diff --git a/kubernetes/README.md b/kubernetes/README.md
index 72ac288..397b595 100644
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@@ -860,6 +860,8 @@ the k3s cluster. The Immich deployment uses the existing postgres database
 for data storage. The Immich service is exposed via ingress and is accessible
 from the internet.
 
+## Database
+
 To use the existing postgres database, first create a new user and database
 for Immich in the postgres database.
 
@@ -883,7 +885,19 @@ LC_CTYPE 'en_US.UTF-8';
 CREATE EXTENSION vectors;
 ```
 
-Next, create or verify local disk for immich backup
+Currently, instead of Cloudnative-PG database, a single instance of postgres
+statefulset with recommended postgres + extensions image from Immich is used.
+
+```bash
+source .env
+envsubst < immich/database.yaml | kubectl apply -n immich -f -
+```
+
+## Persistant Storage for media
+
+Next, create or verify local disk for immich backup. For my setup, I have a
+dedicated server with a large disk that I want to use for immich media storage.
+The disk is mounted at /media/immich via NFS.
 
 ```bash
 ssh dockerhost
@@ -1012,4 +1026,4 @@ using powerful search capabilities.
 ```bash
 source .env
 envsubst < paperless-ngx/manifest.yaml | kubectl apply -f -
-```
\ No newline at end of file
+```
diff --git a/kubernetes/immich/database.yaml b/kubernetes/immich/database.yaml
new file mode 100644
index 0000000..bba5277
--- /dev/null
+++ b/kubernetes/immich/database.yaml
@@ -0,0 +1,104 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: immich-postgres-secret
+type: Opaque
+stringData:
+  POSTGRES_USER: postgres
+  POSTGRES_PASSWORD: "${IMMICH_DB_PASSWORD}"
+  POSTGRES_DB: "${IMMICH_DB_NAME}"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: immich-postgres
+  labels:
+    app: immich-postgres
+spec:
+  clusterIP: None # headless for StatefulSet stable DNS
+  selector:
+    app: immich-postgres
+  ports:
+    - port: 5432
+      name: postgres
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: immich-postgres
+spec:
+  serviceName: immich-postgres
+  replicas: 1
+  selector:
+    matchLabels:
+      app: immich-postgres
+  template:
+    metadata:
+      labels:
+        app: immich-postgres
+    spec:
+      securityContext:
+        fsGroup: 999
+      containers:
+        - name: postgres
+          image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsUser: 999
+            runAsGroup: 999
+          ports:
+            - containerPort: 5432
+              name: postgres
+          env:
+            - name: PGDATA
+              value: /var/lib/postgresql/data
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: immich-postgres-secret
+                  key: POSTGRES_USER
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: immich-postgres-secret
+                  key: POSTGRES_PASSWORD
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: immich-postgres-secret
+                  key: POSTGRES_DB
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/postgresql
+          readinessProbe:
+            exec:
+              command:
+                - sh
+                - -c
+                - pg_isready -U ${POSTGRES_USER}
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          livenessProbe:
+            exec:
+              command:
+                - sh
+                - -c
+                - pg_isready -U ${POSTGRES_USER}
+            initialDelaySeconds: 30
+            periodSeconds: 30
+          resources:
+            requests:
+              cpu: 500m
+              memory: 1Gi
+            limits:
+              cpu: 1000m
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: longhorn
+        resources:
+          requests:
+            storage: 20Gi
diff --git a/kubernetes/immich/immich-helm-chart/values.yaml b/kubernetes/immich/immich-helm-chart/values.yaml
index 4245c6e..22aef6e 100644
--- a/kubernetes/immich/immich-helm-chart/values.yaml
+++ b/kubernetes/immich/immich-helm-chart/values.yaml
@@ -6,7 +6,7 @@
 
 env:
   REDIS_HOSTNAME: '{{ printf "%s-valkey" .Release.Name }}'
-  DB_HOSTNAME: immich-database-rw.immich.svc.cluster.local
+  DB_HOSTNAME: immich-postgres-0.immich-postgres.immich.svc.cluster.local
   DB_USERNAME: placeholder
   DB_DATABASE_NAME: immich
   # -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
diff --git a/kubernetes/immich/immichDatabase.yaml b/kubernetes/immich/immichDatabase.yaml
index 8477351..8cd9407 100644
--- a/kubernetes/immich/immichDatabase.yaml
+++ b/kubernetes/immich/immichDatabase.yaml
@@ -30,8 +30,8 @@ spec:
   - name: barman-cloud.cloudnative-pg.io
     isWALArchiver: true
     parameters:
-      barmanObjectName: immich-minio-store
+      barmanObjectName: immich-garage-store
 
   storage:
     storageClass: longhorn-2x
-    size: 5Gi
+    size: 32Gi
diff --git a/kubernetes/immich/values.yaml b/kubernetes/immich/values.yaml
index 4245c6e..22aef6e 100644
--- a/kubernetes/immich/values.yaml
+++ b/kubernetes/immich/values.yaml
@@ -6,7 +6,7 @@
 
 env:
   REDIS_HOSTNAME: '{{ printf "%s-valkey" .Release.Name }}'
-  DB_HOSTNAME: immich-database-rw.immich.svc.cluster.local
+  DB_HOSTNAME: immich-postgres-0.immich-postgres.immich.svc.cluster.local
   DB_USERNAME: placeholder
   DB_DATABASE_NAME: immich
   # -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance