1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
# Immich Kubernetes Deployment
This directory contains the Kubernetes configuration for deploying [Immich](https://immich.app/) - a self-hosted photo and video backup solution.
## Architecture
Immich consists of several components:
- **Server**: Main API and web interface
- **Machine Learning**: AI-powered face recognition, object detection, and smart search
- **Valkey**: Redis-compatible cache for job queues
- **PostgreSQL**: Database with pgvector extension for AI features
## Prerequisites
1. **Create storage directories on the host**:
```bash
for host in f0 f1 f2; do
ssh paul@$host "doas mkdir -p /data/nfs/k3svolumes/immich/{library,ml-cache,valkey,postgres}"
ssh paul@$host "doas chown -R 911:911 /data/nfs/k3svolumes/immich/"
done
```
2. **Create a secure database password secret** (REQUIRED before deployment):
```bash
kubectl create secret generic immich-db-secret \
--from-literal=password='YOUR_SECURE_PASSWORD_HERE' \
-n services
```
**Important**:
- Use a strong, unique password
- This secret is NOT included in the repository for security reasons
- The secret must be created before deploying, as PostgreSQL will use it during database initialization
## Deployment
⚠️ **Important**: Complete all prerequisites above before deploying, especially creating the database secret!
1. **Install the custom resources** (PVs, PVCs, PostgreSQL, middleware):
```bash
just install-resources
```
2. **Install Immich using Helm**:
```bash
just install
```
3. **Check deployment status**:
```bash
just status
```
Wait for all pods to be in `Running` state (may take a few minutes for image pulls).
## Access
Once deployed, Immich will be available at: **https://immich.f3s.buetow.org**
Default setup instructions:
1. Navigate to the URL above
2. Create your admin account on first access
3. Follow the setup wizard to configure your preferences
## Storage
Persistent storage is configured with the following volumes:
- **Library**: 500GB - Main photo/video storage at `/data/nfs/k3svolumes/immich/library`
- **ML Cache**: 10GB - Machine learning models at `/data/nfs/k3svolumes/immich/ml-cache`
- **PostgreSQL**: 20GB - Database storage at `/data/nfs/k3svolumes/immich/postgres`
- **Valkey**: 1GB - Cache/queue data at `/data/nfs/k3svolumes/immich/valkey`
## Maintenance
### Upgrade Immich to latest version
```bash
just upgrade
```
### Redeploy after configuration changes
If you modified any configuration files (values.yaml, templates, etc.):
1. **Update custom resources** (PVs, PostgreSQL, middleware, etc.):
```bash
kubectl apply -f helm-chart/templates/ --namespace services
```
2. **Upgrade Immich with new values**:
```bash
just upgrade
```
3. **Restart specific components** (if needed):
```bash
# Restart server
kubectl rollout restart deployment/immich-server -n services
# Restart all Immich components
kubectl rollout restart deployment -l app.kubernetes.io/instance=immich -n services
```
### Update database password secret
To change the database password after deployment:
1. **Delete existing secret**:
```bash
kubectl delete secret immich-db-secret -n services
```
2. **Create new secret with updated password**:
```bash
kubectl create secret generic immich-db-secret \
--from-literal=password='YOUR_NEW_PASSWORD' \
-n services
```
3. **Update PostgreSQL password and restart**:
```bash
# Connect to PostgreSQL and change password
kubectl exec -n services -it deployment/immich-postgres -- \
psql -U immich -d immich -c "ALTER USER immich WITH PASSWORD 'YOUR_NEW_PASSWORD';"
# Restart Immich components to use new password
kubectl rollout restart deployment -l app.kubernetes.io/instance=immich -n services
kubectl rollout restart deployment/immich-postgres -n services
```
### Uninstall (keeps data)
```bash
just delete
```
### Complete removal (deletes all data)
```bash
just delete-all
```
## Troubleshooting
### Check pod logs
```bash
kubectl logs -n services -l app.kubernetes.io/instance=immich --tail=100
```
### Check PostgreSQL connection
```bash
kubectl exec -n services -it deployment/immich-postgres -- psql -U immich -d immich -c '\l'
```
### Verify persistent volumes
```bash
kubectl get pv,pvc -n services | grep immich
```
## Quick Reference
### Common redeployment workflow
After making changes to configuration files:
```bash
# 1. Apply template changes (if any)
kubectl apply -f helm-chart/templates/ --namespace services
# 2. Upgrade Helm release
just upgrade
# 3. Check status
just status
```
### Force restart all Immich components
```bash
kubectl rollout restart deployment -l app.kubernetes.io/instance=immich -n services
kubectl rollout restart deployment/immich-postgres -n services
```
|
