{{- if eq .Values.TALK_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment metadata: annotations: kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk namespace: "{{ .Values.NAMESPACE }}" spec: replicas: 1 selector: matchLabels: io.kompose.service: nextcloud-aio-talk template: metadata: annotations: kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-talk spec: securityContext: # The items below only work in pod context fsGroup: 1000 fsGroupChangePolicy: "OnRootMismatch" # The items below work in both contexts runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} containers: - env: - name: TALK_MAX_STREAM_BITRATE value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}" - name: TALK_MAX_SCREEN_BITRATE value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}" - name: INTERNAL_SECRET value: "{{ .Values.TALK_INTERNAL_SECRET }}" - name: NC_DOMAIN value: "{{ .Values.NC_DOMAIN }}" - name: SIGNALING_SECRET value: "{{ .Values.SIGNALING_SECRET }}" - name: TALK_HOST value: nextcloud-aio-talk - name: TALK_PORT value: "{{ .Values.TALK_PORT }}" - name: TURN_SECRET value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431 readinessProbe: exec: command: - /healthcheck.sh failureThreshold: 3 periodSeconds: 30 timeoutSeconds: 30 livenessProbe: exec: command: - /healthcheck.sh failureThreshold: 3 periodSeconds: 30 timeoutSeconds: 30 name: nextcloud-aio-talk ports: - containerPort: {{ .Values.TALK_PORT }} protocol: TCP - containerPort: {{ .Values.TALK_PORT }} protocol: UDP - containerPort: 8081 protocol: TCP securityContext: # The items below only work in container context allowPrivilegeEscalation: false capabilities: {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] {{- end }} {{- end }}