Updates

2025-11-17 18:51:08 +01:00
parent 14d6f9aa73
commit 7fb0d2212a
318 changed files with 35761 additions and 0 deletions
--- a/nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -0,0 +1,87 @@
+{{- if eq .Values.TALK_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.version: 1.37.0 (fb0539e64)
+  labels:
+    io.kompose.service: nextcloud-aio-talk
+  name: nextcloud-aio-talk
+  namespace: "{{ .Values.NAMESPACE }}"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-talk
+  template:
+    metadata:
+      annotations:
+        kompose.version: 1.37.0 (fb0539e64)
+      labels:
+        io.kompose.service: nextcloud-aio-talk
+    spec:
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 1000
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
+      containers:
+        - env:
+            - name: TALK_MAX_STREAM_BITRATE
+              value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
+            - name: TALK_MAX_SCREEN_BITRATE
+              value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
+            - name: INTERNAL_SECRET
+              value: "{{ .Values.TALK_INTERNAL_SECRET }}"
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: SIGNALING_SECRET
+              value: "{{ .Values.SIGNALING_SECRET }}"
+            - name: TALK_HOST
+              value: nextcloud-aio-talk
+            - name: TALK_PORT
+              value: "{{ .Values.TALK_PORT }}"
+            - name: TURN_SECRET
+              value: "{{ .Values.TURN_SECRET }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          name: nextcloud-aio-talk
+          ports:
+            - containerPort: {{ .Values.TALK_PORT }}
+              protocol: TCP
+            - containerPort: {{ .Values.TALK_PORT }}
+              protocol: UDP
+            - containerPort: 8081
+              protocol: TCP
+          securityContext:
+            # The items below only work in container context
+            allowPrivilegeEscalation: false
+            capabilities:
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+{{- end }}