{# TODO:
securityContext:
  allowPrivilegeEscalation: false
#}
terminationGracePeriodSeconds: 120
containers:
{# TODO: only listen to localhost #}
- name: documentserver
  image: "onlyoffice/documentserver:{{ item.value.version }}"
  resources:
    limits:
      memory: "4Gi"
{# TODO:
  securityContext:
    allowPrivilegeEscalation: false
    runAsUser: {{ onlyoffice_amqp_uid }}
    runAsGroup: {{ onlyoffice_amqp_gid }}
#}
  env:
  - name: "DB_TYPE"
    value: "postgres"
  - name: "DB_HOST"
    value: "127.0.0.1"
  - name: "DB_PORT"
    value: "5432"
  - name: "DB_NAME"
    value: "onlyoffice"
  - name: "DB_USER"
    value: "onlyoffice"
  - name: "DB_PWD"
    value: "{{ item.value.database.password }}"
  - name: "AMQP_TYPE"
    value: "rabbitmq"
  - name: "AMQP_URI"
    value: "amqp://onlyoffice:{{ item.value.amqp.password }}@127.0.0.1:5672"
{% if 'jwt_secret' in item.value %}
  - name: "JWT_ENABLED"
    value: "true"
  - name: "JWT_SECRET"
    value: "{{ item.value.jwt_secret }}"
{% endif %}
  ports:
  - containerPort: 80
    hostPort: {{ item.value.port }}
    hostIP: 127.0.0.1

- name: postgresql
  image: "postgres:{{ item.value.database.version }}"
  args:
  - postgres
  - -c
  - listen_addresses=127.0.0.1
  securityContext:
    allowPrivilegeEscalation: false
    runAsUser: {{ onlyoffice_db_uid }}
    runAsGroup: {{ onlyoffice_db_gid }}
  env:
  - name: "POSTGRES_DB"
    value: "onlyoffice"
  - name: "POSTGRES_USER"
    value: "onlyoffice"
  - name: "POSTGRES_PASSWORD"
    value: "{{ item.value.database.password }}"
  volumeMounts:
  - name: postgres
    mountPath: /var/lib/postgresql/data

{# TODO: only listen to localhost #}
- name: rabbitmq
  image: "rabbitmq:{{ item.value.amqp.version }}"
{# TODO:
  securityContext:
    allowPrivilegeEscalation: false
    runAsUser: {{ onlyoffice_amqp_uid }}
    runAsGroup: {{ onlyoffice_amqp_gid }}
#}
  env:
  - name: "RABBITMQ_NODENAME"
    value: "rabbit@localhost"
  - name: "RABBITMQ_NODE_IP_ADDRESS"
    value: "127.0.0.1"
  - name: "RABBITMQ_DEFAULT_USER"
    value: "onlyoffice"
  - name: "RABBITMQ_DEFAULT_PASS"
    value: "{{ item.value.amqp.password }}"
{# TODO: AQMP config?
  volumeMounts:
  - name: rabbitmq
    mountPath: /etc/rabbitmq/conf.d/k8s.conf
    subPath: config
    readOnly: true
#}

volumes:
- name: postgres
  hostPath:
    path: "{{ onlyoffice_base_path }}/{{ item.key }}/postgres"
    type: Directory
{# TODO: AQMP config?
- name: rabbitmq
  hostPath:
    path: "{{ onlyoffice_base_path }}/{{ item.key }}/rabbitmq"
    type: Directory
#}