apiVersion: apps/v1
kind: Deployment
metadata:
  name: element-web
spec:
  template:
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
      containers:
        - name: element-web
          image: vectorim/element-web
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          volumeMounts:
            - mountPath: /app/config.json
              name: config
              subPath: config.json
              readOnly: true
            - mountPath: /etc/nginx/nginx.conf
              name: config
              subPath: nginx.conf
              readOnly: true
            - mountPath: /etc/nginx/conf.d/default.conf
              name: config
              subPath: default.conf
              readOnly: true
            - mountPath: /var/cache/nginx
              name: ephemeral
              subPath: cache
            - mountPath: /var/run/pid
              name: ephemeral
              subPath: pid
          readinessProbe:
            httpGet:
              path: /
              port: http
          startupProbe:
            httpGet:
              path: /
              port: http
          livenessProbe:
            httpGet:
              path: /
              port: http
          securityContext:
            capabilities:
              drop:
                - ALL
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
      volumes:
        - name: config
          configMap:
            name: element-web-config
        - name: ephemeral
          emptyDir: {}