{{- if eq .Values.WHITEBOARD_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment metadata: annotations: kompose.version: 1.35.0 (9532ceef3) labels: io.kompose.service: nextcloud-aio-whiteboard name: nextcloud-aio-whiteboard namespace: "{{ .Values.NAMESPACE }}" spec: replicas: 1 selector: matchLabels: io.kompose.service: nextcloud-aio-whiteboard template: metadata: annotations: kompose.version: 1.35.0 (9532ceef3) labels: io.kompose.service: nextcloud-aio-whiteboard spec: securityContext: # The items below only work in pod context fsGroup: 65534 fsGroupChangePolicy: "OnRootMismatch" # The items below work in both contexts runAsUser: 65534 runAsGroup: 65534 runAsNonRoot: true {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} containers: - env: - name: JWT_SECRET_KEY value: "{{ .Values.WHITEBOARD_SECRET }}" - name: NEXTCLOUD_URL value: https://{{ .Values.NC_DOMAIN }} - name: REDIS_HOST value: nextcloud-aio-redis - name: REDIS_HOST_PASSWORD value: "{{ .Values.REDIS_PASSWORD }}" - name: STORAGE_STRATEGY value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" image: nextcloud/aio-whiteboard:20241216_102930 readinessProbe: exec: command: - /healthcheck.sh failureThreshold: 3 periodSeconds: 30 timeoutSeconds: 30 livenessProbe: exec: command: - /healthcheck.sh failureThreshold: 3 periodSeconds: 30 timeoutSeconds: 30 name: nextcloud-aio-whiteboard ports: - containerPort: 3002 protocol: TCP securityContext: # The items below only work in container context allowPrivilegeEscalation: false capabilities: {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] {{- end }} add: ["NET_BIND_SERVICE"] {{- end }}