# PostgreSQL Deployment for Immich
# Requires PostgreSQL 16+ with pgvector extension
apiVersion: apps/v1
kind: Deployment
metadata:
  name: immich-postgres
  namespace: services
spec:
  replicas: 1
  # Recreate (not RollingUpdate) so the old pod is fully terminated before
  # the new one starts. The hostPath PV points at an NFS-backed directory
  # mounted on every r-node, so RWO is not actually enforced across nodes:
  # under RollingUpdate the new pod can start on a different node and grab
  # the same data dir while the old pod still holds postgres' file locks,
  # producing "could not write to file postmaster.pid: Unknown error 512".
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: immich-postgres
  template:
    metadata:
      labels:
        app: immich-postgres
    spec:
      initContainers:
      - name: nfs-check-data
        image: busybox:stable
        command:
        - sh
        - -c
        - |
          test -f /mnt/.nfs-sentinel || (
            echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel"
            echo "refusing to start; node likely has NFS unmounted"
            echo "pod would otherwise bind-mount the local-XFS shadow"
            exit 1
          )
        volumeMounts:
        - name: postgres-data
          mountPath: /mnt
          readOnly: true
      containers:
      - name: postgres
        image: tensorchord/pgvecto-rs:pg16-v0.3.0
        ports:
        - containerPort: 5432
        env:
        - name: POSTGRES_DB
          value: immich
        - name: POSTGRES_USER
          value: immich
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: immich-db-secret
              key: password
        resources:
          requests:
            cpu: 100m
            memory: 512Mi
          limits:
            memory: 2Gi
        livenessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - pg_isready -U immich -d immich
          initialDelaySeconds: 60
          periodSeconds: 30
          timeoutSeconds: 10
          failureThreshold: 6
        readinessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - pg_isready -U immich -d immich
          initialDelaySeconds: 15
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 6
        volumeMounts:
        - name: postgres-data
          mountPath: /var/lib/postgresql/data
      volumes:
      - name: postgres-data
        persistentVolumeClaim:
          claimName: immich-postgres-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: immich-postgres
  namespace: services
spec:
  selector:
    app: immich-postgres
  ports:
    - protocol: TCP
      port: 5432
      targetPort: 5432