apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.version: 1.37.0 (fb0539e64)
  labels:
    io.kompose.service: nextcloud-aio-apache
  name: nextcloud-aio-apache
  namespace: "{{ .Values.NAMESPACE }}"
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: nextcloud-aio-apache
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        kompose.version: 1.37.0 (fb0539e64)
      labels:
        io.kompose.service: nextcloud-aio-apache
    spec:
      securityContext:
        # The items below only work in pod context
        fsGroup: 33
        fsGroupChangePolicy: "OnRootMismatch"
        # The items below work in both contexts
        runAsUser: 33
        runAsGroup: 33
        runAsNonRoot: true
        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
        seccompProfile:
          type: RuntimeDefault
        {{- end }}
      containers:
        - env:
            - name: ADDITIONAL_TRUSTED_DOMAIN
              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
            - name: APACHE_HOST
              value: nextcloud-aio-apache
            - name: APACHE_MAX_SIZE
              value: "{{ .Values.APACHE_MAX_SIZE }}"
            - name: APACHE_MAX_TIME
              value: "{{ .Values.NEXTCLOUD_MAX_TIME }}"
            - name: APACHE_PORT
              value: "{{ .Values.APACHE_PORT }}"
            - name: COLLABORA_HOST
              value: nextcloud-aio-collabora
            - name: NC_DOMAIN
              value: "{{ .Values.NC_DOMAIN }}"
            - name: NEXTCLOUD_HOST
              value: nextcloud-aio-nextcloud
            - name: NOTIFY_PUSH_HOST
              value: nextcloud-aio-notify-push
            - name: ONLYOFFICE_HOST
              value: nextcloud-aio-onlyoffice
            - name: TALK_HOST
              value: nextcloud-aio-talk
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
            - name: WHITEBOARD_HOST
              value: nextcloud-aio-whiteboard
          image: ghcr.io/nextcloud-releases/aio-apache:20250927_081431
          readinessProbe:
            exec:
              command:
                - /healthcheck.sh
            failureThreshold: 3
            periodSeconds: 30
            timeoutSeconds: 30
          livenessProbe:
            exec:
              command:
                - /healthcheck.sh
            failureThreshold: 3
            periodSeconds: 30
            timeoutSeconds: 30
          name: nextcloud-aio-apache
          ports:
            - containerPort: {{ .Values.APACHE_PORT }}
              protocol: TCP
            - containerPort: {{ .Values.APACHE_PORT }}
              protocol: UDP
          securityContext:
            # The items below only work in container context
            allowPrivilegeEscalation: false
            capabilities:
              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
              drop: ["ALL"]
              {{- else }}
              drop: ["NET_RAW"]
              {{- end }}
              add: ["NET_BIND_SERVICE"]
          volumeMounts:
            - mountPath: /var/www/html
              name: nextcloud-aio-nextcloud
              readOnly: true
            - mountPath: /mnt/data
              name: nextcloud-aio-apache
      volumes:
        - name: nextcloud-aio-nextcloud
          persistentVolumeClaim:
            claimName: nextcloud-aio-nextcloud
        - name: nextcloud-aio-apache
          persistentVolumeClaim:
            claimName: nextcloud-aio-apache