apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
    kompose.version: 1.34.0 (cbf2835db)
  labels:
    io.kompose.service: nextcloud-aio-database
  name: nextcloud-aio-database
  namespace: "{{ .Values.NAMESPACE }}"
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: nextcloud-aio-database
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
        kompose.version: 1.34.0 (cbf2835db)
      labels:
        io.kompose.service: nextcloud-aio-database
    spec:
      securityContext:
        # The items below only work in pod context
        fsGroup: 999
        fsGroupChangePolicy: "OnRootMismatch"
        # The items below work in both contexts
        runAsUser: 999
        runAsGroup: 999
        runAsNonRoot: true
        {{- if eq .Values.RPSS_ENABLED "yes" }}
        seccompProfile:
          type: RuntimeDefault
        {{- end }}
      initContainers:
        - name: init-subpath
          image: "alpine:3.20"
          command:
            - mkdir
            - "-p"
            - /nextcloud-aio-database/data
          volumeMounts:
            - name: nextcloud-aio-database
              mountPath: /nextcloud-aio-database
          securityContext:
            # The items below only work in container context
            allowPrivilegeEscalation: false
            capabilities:
              {{- if eq .Values.RPSS_ENABLED "yes" }}
              drop: ["ALL"]
              {{- else }}
              drop: ["NET_RAW"]
              {{- end }}
              add: ["NET_BIND_SERVICE"]
      containers:
        - env:
            - name: PGTZ
              value: "{{ .Values.TIMEZONE }}"
            - name: POSTGRES_DB
              value: nextcloud_database
            - name: POSTGRES_PASSWORD
              value: "{{ .Values.DATABASE_PASSWORD }}"
            - name: POSTGRES_USER
              value: nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
          image: nextcloud/aio-postgresql:20241106_101604
          name: nextcloud-aio-database
          ports:
            - containerPort: 5432
              protocol: TCP
          securityContext:
            # The items below only work in container context
            allowPrivilegeEscalation: false
            capabilities:
              {{- if eq .Values.RPSS_ENABLED "yes" }}
              drop: ["ALL"]
              {{- else }}
              drop: ["NET_RAW"]
              {{- end }}
              add: ["NET_BIND_SERVICE"]
          volumeMounts:
            - mountPath: /var/lib/postgresql/data
              subPath: data
              name: nextcloud-aio-database
            - mountPath: /mnt/data
              name: nextcloud-aio-database-dump
      terminationGracePeriodSeconds: 1800
      volumes:
        - name: nextcloud-aio-database
          persistentVolumeClaim:
            claimName: nextcloud-aio-database
        - name: nextcloud-aio-database-dump
          persistentVolumeClaim:
            claimName: nextcloud-aio-database-dump