diff --git a/kubernetes/apps/default/immich/app/configmap.yaml b/kubernetes/apps/default/immich/app/configmap.yaml
index a918b43f3..d1a3037ac 100644
--- a/kubernetes/apps/default/immich/app/configmap.yaml
+++ b/kubernetes/apps/default/immich/app/configmap.yaml
@@ -14,6 +14,7 @@ data:
   # REDIS_DBINDEX: "15"
   REDIS_HOSTNAME: immich-redis.default.svc.cluster.local
   REDIS_PORT: "6379"
+  TRANSFORMERS_CACHE: /usr/src/app/.transformers_cache
   TYPESENSE_DATA_DIR: /config
   TYPESENSE_HOST: immich-typesense.default.svc.cluster.local.
   # Below are deprecated and can only be set in the Immich Admin settings
diff --git a/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml b/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml
index c5990136d..34e19d607 100644
--- a/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/machine-learning/helmrelease.yaml
@@ -31,7 +31,6 @@ spec:
     - name: immich-redis
   values:
     controller:
-      replicas: 1
       strategy: Recreate
       annotations:
         configmap.reloader.stakater.com/reload: &configMap immich-configmap
@@ -49,6 +48,11 @@ spec:
         ports:
           http:
             port: 3003
+    podSecurityContext:
+      runAsUser: 568
+      runAsGroup: 568
+      fsGroup: 568
+      fsGroupChangePolicy: OnRootMismatch
     persistence:
       library:
         enabled: true
@@ -58,6 +62,14 @@ spec:
         enabled: true
         existingClaim: immich-machine-learning-cache
         mountPath: /cache
+      geocoding-dump:
+        enabled: true
+        type: emptyDir
+        mountPath: /usr/src/app/.reverse-geocoding-dump
+      transformers-cache:
+        enabled: true
+        type: emptyDir
+        mountPath: /usr/src/app/.transformers_cache
     topologySpreadConstraints:
       - maxSkew: 1
         topologyKey: kubernetes.io/hostname
diff --git a/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml b/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml
index 9c45032de..b0919d0f7 100644
--- a/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/microservices/helmrelease.yaml
@@ -31,7 +31,6 @@ spec:
     - name: immich-redis
   values:
     controller:
-      replicas: 2
       strategy: RollingUpdate
       annotations:
         configmap.reloader.stakater.com/reload: &configMap immich-configmap
@@ -48,11 +47,31 @@ spec:
     service:
       main:
         enabled: false
+    podSecurityContext:
+      runAsUser: 568
+      runAsGroup: 568
+      fsGroup: 568
+      fsGroupChangePolicy: OnRootMismatch
+      supplementalGroups: [44, 105]
     persistence:
       library:
         enabled: true
         existingClaim: immich-nfs
         mountPath: /usr/src/app/upload
+      geocoding-dump:
+        enabled: true
+        type: emptyDir
+        mountPath: /usr/src/app/.reverse-geocoding-dump
+      geoname-dump:
+        enabled: true
+        type: emptyDir
+        mountPath: /usr/src/app/node_modules/local-reverse-geocoder/geonames_dump
+      transformers-cache:
+        enabled: true
+        type: emptyDir
+        mountPath: /usr/src/app/.transformers_cache
+    nodeSelector:
+      intel.feature.node.kubernetes.io/gpu: "true"
     topologySpreadConstraints:
       - maxSkew: 1
         topologyKey: kubernetes.io/hostname
@@ -62,5 +81,9 @@ spec:
             app.kubernetes.io/name: *app
     resources:
       requests:
+        gpu.intel.com/i915: 1
         cpu: 100m
-        memory: 250Mi
+        memory: 1000Mi
+      limits:
+        gpu.intel.com/i915: 1
+        memory: 6000Mi
diff --git a/kubernetes/apps/default/immich/app/server/helmrelease.yaml b/kubernetes/apps/default/immich/app/server/helmrelease.yaml
index 3578e3ad9..6fe55fd6a 100644
--- a/kubernetes/apps/default/immich/app/server/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/server/helmrelease.yaml
@@ -40,7 +40,6 @@ spec:
           - secretRef:
               name: &secret immich-secret
     controller:
-      replicas: 2
       strategy: RollingUpdate
       annotations:
         configmap.reloader.stakater.com/reload: *configMap
@@ -55,11 +54,24 @@ spec:
         ports:
           http:
             port: 3001
+    podSecurityContext:
+      runAsUser: 568
+      runAsGroup: 568
+      fsGroup: 568
+      fsGroupChangePolicy: OnRootMismatch
     persistence:
       library:
         enabled: true
         existingClaim: immich-nfs
         mountPath: /usr/src/app/upload
+      geocoding-dump:
+        enabled: true
+        type: emptyDir
+        mountPath: /usr/src/app/.reverse-geocoding-dump
+      transformers-cache:
+        enabled: true
+        type: emptyDir
+        mountPath: /usr/src/app/.transformers_cache
     topologySpreadConstraints:
       - maxSkew: 1
         topologyKey: kubernetes.io/hostname
diff --git a/kubernetes/apps/default/immich/app/web/helmrelease.yaml b/kubernetes/apps/default/immich/app/web/helmrelease.yaml
index 0a6d7789f..8a0433dfb 100644
--- a/kubernetes/apps/default/immich/app/web/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/web/helmrelease.yaml
@@ -31,7 +31,6 @@ spec:
     - name: immich-redis
   values:
     controller:
-      replicas: 2
       strategy: RollingUpdate
       annotations:
         configmap.reloader.stakater.com/reload: &configMap immich-configmap
@@ -74,6 +73,11 @@ spec:
         tls:
           - hosts:
               - *host
+    podSecurityContext:
+      runAsUser: 568
+      runAsGroup: 568
+      fsGroup: 568
+      fsGroupChangePolicy: OnRootMismatch
     persistence:
       library:
         enabled: true