securityContext: allowPrivilegeEscalation: false containers: - name: nextcloud {# image: "nextcloud{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}" #} image: "nextcloud/{{ item.key }}:{{ item.value.version }}" securityContext: runAsUser: {{ nextcloud_app_uid }} runAsGroup: {{ nextcloud_app_gid }} resources: limits: memory: "4Gi" {% if 'new' in item.value and item.value.new %} env: - name: NEXTCLOUD_TRUSTED_DOMAINS value: "{{ item.value.hostnames | join(' ') }}" - name: OVERWRITEPROTOCOL value: "https" - name: MYSQL_HOST value: 127.0.0.1 - name: MYSQL_DATABASE value: nextcloud - name: MYSQL_USER value: nextcloud - name: MYSQL_PASSWORD value: "{{ item.value.database.password }}" {% endif %} volumeMounts: - name: nextcloud mountPath: /var/www/html - name: config mountPath: /etc/apache2/sites-available/000-default.conf subPath: apache-site.conf readOnly: true - name: config mountPath: /etc/apache2/ports.conf subPath: ports.conf readOnly: true ports: - containerPort: 8080 hostPort: {{ item.value.port }} hostIP: 127.0.0.1 - name: database image: "mariadb:{{ item.value.database.version }}" args: - --transaction-isolation=READ-COMMITTED - --binlog-format=ROW securityContext: runAsUser: {{ nextcloud_db_uid }} runAsGroup: {{ nextcloud_db_gid }} resources: limits: memory: "2Gi" {% if 'new' in item.value and item.value.new %} env: - name: MYSQL_RANDOM_ROOT_PASSWORD value: "true" - name: MYSQL_DATABASE value: nextcloud - name: MYSQL_USER value: nextcloud - name: MYSQL_PASSWORD value: "{{ item.value.database.password }}" {% endif %} volumeMounts: - name: database mountPath: /var/lib/mysql volumes: - name: config hostPath: path: "{{ nextcloud_base_path }}/{{ item.key }}/config/" type: Directory - name: nextcloud hostPath: path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud" type: Directory - name: database hostPath: path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}" type: Directory