securityContext:
  allowPrivilegeEscalation: false
containers:
- name: pigallery2
  image: "bpatrik/pigallery2:{{ item.value.version }}"
  securityContext:
    runAsUser: {{ pigallery2_app_uid }}
    runAsGroup: {{ pigallery2_app_gid }}
  resources:
    limits:
      memory: "1Gi"
  volumeMounts:
  - name: config
    mountPath: /app/data/config
  - name: db
    mountPath: /app/data/db
  - name: tmp
    mountPath: /app/data/tmp
{% for mountpoint, images_path in item.value.images_paths.items() %}
  - name: images-{{ mountpoint }}
    mountPath: /app/data/images/{{ mountpoint }}
    readOnly: true
{% endfor %}
  env:
  - name: PORT
    value: "{{ item.value.port }}"
  - name: NODE_ENV
    value: production
  ports:
  - containerPort: {{ item.value.port }}
    hostPort: {{ item.value.port }}
    hostIP: 127.0.0.1
volumes:
- name: config
  hostPath:
    path: "{{ pigallery2_base_path }}/{{ item.key }}/config/"
    type: Directory
- name: db
  hostPath:
    path: "{{ pigallery2_base_path }}/{{ item.key }}/db/"
    type: Directory
- name: tmp
  hostPath:
    path: "{{ pigallery2_base_path }}/{{ item.key }}/tmp/"
    type: Directory
{% for mountpoint, images_path in item.value.images_paths.items() %}
- name: images-{{ mountpoint }}
  hostPath:
    path: "{{ images_path }}"
    type: Directory
{% endfor %}