Use postgres user for immich

immich-app / immich-charts

Helm chart implementation of Immich

https://immich.app

GNU Affero General Public License v3.0

106 stars 45 forks source link

Use postgres user for immich #52

Closed djjudas21 closed 8 months ago

djjudas21 commented 9 months ago

Configure a password for the privileged postgres user
Make immich use the postgres user instead of the limited immich user

Workaround for https://github.com/immich-app/immich/issues/5399

bo0tzz commented 9 months ago

I know this is to fix the CREATE EXTENSION permissions, but besides that, is it desirable to run with a superuser by default?

djjudas21 commented 9 months ago

No, it isn't ideal to run with a superuser by default, but in my opinion it's better to accept this risk than to ship a broken chart that doesn't deploy a working Immich instance.

With a bit of extra work it would be possible to run a one-shot Kubernetes job that executes the CREATE EXTENSION commands with superuser privilege, and then starts up Immich with the limited user

bo0tzz commented 9 months ago

From the next release, Immich will rely on the pgvecto.rs extension so the chart will have to ship a different image anyways. Maybe that can provide a resolution?

djjudas21 commented 8 months ago

Hey, can this be merged now? Thanks

bo0tzz commented 8 months ago

Superseded by #53, which creates the extensions through an initdb script instead.