apiVersion: apps/v1 kind: Deployment metadata: annotations: kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-nextcloud name: nextcloud-aio-nextcloud namespace: "{{ .Values.NAMESPACE }}" spec: replicas: 1 selector: matchLabels: io.kompose.service: nextcloud-aio-nextcloud strategy: type: Recreate template: metadata: annotations: kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-nextcloud spec: {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in pod context fsGroup: 33 fsGroupChangePolicy: "OnRootMismatch" # The items below work in both contexts runAsUser: 33 runAsGroup: 33 runAsNonRoot: true {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} {{- end }} # AIO-config - do not change this comment! # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 command: - chmod - "777" - /nextcloud-aio-nextcloud - /nextcloud-aio-nextcloud-trusted-cacerts volumeMounts: - name: nextcloud-aio-nextcloud-trusted-cacerts mountPath: /nextcloud-aio-nextcloud-trusted-cacerts - name: nextcloud-aio-nextcloud mountPath: /nextcloud-aio-nextcloud # AIO settings end # Do not remove or change this line! containers: - env: - name: SMTP_HOST value: "{{ .Values.SMTP_HOST }}" - name: SMTP_SECURE value: "{{ .Values.SMTP_SECURE }}" - name: SMTP_PORT value: "{{ .Values.SMTP_PORT }}" - name: SMTP_AUTHTYPE value: "{{ .Values.SMTP_AUTHTYPE }}" - name: SMTP_NAME value: "{{ .Values.SMTP_NAME }}" - name: SMTP_PASSWORD value: "{{ .Values.SMTP_PASSWORD }}" - name: MAIL_FROM_ADDRESS value: "{{ .Values.MAIL_FROM_ADDRESS }}" - name: MAIL_DOMAIN value: "{{ .Values.MAIL_DOMAIN }}" - name: SUBSCRIPTION_KEY value: "{{ .Values.SUBSCRIPTION_KEY }}" - name: APPS_ALLOWLIST value: "{{ .Values.APPS_ALLOWLIST }}" - name: ADDITIONAL_TRUSTED_PROXY value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}" - name: ADDITIONAL_TRUSTED_DOMAIN value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}" - name: SERVERINFO_TOKEN value: "{{ .Values.SERVERINFO_TOKEN }}" - name: NEXTCLOUD_DEFAULT_QUOTA value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}" - name: NEXTCLOUD_SKELETON_DIRECTORY value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}" - name: NEXTCLOUD_MAINTENANCE_WINDOW value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}" - name: ADDITIONAL_APKS value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}" - name: ADDITIONAL_PHP_EXTENSIONS value: "{{ .Values.NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS }}" - name: ADMIN_PASSWORD value: "{{ .Values.NEXTCLOUD_PASSWORD }}" - name: ADMIN_USER value: admin - name: APACHE_HOST value: nextcloud-aio-apache - name: APACHE_PORT value: "{{ .Values.APACHE_PORT }}" - name: CLAMAV_ENABLED value: "{{ .Values.CLAMAV_ENABLED }}" - name: CLAMAV_HOST value: nextcloud-aio-clamav - name: CLAMAV_MAX_SIZE value: "{{ .Values.APACHE_MAX_SIZE }}" - name: COLLABORA_ENABLED value: "{{ .Values.COLLABORA_ENABLED }}" - name: COLLABORA_HOST value: nextcloud-aio-collabora - name: FULLTEXTSEARCH_ENABLED value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}" - name: FULLTEXTSEARCH_HOST value: nextcloud-aio-fulltextsearch - name: FULLTEXTSEARCH_INDEX value: nextcloud-aio - name: FULLTEXTSEARCH_PASSWORD value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}" - name: FULLTEXTSEARCH_PORT value: "9200" - name: FULLTEXTSEARCH_USER value: elastic - name: IMAGINARY_ENABLED value: "{{ .Values.IMAGINARY_ENABLED }}" - name: IMAGINARY_HOST value: nextcloud-aio-imaginary - name: IMAGINARY_SECRET value: "{{ .Values.IMAGINARY_SECRET }}" - name: INSTALL_LATEST_MAJOR value: "{{ .Values.INSTALL_LATEST_MAJOR }}" - name: NC_DOMAIN value: "{{ .Values.NC_DOMAIN }}" - name: NEXTCLOUD_DATA_DIR value: /mnt/ncdata - name: NEXTCLOUD_HOST value: nextcloud-aio-nextcloud - name: ONLYOFFICE_ENABLED value: "{{ .Values.ONLYOFFICE_ENABLED }}" - name: ONLYOFFICE_HOST value: nextcloud-aio-onlyoffice - name: ONLYOFFICE_SECRET value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: OVERWRITEPROTOCOL value: https - name: PHP_MAX_TIME value: "{{ .Values.NEXTCLOUD_MAX_TIME }}" - name: PHP_MEMORY_LIMIT value: "{{ .Values.NEXTCLOUD_MEMORY_LIMIT }}" - name: PHP_UPLOAD_LIMIT value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: POSTGRES_DB value: nextcloud_database - name: POSTGRES_HOST value: nextcloud-aio-database - name: POSTGRES_PASSWORD value: "{{ .Values.DATABASE_PASSWORD }}" - name: POSTGRES_PORT value: "5432" - name: POSTGRES_USER value: nextcloud - name: RECORDING_SECRET value: "{{ .Values.RECORDING_SECRET }}" - name: REDIS_HOST value: nextcloud-aio-redis - name: REDIS_HOST_PASSWORD value: "{{ .Values.REDIS_PASSWORD }}" - name: REMOVE_DISABLED_APPS value: "{{ .Values.REMOVE_DISABLED_APPS }}" - name: SIGNALING_SECRET value: "{{ .Values.SIGNALING_SECRET }}" - name: STARTUP_APPS value: "{{ .Values.NEXTCLOUD_STARTUP_APPS }}" - name: TALK_ENABLED value: "{{ .Values.TALK_ENABLED }}" - name: TALK_PORT value: "{{ .Values.TALK_PORT }}" - name: TALK_RECORDING_ENABLED value: "{{ .Values.TALK_RECORDING_ENABLED }}" - name: TALK_RECORDING_HOST value: nextcloud-aio-talk-recording - name: TRUSTED_CACERTS_DIR value: "{{ .Values.NEXTCLOUD_TRUSTED_CACERTS_DIR }}" - name: TURN_SECRET value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - name: UPDATE_NEXTCLOUD_APPS value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}" - name: WHITEBOARD_ENABLED value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" image: ghcr.io/nextcloud-releases/aio-nextcloud:20250927_081431 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context allowPrivilegeEscalation: false capabilities: {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] {{- end }} {{- end }} # AIO-config - do not change this comment! readinessProbe: exec: command: - /healthcheck.sh failureThreshold: 3 periodSeconds: 30 timeoutSeconds: 30 livenessProbe: exec: command: - /healthcheck.sh failureThreshold: 3 periodSeconds: 30 timeoutSeconds: 30 name: nextcloud-aio-nextcloud ports: - containerPort: 9000 protocol: TCP - containerPort: 9001 protocol: TCP volumeMounts: - mountPath: /var/www/html name: nextcloud-aio-nextcloud - mountPath: /mnt/ncdata name: nextcloud-aio-nextcloud-data - mountPath: /usr/local/share/ca-certificates name: nextcloud-aio-nextcloud-trusted-cacerts readOnly: true terminationGracePeriodSeconds: 600 volumes: - name: nextcloud-aio-nextcloud persistentVolumeClaim: claimName: nextcloud-aio-nextcloud - name: nextcloud-aio-nextcloud-data persistentVolumeClaim: claimName: nextcloud-aio-nextcloud-data - name: nextcloud-aio-nextcloud-trusted-cacerts persistentVolumeClaim: claimName: nextcloud-aio-nextcloud-trusted-cacerts