Migrate Immich from Helm chart to kustomize manifests (v2.5.6 → v2.6.3)

Replace the Helm chart deployment with plain kustomize manifests following the Authentik pattern (separate deployments per component). Consolidate the immich-storage ArgoCD app into the main immich app. Add no-helm-policy doc establishing kustomize as the standard deployment mechanism. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 09:42:25 -07:00 · 2026-04-04 09:42:25 -07:00 · 64200a55c5
commit 64200a55c5
parent 464e3222d2
19 changed files with 340 additions and 162 deletions
--- a/docs/changelog.d/immich-kustomize-v2.6.3.infra.md
+++ b/docs/changelog.d/immich-kustomize-v2.6.3.infra.md
@ -0,0 +1 @@
+Migrate Immich from Helm chart to kustomize manifests and upgrade from v2.5.6 to v2.6.3
--- a/docs/explanation/no-helm-policy.md
+++ b/docs/explanation/no-helm-policy.md
@ -0,0 +1,46 @@
+---
+title: No Helm Policy
+modified: 2026-04-04
+tags:
+  - explanation
+  - kubernetes
+---
+
+# No Helm Policy
+
+BlumeOps avoids Helm charts as a deployment mechanism. Plain kustomize manifests are the standard for all services.
+
+## Rationale
+
+Helm templates add a layer of abstraction that works against the simplicity of Kubernetes YAML manifests. Go templates embedded in YAML are hard to read, hard to diff, and hard to reason about. A manifest should be a manifest — not a program that generates one.
+
+Kustomize overlays preserve the readability of plain YAML while providing the composition and patching features needed for environment-specific configuration. Version bumps are a one-line `newTag` edit in `kustomization.yaml`, and `kubectl diff` shows exactly what will change.
+
+## Current State
+
+All services in blumeops use kustomize manifests except:
+
+- **1Password Connect** — still deployed via Helm chart (`connect-helm-charts v2.3.0`). Migration is a future goal.
+
+## Migration History
+
+Services previously deployed via Helm that have been migrated to kustomize:
+
+| Service | Migrated | Notes |
+|---------|----------|-------|
+| Grafana | 2026-02 | Converted during v12.x upgrade |
+| CloudNative-PG | 2026-02 | Switched to upstream release manifest via forge mirror |
+| External Secrets | 2026-03 | Static manifests rendered from chart |
+| Homepage | 2025-12 | Replaced chart with plain manifests |
+| Immich | 2026-04 | Converted during v2.6.3 upgrade |
+
+## Guidelines
+
+- **Do not introduce new Helm chart dependencies.** When deploying a new service, write kustomize manifests directly — even if the upstream project provides a Helm chart. The chart's `helm template` output is a fine starting point for writing those manifests.
+- **When upgrading a Helm-based service**, consider whether it's a good time to migrate off Helm as part of the upgrade.
+- **Upstream manifests** can be referenced directly in `kustomization.yaml` resources (like ArgoCD and Tailscale operator do) or applied via ArgoCD's `directory.include` (like CloudNative-PG). Both avoid Helm.
+
+## Related
+
+- [[review-services]] — Service review process
+- [[architecture]] — Overall infrastructure design
--- a/docs/how-to/knowledgebase/review-services.md
+++ b/docs/how-to/knowledgebase/review-services.md
@ -118,8 +118,13 @@ After reviewing, edit `service-versions.yaml` (repo root) and update the service

 Commit this change alongside any upgrades you make during the review.

+## Deployment Policy
+
+BlumeOps uses kustomize manifests for all services. Helm charts should not be introduced for new services. See [[no-helm-policy]] for rationale and migration history.
+
 ## Related

+- [[no-helm-policy]] - Why blumeops avoids Helm charts
 - [[review-documentation]] - Periodically review documentation cards
 - [[deploy-k8s-service]] - Deploy changes to Kubernetes services
 - [[build-container-image]] - Build and release custom container images
--- a/docs/reference/kubernetes/apps.md
+++ b/docs/reference/kubernetes/apps.md
@ -24,9 +24,9 @@ Registry of all applications deployed via [[argocd]].
 | `blumeops-pg` | databases | `argocd/manifests/databases/` | [[postgresql]] |
 | `prometheus` | monitoring | `argocd/manifests/prometheus/` | [[prometheus]] |
 | `loki` | monitoring | `argocd/manifests/loki/` | [[loki]] |
-| `grafana` | monitoring | Helm chart (forge mirror) | [[grafana]] |
+| `grafana` | monitoring | `argocd/manifests/grafana/` | [[grafana]] |
 | `grafana-config` | monitoring | `argocd/manifests/grafana-config/` | [[grafana]] |
-| `immich` | immich | Helm chart | [[immich]] |
+| `immich` | immich | `argocd/manifests/immich/` | [[immich]] |
 | `tempo` | monitoring | `argocd/manifests/tempo/` | [[tempo]] |
 | `alloy-k8s` | alloy | `argocd/manifests/alloy-k8s/` | [[alloy|Alloy]] |
 | `alloy-tracing-ringtail` | alloy | `argocd/manifests/alloy-tracing-ringtail/` | [[alloy|Alloy]] (eBPF tracing) |
--- a/docs/reference/services/immich.md
+++ b/docs/reference/services/immich.md
@ -1,6 +1,6 @@
 ---
 title: Immich
-modified: 2026-02-07
+modified: 2026-04-04
 last-reviewed: 2026-03-23
 tags:
  - service
@ -17,7 +17,7 @@ Self-hosted photo and video management.
 |----------|-------|
 | **URL** | https://photos.ops.eblu.me |
 | **Namespace** | `immich` |
-| **Deployment** | Helm chart (k8s) |
+| **Deployment** | Kustomize (k8s) |
 | **Database** | [[postgresql]] (CNPG) |
 | **Storage** | [[sifaka|Sifaka]] photos volume |
				`@ -0,0 +1 @@`
				`Migrate Immich from Helm chart to kustomize manifests and upgrade from v2.5.6 to v2.6.3`