diff options
13 files changed, 110 insertions, 4 deletions
diff --git a/f3s/anki-sync-server/helm-chart/templates/deployment.yaml b/f3s/anki-sync-server/helm-chart/templates/deployment.yaml index 9797824..d917b6e 100644 --- a/f3s/anki-sync-server/helm-chart/templates/deployment.yaml +++ b/f3s/anki-sync-server/helm-chart/templates/deployment.yaml @@ -39,6 +39,13 @@ spec: image: registry.lan.buetow.org:30001/anki-sync-server:25.07.5b ports: - containerPort: 8080 + livenessProbe: + exec: + command: ["test", "-f", "/anki_data/.nfs-sentinel"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 env: - name: SYNC_PORT value: "8080" diff --git a/f3s/audiobookshelf/helm-chart/templates/deployment.yaml b/f3s/audiobookshelf/helm-chart/templates/deployment.yaml index 7c598ce..5d2cf7a 100644 --- a/f3s/audiobookshelf/helm-chart/templates/deployment.yaml +++ b/f3s/audiobookshelf/helm-chart/templates/deployment.yaml @@ -71,6 +71,13 @@ spec: image: ghcr.io/advplyr/audiobookshelf ports: - containerPort: 80 + livenessProbe: + exec: + command: ["test", "-f", "/config/.nfs-sentinel"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 volumeMounts: - name: audiobookshelf-config mountPath: /config diff --git a/f3s/filebrowser/helm-chart/templates/deployment.yaml b/f3s/filebrowser/helm-chart/templates/deployment.yaml index b3bb4bb..a852f06 100644 --- a/f3s/filebrowser/helm-chart/templates/deployment.yaml +++ b/f3s/filebrowser/helm-chart/templates/deployment.yaml @@ -75,6 +75,13 @@ spec: image: filebrowser/filebrowser:latest ports: - containerPort: 80 + livenessProbe: + exec: + command: ["test", "-f", "/srv/.nfs-sentinel"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 env: - name: PUID value: "65534" diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml index 31ac14b..28733c5 100644 --- a/f3s/git-server/helm-chart/templates/deployment.yaml +++ b/f3s/git-server/helm-chart/templates/deployment.yaml @@ -122,6 +122,15 @@ spec: - containerPort: 22 name: ssh protocol: TCP + livenessProbe: + exec: + # /repos is the NFS-backed repos subPath; test -d catches stale + # NFS file handles (ESTALE) after an NFS server restart. + command: ["test", "-d", "/repos"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 volumeMounts: - name: repos mountPath: /repos @@ -147,6 +156,13 @@ spec: # Container 2: CGit Web UI + git-http-backend - name: cgit image: joseluisq/alpine-cgit:latest + livenessProbe: + exec: + command: ["test", "-d", "/repos"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 command: ["/bin/sh", "-c"] args: - | diff --git a/f3s/immich/helm-chart/templates/postgres.yaml b/f3s/immich/helm-chart/templates/postgres.yaml index 61221d5..07c0510 100644 --- a/f3s/immich/helm-chart/templates/postgres.yaml +++ b/f3s/immich/helm-chart/templates/postgres.yaml @@ -66,7 +66,9 @@ spec: command: - /bin/sh - -c - - pg_isready -U immich -d immich + # pg_isready only checks the TCP port; the NFS check catches stale + # file handles on the data directory after an NFS server restart. + - pg_isready -U immich -d immich && test -f /var/lib/postgresql/data/global/pg_filenode.map initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 diff --git a/f3s/jellyfin/helm-chart/templates/deployment.yaml b/f3s/jellyfin/helm-chart/templates/deployment.yaml index 3da0348..5bc48cd 100644 --- a/f3s/jellyfin/helm-chart/templates/deployment.yaml +++ b/f3s/jellyfin/helm-chart/templates/deployment.yaml @@ -79,6 +79,13 @@ spec: limits: cpu: 4000m memory: 4Gi + livenessProbe: + exec: + command: ["test", "-f", "/config/.nfs-sentinel"] + initialDelaySeconds: 60 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 volumeMounts: - name: jellyfin-config mountPath: /config diff --git a/f3s/keybr/helm-chart/templates/deployment.yaml b/f3s/keybr/helm-chart/templates/deployment.yaml index e114a57..bd6adec 100644 --- a/f3s/keybr/helm-chart/templates/deployment.yaml +++ b/f3s/keybr/helm-chart/templates/deployment.yaml @@ -45,6 +45,13 @@ spec: allowPrivilegeEscalation: false ports: - containerPort: 3000 + livenessProbe: + exec: + command: ["test", "-f", "/data/.nfs-sentinel"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 env: - name: APP_URL value: "http://keybr.f3s.buetow.org/" diff --git a/f3s/kobo-sync-server/helm-chart/templates/deployment.yaml b/f3s/kobo-sync-server/helm-chart/templates/deployment.yaml index e08e6ab..834e39c 100644 --- a/f3s/kobo-sync-server/helm-chart/templates/deployment.yaml +++ b/f3s/kobo-sync-server/helm-chart/templates/deployment.yaml @@ -38,6 +38,13 @@ spec: image: koreader/kosync:latest ports: - containerPort: 17200 + livenessProbe: + exec: + command: ["test", "-f", "/var/lib/redis/.nfs-sentinel"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 volumeMounts: - name: data mountPath: /var/lib/redis diff --git a/f3s/miniflux/helm-chart/templates/deployment.yaml b/f3s/miniflux/helm-chart/templates/deployment.yaml index 9407aa2..94cc40c 100644 --- a/f3s/miniflux/helm-chart/templates/deployment.yaml +++ b/f3s/miniflux/helm-chart/templates/deployment.yaml @@ -122,9 +122,11 @@ spec: livenessProbe: exec: command: - - pg_isready - - -U - - miniflux + - /bin/sh + - -c + # pg_isready only checks the TCP port; the NFS check catches stale + # file handles on the data directory after an NFS server restart. + - pg_isready -U miniflux && test -f /var/lib/postgresql/data/global/pg_filenode.map initialDelaySeconds: 60 periodSeconds: 30 readinessProbe: diff --git a/f3s/opodsync/helm-chart/templates/deployment.yaml b/f3s/opodsync/helm-chart/templates/deployment.yaml index c9855f3..1c3142f 100644 --- a/f3s/opodsync/helm-chart/templates/deployment.yaml +++ b/f3s/opodsync/helm-chart/templates/deployment.yaml @@ -37,6 +37,13 @@ spec: containers: - name: opodsync image: ganeshlab/opodsync + livenessProbe: + exec: + command: ["test", "-f", "/var/www/server/data/.nfs-sentinel"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 env: - name: GPODDER_BASE_URL value: "https://gpodder.f3s.buetow.org/gpodder" diff --git a/f3s/radicale/helm-chart/templates/deployment.yaml b/f3s/radicale/helm-chart/templates/deployment.yaml index c58cdbd..2338731 100644 --- a/f3s/radicale/helm-chart/templates/deployment.yaml +++ b/f3s/radicale/helm-chart/templates/deployment.yaml @@ -73,6 +73,13 @@ spec: image: registry.lan.buetow.org:30001/radicale:latest ports: - containerPort: 8080 + livenessProbe: + exec: + command: ["test", "-f", "/collections/.nfs-sentinel"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 volumeMounts: - name: radicale-collections mountPath: /collections diff --git a/f3s/wallabag/helm-chart/templates/deployment.yaml b/f3s/wallabag/helm-chart/templates/deployment.yaml index 6c653bd..4be699d 100644 --- a/f3s/wallabag/helm-chart/templates/deployment.yaml +++ b/f3s/wallabag/helm-chart/templates/deployment.yaml @@ -55,6 +55,13 @@ spec: image: wallabag/wallabag ports: - containerPort: 80 + livenessProbe: + exec: + command: ["test", "-f", "/var/www/wallabag/data/.nfs-sentinel"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 env: - name: SYMFONY__ENV__DOMAIN_NAME value: "https://bag.f3s.buetow.org" diff --git a/f3s/webdav/helm-chart/templates/deployment.yaml b/f3s/webdav/helm-chart/templates/deployment.yaml index d528ce2..96ca24a 100644 --- a/f3s/webdav/helm-chart/templates/deployment.yaml +++ b/f3s/webdav/helm-chart/templates/deployment.yaml @@ -18,6 +18,22 @@ spec: seLinuxOptions: type: spc_t initContainers: + - name: nfs-check-data + image: busybox:stable + command: + - sh + - -c + - | + test -f /mnt/.nfs-sentinel || ( + echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel" + echo "refusing to start; node likely has NFS unmounted" + echo "pod would otherwise bind-mount the local-XFS shadow" + exit 1 + ) + volumeMounts: + - name: webdav-data + mountPath: /mnt + readOnly: true - name: setup image: httpd:2.4 command: @@ -47,6 +63,13 @@ spec: runAsGroup: 65534 ports: - containerPort: 8080 + livenessProbe: + exec: + command: ["test", "-f", "/var/www/webdav/.nfs-sentinel"] + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 volumeMounts: - name: webdav-data mountPath: /var/www/webdav |