apiVersion: apps/v1
kind: Deployment
metadata:
  name: filebrowser
  namespace: services
spec:
  replicas: 1
  # Recreate so the old pod fully terminates before the new one starts —
  # avoids NFS-lock races on the hostPath-backed PVC during rolling updates.
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: filebrowser
  template:
    metadata:
      labels:
        app: filebrowser
    spec:
      initContainers:
      - name: nfs-check-data
        image: busybox:stable
        command:
        - sh
        - -c
        - |
          test -f /mnt/.nfs-sentinel || (
            echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel"
            echo "refusing to start; node likely has NFS unmounted"
            echo "pod would otherwise bind-mount the local-XFS shadow"
            exit 1
          )
        volumeMounts:
        - name: filebrowser-data
          mountPath: /mnt
          readOnly: true
      - name: nfs-check-database
        image: busybox:stable
        command:
        - sh
        - -c
        - |
          test -f /mnt/.nfs-sentinel || (
            echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel"
            echo "refusing to start; node likely has NFS unmounted"
            echo "pod would otherwise bind-mount the local-XFS shadow"
            exit 1
          )
        volumeMounts:
        - name: filebrowser-database
          mountPath: /mnt
          readOnly: true
      - name: nfs-check-config
        image: busybox:stable
        command:
        - sh
        - -c
        - |
          test -f /mnt/.nfs-sentinel || (
            echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel"
            echo "refusing to start; node likely has NFS unmounted"
            echo "pod would otherwise bind-mount the local-XFS shadow"
            exit 1
          )
        volumeMounts:
        - name: filebrowser-config
          mountPath: /mnt
          readOnly: true
      securityContext:
        runAsUser: 65534
        runAsGroup: 65534
        fsGroup: 65534
      containers:
      - name: filebrowser
        image: filebrowser/filebrowser:latest
        ports:
        - containerPort: 80
        env:
        - name: PUID
          value: "65534"
        - name: PGID
          value: "65534"
        volumeMounts:
        - name: filebrowser-data
          mountPath: /srv
        - name: filebrowser-database
          mountPath: /database
        - name: filebrowser-config
          mountPath: /config
      volumes:
      - name: filebrowser-data
        persistentVolumeClaim:
          claimName: filebrowser-data-pvc
      - name: filebrowser-database
        persistentVolumeClaim:
          claimName: filebrowser-database-pvc
      - name: filebrowser-config
        persistentVolumeClaim:
          claimName: filebrowser-config-pvc