10
+          path: /home/akshun/immich-data
diff --git a/clusters/default/media/immich/immich-ml.yml b/clusters/default/media/immich/immich-ml.yml
new file mode 100644
index 0000000..034a8da
--- /dev/null
+++ b/clusters/default/media/immich/immich-ml.yml
@@ -0,0 +1,42 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: immich-ml
+  namespace: media
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: immich-ml
+  template:
+    metadata:
+      labels:
+        app: immich-ml
+    spec:
+      containers:
+      - name: immich-machine-learning
+        image: ghcr.io/immich-app/immich-machine-learning:v2.0.1-openvino
+        ports:
+        - containerPort: 3003
+        env:
+        - name: REDIS_HOSTNAME
+          value: "immich-redis-service"
+        - name: NVIDIA_VISIBLE_DEVICES
+          value: "all"
+        - name: MACHINE_LEARNING_DEVICE_IDS
+          value: "0"
+        volumeMounts:
+        - name: model-cache
+          mountPath: /cache
+        resources:
+          requests:
+            gpu.intel.com/i915: "1"
+          limits:
+            gpu.intel.com/i915: "1"
+      volumes:
+      - name: model-cache
+        persistentVolumeClaim:
+          claimName: immich-cache-longhorn
diff --git a/clusters/default/media/immich/immich-pvc.yml b/clusters/default/media/immich/immich-pvc.yml
new file mode 100644
index 0000000..a3f46c5
--- /dev/null
+++ b/clusters/default/media/immich/immich-pvc.yml
@@ -0,0 +1,55 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-cache-longhorn
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: longhorn
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: immich-pictures-pv
+  namespace: media
+spec:
+  capacity:
+    storage: 100Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: immich-pictures-pv
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+  csi:
+    driver: smb.csi.k8s.io
+    volumeHandle: 10.0.0.123#pictures#immich
+    volumeAttributes:
+      source: //10.0.0.123/pictures
+    nodeStageSecretRef:
+      name: smb-creds
+      namespace: media
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-pictures-pvc
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: immich-pictures-pv
+  resources:
+    requests:
+      storage: 100Gi
diff --git a/clusters/default/media/immich/immich-secrets.yml b/clusters/default/media/immich/immich-secrets.yml
new file mode 100644
index 0000000..ab7822f
--- /dev/null
+++ b/clusters/default/media/immich/immich-secrets.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: immich-postgres-secret
+  namespace: media
+spec:
+  encryptedData:
+    password: AgBAC/T2DKwv653RkaG/FWo8Ry4ql4a5rQl69S3AwOqFKIVCaKuhLUWeaYqgj5uMuZOactEiOejMOgFMC5RIUIHy7XPFhmCy6MTg0kQSCPpAsO+0nRvp2Tm9my/d1Hp/uuVz4aEEoyT2oV2CrqQOGPA8TAMAiWiJCfCh/FYsyibxgKHRkLBhn9KKQEvZ+8Y+nRJaA6uIc2WrSavXfLSXFtXFuVB0vvVcK1hyq6hjDP4MwGq+2gx6dtB1L3GvUKlXD75Cvg4y530w1DU0WCBlSNVwe04u63Zylb3R1ZRLWO98iXxOj2MzXOmLGpLrP7263hbtOGnaQk8FnWmY/P5DmsZeBD6HhLo5X9d83FMVcDRcaOGHkhBEpo5bKABfnEhFGSEksC+sjwXpBLn9+r/tHA8kR6zZpPc+jbd9CW6BPEcGpygpYYZ8OZAqCTjKOG9qLrBiKSzMsI6ZzYWEPY+5kio1RF7N/cRUeuhxsSIETS8xHWaEhBknQ2SCxyY/NZdmEbqF3Os5TX6DSZwEGj2ZZVIy7PAg5PUVjw+rtSmSYrjmZIkPqFwLeXfBV97GVCDHFBreiMLk0UDk2eheoMkUPw/5Saq6xWNeb9wSVTGl+GAG4exJuuv5Ic4nEzJLgU5PizaWTi1DjdWq2L4N+jZ+gxDDN0PA6HK0qhXt1bf90HkCVmR4zAqqESKGPRkPt/ZAB2QGJppMp1A=
+  template:
+    metadata:
+      name: immich-postgres-secret
+      namespace: media
+    type: Opaque
diff --git a/clusters/default/media/immich/immich-svc.yml b/clusters/default/media/immich/immich-svc.yml
new file mode 100644
index 0000000..4152f08
--- /dev/null
+++ b/clusters/default/media/immich/immich-svc.yml
@@ -0,0 +1,55 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-service
+  namespace: media
+spec:
+  type: LoadBalancer
+  selector:
+    app: immich-app
+  ports:
+  - port: 2283
+    targetPort: 2283
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-machine-learning-service
+  namespace: media
+spec:
+  type: LoadBalancer
+  selector:
+    app: immich-ml
+  ports:
+  - port: 3333
+    targetPort: 3003
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-psql-service
+  namespace: media
+spec:
+  selector:
+    app: immich-db
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-redis-service
+  namespace: media
+spec:
+  selector:
+    app: immich-db
+  ports:
+    - protocol: TCP
+      port: 6379
+      targetPort: 6379
diff --git a/clusters/default/media/immich/immich.yml b/clusters/default/media/immich/immich.yml
new file mode 100644
index 0000000..4b4ceb4
--- /dev/null
+++ b/clusters/default/media/immich/immich.yml
@@ -0,0 +1,67 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: immich-app
+  namespace: media
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: immich-app
+  template:
+    metadata:
+      labels:
+        app: immich-app
+    spec:
+      initContainers:
+      - name: wait-for-redis
+        image: busybox
+        command:
+        - sh
+        - -c
+        - |
+          until nc -z -v -w30 immich-redis-service 6379; do
+            echo "Waiting for redis database to be ready..."
+            sleep 2
+          done
+      - name: wait-for-psql
+        image: busybox
+        command:
+        - sh
+        - -c
+        - |
+          until nc -z -v -w30 immich-psql-service 5432; do
+            echo "Waiting for psql database to be ready"
+            sleep 2
+          done
+      containers:
+      - name: immich-server
+        image: ghcr.io/immich-app/immich-server:v2.0.1
+        ports:
+        - containerPort: 2283
+        env:
+        - name: TZ
+          value: "Asia/Kolkata"
+        - name: REDIS_HOSTNAME
+          value: "immich-redis-service"
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: immich-postgres-secret
+              key: password
+        - name: DB_USERNAME
+          value: "postgres"
+        - name: DB_DATABASE_NAME
+          value: "immich"
+        - name: DB_HOSTNAME
+          value: "immich-psql-service"
+        volumeMounts:
+        - mountPath: /usr/src/app/upload
+          name: pictures
+      volumes:
+      - name: pictures
+        persistentVolumeClaim:
+          claimName: immich-pictures-pvc