diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-16 14:58:30 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-16 14:58:30 +0300 |
| commit | f633a65a3592805f8d458c8d2cbe979e63484c02 (patch) | |
| tree | 74998fdf70bf9c625ba494079c254fd7e6c8bd19 /f3s | |
| parent | 03a18c651d6800fe2f756887482c4a06175782c3 (diff) | |
f3s: set strategy Recreate on single-replica stateful deployments
Prevents NFS-lock races during rolling updates. The hostPath PVs point at
an NFS-shared directory mounted on every r-node, so RWO is not actually
enforced across nodes — under the default RollingUpdate strategy the new
pod can start on a different node and grab the same data dir while the
old pod still holds file locks, producing errors like postgres'
"could not write to file postmaster.pid: Unknown error 512".
Applied to: immich-postgres, audiobookshelf, anki-sync-server, registry,
pkgrepo, player, wallabag, miniflux-postgres, opodsync, radicale,
kobo-sync-server, keybr, filebrowser, git-server, goprecords, jellyfin.
(syncthing and navidrome already had it.)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Diffstat (limited to 'f3s')
16 files changed, 68 insertions, 0 deletions
diff --git a/f3s/anki-sync-server/helm-chart/templates/deployment.yaml b/f3s/anki-sync-server/helm-chart/templates/deployment.yaml index 181b6c9..cc06fb7 100644 --- a/f3s/anki-sync-server/helm-chart/templates/deployment.yaml +++ b/f3s/anki-sync-server/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: anki-sync-server diff --git a/f3s/audiobookshelf/helm-chart/templates/deployment.yaml b/f3s/audiobookshelf/helm-chart/templates/deployment.yaml index 65e536a..a8d513f 100644 --- a/f3s/audiobookshelf/helm-chart/templates/deployment.yaml +++ b/f3s/audiobookshelf/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: audiobookshelf diff --git a/f3s/filebrowser/helm-chart/templates/deployment.yaml b/f3s/filebrowser/helm-chart/templates/deployment.yaml index e079055..0d18d34 100644 --- a/f3s/filebrowser/helm-chart/templates/deployment.yaml +++ b/f3s/filebrowser/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: filebrowser diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml index 3013364..41dff7c 100644 --- a/f3s/git-server/helm-chart/templates/deployment.yaml +++ b/f3s/git-server/helm-chart/templates/deployment.yaml @@ -7,6 +7,10 @@ metadata: app: git-server spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: git-server diff --git a/f3s/goprecords/helm-chart/templates/deployment.yaml b/f3s/goprecords/helm-chart/templates/deployment.yaml index 04f51fb..537aa3d 100644 --- a/f3s/goprecords/helm-chart/templates/deployment.yaml +++ b/f3s/goprecords/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: goprecords diff --git a/f3s/immich/helm-chart/templates/postgres.yaml b/f3s/immich/helm-chart/templates/postgres.yaml index f4e32ad..49f4a24 100644 --- a/f3s/immich/helm-chart/templates/postgres.yaml +++ b/f3s/immich/helm-chart/templates/postgres.yaml @@ -7,6 +7,14 @@ metadata: namespace: services spec: replicas: 1 + # Recreate (not RollingUpdate) so the old pod is fully terminated before + # the new one starts. The hostPath PV points at an NFS-backed directory + # mounted on every r-node, so RWO is not actually enforced across nodes: + # under RollingUpdate the new pod can start on a different node and grab + # the same data dir while the old pod still holds postgres' file locks, + # producing "could not write to file postmaster.pid: Unknown error 512". + strategy: + type: Recreate selector: matchLabels: app: immich-postgres diff --git a/f3s/jellyfin/helm-chart/templates/deployment.yaml b/f3s/jellyfin/helm-chart/templates/deployment.yaml index 0289dfe..eef2fd4 100644 --- a/f3s/jellyfin/helm-chart/templates/deployment.yaml +++ b/f3s/jellyfin/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: jellyfin-server diff --git a/f3s/keybr/helm-chart/templates/deployment.yaml b/f3s/keybr/helm-chart/templates/deployment.yaml index be29aeb..513ce7f 100644 --- a/f3s/keybr/helm-chart/templates/deployment.yaml +++ b/f3s/keybr/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: keybr diff --git a/f3s/kobo-sync-server/helm-chart/templates/deployment.yaml b/f3s/kobo-sync-server/helm-chart/templates/deployment.yaml index 2f742df..5bbf7ee 100644 --- a/f3s/kobo-sync-server/helm-chart/templates/deployment.yaml +++ b/f3s/kobo-sync-server/helm-chart/templates/deployment.yaml @@ -4,6 +4,10 @@ metadata: name: koreader-sync-server spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: koreader-sync-server diff --git a/f3s/miniflux/helm-chart/templates/deployment.yaml b/f3s/miniflux/helm-chart/templates/deployment.yaml index 5a98459..de36378 100644 --- a/f3s/miniflux/helm-chart/templates/deployment.yaml +++ b/f3s/miniflux/helm-chart/templates/deployment.yaml @@ -74,6 +74,10 @@ metadata: app: miniflux-postgres spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: miniflux-postgres diff --git a/f3s/opodsync/helm-chart/templates/deployment.yaml b/f3s/opodsync/helm-chart/templates/deployment.yaml index b0f11d9..c72552a 100644 --- a/f3s/opodsync/helm-chart/templates/deployment.yaml +++ b/f3s/opodsync/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: opodsync diff --git a/f3s/pkgrepo/helm-chart/templates/deployment.yaml b/f3s/pkgrepo/helm-chart/templates/deployment.yaml index 4332546..5e35c9a 100644 --- a/f3s/pkgrepo/helm-chart/templates/deployment.yaml +++ b/f3s/pkgrepo/helm-chart/templates/deployment.yaml @@ -7,6 +7,10 @@ metadata: app: pkgrepo spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: pkgrepo diff --git a/f3s/player/helm-chart/templates/deployment.yaml b/f3s/player/helm-chart/templates/deployment.yaml index 8757df9..db72e1f 100644 --- a/f3s/player/helm-chart/templates/deployment.yaml +++ b/f3s/player/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: player diff --git a/f3s/radicale/helm-chart/templates/deployment.yaml b/f3s/radicale/helm-chart/templates/deployment.yaml index b7022e5..92b0e00 100644 --- a/f3s/radicale/helm-chart/templates/deployment.yaml +++ b/f3s/radicale/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: radicale diff --git a/f3s/registry/helm-chart/templates/deployment.yaml b/f3s/registry/helm-chart/templates/deployment.yaml index ae3397f..f7b055b 100644 --- a/f3s/registry/helm-chart/templates/deployment.yaml +++ b/f3s/registry/helm-chart/templates/deployment.yaml @@ -7,6 +7,10 @@ metadata: app: docker-registry spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: docker-registry diff --git a/f3s/wallabag/helm-chart/templates/deployment.yaml b/f3s/wallabag/helm-chart/templates/deployment.yaml index 25dcffd..d0c4ce0 100644 --- a/f3s/wallabag/helm-chart/templates/deployment.yaml +++ b/f3s/wallabag/helm-chart/templates/deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: services spec: replicas: 1 + # Recreate so the old pod fully terminates before the new one starts — + # avoids NFS-lock races on the hostPath-backed PVC during rolling updates. + strategy: + type: Recreate selector: matchLabels: app: wallabag |