apiVersion: apps/v1 kind: Deployment metadata: name: syncthing namespace: services spec: replicas: 1 # Use Recreate strategy to avoid file lock conflicts with RWO volumes strategy: type: Recreate selector: matchLabels: app: syncthing template: metadata: labels: app: syncthing spec: initContainers: - name: nfs-check-config image: busybox:stable command: - sh - -c - | test -f /mnt/.nfs-sentinel || ( echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel" echo "refusing to start; node likely has NFS unmounted" echo "pod would otherwise bind-mount the local-XFS shadow" exit 1 ) volumeMounts: - name: syncthing-config mountPath: /mnt readOnly: true - name: nfs-check-data image: busybox:stable command: - sh - -c - | test -f /mnt/.nfs-sentinel || ( echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel" echo "refusing to start; node likely has NFS unmounted" echo "pod would otherwise bind-mount the local-XFS shadow" exit 1 ) volumeMounts: - name: syncthing-data mountPath: /mnt readOnly: true containers: - name: syncthing image: lscr.io/linuxserver/syncthing:latest ports: - containerPort: 8384 - containerPort: 22000 # Startup probe: give syncthing time to initialize (especially if NFS is slow) startupProbe: httpGet: path: / port: 8384 initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 24 # 120 seconds total (24 * 5s) # Liveness probe: restart pod if syncthing becomes unresponsive (stale NFS) livenessProbe: httpGet: path: / port: 8384 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 3 # Restart after 90 seconds of failures # Readiness probe: remove from service if not ready readinessProbe: httpGet: path: / port: 8384 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 2 volumeMounts: - name: syncthing-config mountPath: /config - name: syncthing-data mountPath: /data volumes: - name: syncthing-config persistentVolumeClaim: claimName: syncthing-config-pvc - name: syncthing-data persistentVolumeClaim: claimName: syncthing-data-pvc