securityContext:
  allowPrivilegeEscalation: false
  runAsUser: {{ coturn_uid }}
  runAsGroup: {{ coturn_gid }}
{# this does not work: https://github.com/kubernetes/kubernetes/issues/56374, https://github.com/moby/moby/issues/8460
{% if (coturn_listening_port < 1024) or (coturn_tls_listening_port < 1024) %}
  capabilities:
    add: ["NET_BIND_SERVICE"]
{% endif %}
#}
terminationGracePeriodSeconds: 0
hostNetwork: true
containers:
- name: coturn
  image: "coturn/coturn:{{ coturn_version }}"
  args:
  - --log-file=stdout
  resources:
    limits:
      memory: "1Gi"
  volumeMounts:
  - name: config
    mountPath: /etc/coturn/
    readOnly: true
  - name: run
    mountPath: /var/run
  - name: lib
    mountPath: /var/lib/coturn
volumes:
- name: config
  hostPath:
    path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/"
    type: Directory
- name: run
  emptyDir:
    medium: Memory
- name: lib
  emptyDir:
    medium: Memory