apiVersion: apps/v1 kind: Deployment metadata: name: goprecords namespace: services spec: replicas: 1 # Recreate so the old pod fully terminates before the new one starts — # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. strategy: type: Recreate selector: matchLabels: app: goprecords template: metadata: labels: app: goprecords spec: initContainers: - name: nfs-check-stats image: busybox:stable command: - sh - -c - | test -f /mnt/.nfs-sentinel || ( echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel" echo "refusing to start; node likely has NFS unmounted" echo "pod would otherwise bind-mount the local-XFS shadow" exit 1 ) volumeMounts: - name: goprecords-stats mountPath: /mnt readOnly: true containers: - name: goprecords image: registry.lan.buetow.org:30001/goprecords:0.5.2 imagePullPolicy: Always args: - -daemon - -listen=:8080 - -stats-dir=/data/stats ports: - containerPort: 8080 name: http protocol: TCP readinessProbe: httpGet: path: /readyz port: 8080 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /livez port: 8080 initialDelaySeconds: 15 periodSeconds: 20 resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "256Mi" cpu: "500m" securityContext: allowPrivilegeEscalation: false runAsUser: 0 runAsGroup: 0 volumeMounts: - name: goprecords-stats mountPath: /data/stats volumes: - name: goprecords-stats persistentVolumeClaim: claimName: goprecords-stats-pvc