# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: immich
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
dependsOn:
- name: redis
namespace: database
- name: cloudnative-pg
namespace: database
values:
controllers:
immich:
initContainers:
alter-db-searchpath:
image:
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
tag: 16.6
envFrom: &envFrom
- secretRef:
name: immich-secret
command:
- /bin/bash
- -c
- |
export PGHOST=$${DB_HOSTNAME}
export PGPASSWORD=$${DB_ROOT_PASSWORD}
echo "ALTER SYSTEM SET search_path TO 'immich', public, vectors;" | psql -d immich -U postgres
containers:
app:
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.124.2
env: &sharedEnv
IMMICH_TELEMETRY_INCLUDE: all
envFrom: &sharedEnvFrom
- secretRef:
name: immich-secret
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /
port: &port 2283
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 10
resources:
limits:
gpu.intel.com/i915: 1
# resources:
# requests:
# cpu: 2m
# memory: 1500Mi
# limits:
# memory: 3200Mi
machine-learning:
image:
repository: ghcr.io/immich-app/immich-machine-learning
tag: v1.124.2-openvino
env: *sharedEnv
envFrom: *sharedEnvFrom
resources:
limits:
gpu.intel.com/i915: 1
# defaultPodOptions:
# securityContext:
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
# fsGroupChangePolicy: OnRootMismatch
service:
app:
controller: immich
ports:
http:
port: *port
http-ml:
port: 3003
protocol: HTTP
metrics-api:
port: 8081
protocol: HTTP
metrics-ml:
port: 8082
protocol: HTTP
serviceMonitor:
app:
serviceName: immich
labels:
release: kube-prometheus-stack
endpoints:
- port: metrics-api
scheme: http
- port: metrics-ml
scheme: http
ingress:
app:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "immich.${SECRET_NEW_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
persistence:
mlcache:
type: emptyDir
advancedMounts:
immich: # controller name
machine-learning: # container name
- path: /cache
storage:
type: hostPath
hostPath: /mnt/MainPool/Media/Photos
advancedMounts:
immich: # controller name
app: # container name
- path: /usr/src/app/upload