apiVersion: apps/v1
kind: Deployment
metadata:
  name: server
  labels:
    app.kubernetes.io/name: nextcloud
    app.kubernetes.io/component: server
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: nextcloud
      app.kubernetes.io/component: server
  template:
    metadata:
      labels:
        app.kubernetes.io/name: nextcloud
        app.kubernetes.io/component: server
    spec:
      affinity:
        nodeAffinity:
          # TODO: eviction policy
          # preferredDuringSchedulingIgnoredDuringExecution:
          #   - weight: 1
          #     preference:
          #       matchExpressions:
          #         # prefer being on an x64 node, for the extra oomf
          #         - key: kubernetes.io/arch
          #           operator: In
          #           values:
          #             - amd64
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  # prefer being on an x64 node, for the extra oomf
                  - key: kubernetes.io/arch
                    operator: In
                    values:
                      - amd64
      tolerations:
        - key: kubernetes.io/arch
          operator: Equal
          value: amd64
      containers:
        - name: nextcloud
          image: nextcloud
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: TRUSTED_PROXIES
              value: 10.0.0.0/8
            - name: REDIS_HOST
              value: nextcloud-redis.$(NAMESPACE).svc
            - name: REDIS_HOST_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: redis-credentials
                  key: password
            - name: POSTGRES_HOST
              value: nextcloud-postgres.$(NAMESPACE).svc
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: postgres-credentials
                  key: database
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: postgres-credentials
                  key: username
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres-credentials
                  key: password
          ports:
            - name: http
              containerPort: 80
          resources:
            requests:
              cpu: 1000m
              memory: 2Gi
            limits:
              cpu: 2000m
              memory: 2Gi
          volumeMounts:
            - name: nextcloud-pv
              mountPath: /var/www/html
            - name: server-config
              mountPath: /usr/local/etc/php/conf.d/php-user.ini
              subPath: php-user.ini
              readOnly: true
            - name: server-config
              mountPath: /etc/apache2/conf-enabled/apache-user.conf
              subPath: apache-user.conf
              readOnly: true
      volumes:
        - name: nextcloud-pv
          persistentVolumeClaim:
            claimName: server-pvc
        - name: server-config
          configMap:
            name: server-config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: server-pvc
  labels:
    app.kubernetes.io/name: nextcloud
    app.kubernetes.io/component: server
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 100Gi
---
apiVersion: v1
kind: Service
metadata:
  name: server
  labels:
    app.kubernetes.io/name: nextcloud
    app.kubernetes.io/component: server
spec:
  selector:
    app.kubernetes.io/name: nextcloud
    app.kubernetes.io/component: server
  ports:
    - name: http
      port: 80
      targetPort: http