docs: Update deployment strategy for apps using ReadWriteOnce PVCs

2026-05-17 22:31:41 +00:00
parent 326cca5870
commit 27747bb2a5
7 changed files with 27 additions and 0 deletions
--- a/ADDING-APPS.md
+++ b/ADDING-APPS.md
@@ -393,6 +393,20 @@ env:
    value: "postgresql://myapp:secret@postgres/myapp"
 ```

+## Deployment Strategy
+
+Apps using `ReadWriteOnce` (RWO) persistent volumes **must** set `strategy: type: Recreate` on their Deployment. RWO volumes can only be attached to one pod at a time, so the default `RollingUpdate` strategy will cause Multi-Attach errors during updates (the new pod can't mount the volume while the old pod still holds it).
+
+```yaml
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      component: web
+```
+
 ## Security Requirements

 ### Security Contexts
@@ -550,6 +564,7 @@ Before submitting a new or modified app, verify:

 - [ ] **Resources**
  - [ ] Security contexts on all pods (both pod-level and container-level)
+  - [ ] `strategy: type: Recreate` on deployments with ReadWriteOnce PVCs
  - [ ] Simple component labels, no Helm-style labels
  - [ ] Ingresses include external-dns annotations
  - [ ] Database apps include init jobs (if applicable)
--- a/communitarian/deployment-api.yaml
+++ b/communitarian/deployment-api.yaml
@@ -5,6 +5,8 @@ metadata:
  namespace: "{{ .namespace }}"
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      component: api
--- a/crowdsec/crowdsec-deployment.yaml
+++ b/crowdsec/crowdsec-deployment.yaml
@@ -9,6 +9,8 @@ metadata:
    partOf: wild-cloud
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      app: crowdsec
--- a/immich/deployment-machine-learning.yaml
+++ b/immich/deployment-machine-learning.yaml
@@ -5,6 +5,8 @@ metadata:
  name: immich-machine-learning
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      app: immich-machine-learning
--- a/keila/deployment.yaml
+++ b/keila/deployment.yaml
@@ -4,6 +4,8 @@ metadata:
  name: keila
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      component: web
--- a/open-webui/deployment.yaml
+++ b/open-webui/deployment.yaml
@@ -4,6 +4,8 @@ metadata:
  name: open-webui
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      component: web
--- a/postgres/deployment.yaml
+++ b/postgres/deployment.yaml
@@ -5,6 +5,8 @@ metadata:
  name: postgres-deployment
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      app: postgres