apiVersion: v1 kind: Secret metadata: name: immich-postgres-secret type: Opaque stringData: POSTGRES_USER: postgres POSTGRES_PASSWORD: "${IMMICH_DB_PASSWORD}" POSTGRES_DB: "${IMMICH_DB_NAME}" --- apiVersion: v1 kind: Service metadata: name: immich-postgres labels: app: immich-postgres spec: clusterIP: None # headless for StatefulSet stable DNS selector: app: immich-postgres ports: - port: 5432 name: postgres --- apiVersion: apps/v1 kind: StatefulSet metadata: name: immich-postgres spec: serviceName: immich-postgres replicas: 1 selector: matchLabels: app: immich-postgres template: metadata: labels: app: immich-postgres spec: securityContext: fsGroup: 999 containers: - name: postgres image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0 imagePullPolicy: IfNotPresent securityContext: runAsUser: 999 runAsGroup: 999 ports: - containerPort: 5432 name: postgres env: - name: PGDATA value: /var/lib/postgresql/data - name: POSTGRES_USER valueFrom: secretKeyRef: name: immich-postgres-secret key: POSTGRES_USER - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: immich-postgres-secret key: POSTGRES_PASSWORD - name: POSTGRES_DB valueFrom: secretKeyRef: name: immich-postgres-secret key: POSTGRES_DB volumeMounts: - name: data mountPath: /var/lib/postgresql readinessProbe: exec: command: - sh - -c - pg_isready -U ${POSTGRES_USER} initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: exec: command: - sh - -c - pg_isready -U ${POSTGRES_USER} initialDelaySeconds: 30 periodSeconds: 30 resources: requests: cpu: 500m memory: 1Gi limits: cpu: 1000m memory: 2Gi volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] storageClassName: longhorn resources: requests: storage: 20Gi