apiVersion: apps/v1
kind: Deployment
metadata:
  name: opodsync
  namespace: services
spec:
  replicas: 1
  # Recreate so the old pod fully terminates before the new one starts —
  # avoids NFS-lock races on the hostPath-backed PVC during rolling updates.
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: opodsync
  template:
    metadata:
      labels:
        app: opodsync
    spec:
      initContainers:
      - name: nfs-check-data
        image: busybox:stable
        command:
        - sh
        - -c
        - |
          test -f /mnt/.nfs-sentinel || (
            echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel"
            echo "refusing to start; node likely has NFS unmounted"
            echo "pod would otherwise bind-mount the local-XFS shadow"
            exit 1
          )
        volumeMounts:
        - name: opodsync-data
          mountPath: /mnt
          readOnly: true
      containers:
      - name: opodsync
        image: ganeshlab/opodsync
        env:
        - name: GPODDER_BASE_URL
          value: "https://gpodder.f3s.buetow.org/gpodder"
        - name: GPODDER_ALLOW_REGISTRATIONS
          value: "true"
        ports:
        - containerPort: 8080
        volumeMounts:
        - name: opodsync-data
          mountPath: /var/www/server/data
      - name: nginx-proxy
        image: nginx:1.25-alpine
        ports:
        - containerPort: 8081
        volumeMounts:
        - name: nginx-config
          mountPath: /etc/nginx/nginx.conf
          subPath: nginx.conf
      volumes:
      - name: opodsync-data
        persistentVolumeClaim:
          claimName: opodsync-data-pvc
      - name: nginx-config
        configMap:
          name: opodsync-nginx-config