---
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/serviceaccount.json
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jitsi
  namespace: jitsi
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/deployment.json
apiVersion: apps/v1
kind: Deployment

metadata:
  labels:
    app: jitsi
  name: jitsi

spec:
  replicas: 1
  strategy:
    type: Recreate

  selector:
    matchLabels:
      app: jitsi

  template:
    metadata:
      labels:
        app: jitsi

    spec:
      serviceAccountName: jitsi

      securityContext:
        fsGroup: 65532
        fsGroupChangePolicy: OnRootMismatch
        runAsGroup: 65532
        runAsNonRoot: true
        runAsUser: 65532
        seccompProfile:
          type: RuntimeDefault

      containers:
        - name: jicofo
          image: jicofo
          imagePullPolicy: IfNotPresent
          envFrom: &DefaultEnvFrom
            - secretRef:
                name: jitsi-secrets
            - configMapRef:
                name: envs
          securityContext: &DefaultContainerSecurityContext
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false

        - name: prosody
          image: prosody
          imagePullPolicy: IfNotPresent
          envFrom: *DefaultEnvFrom
          securityContext: *DefaultContainerSecurityContext

        - name: jitsi
          image: jitsi
          imagePullPolicy: IfNotPresent
          envFrom: *DefaultEnvFrom
          securityContext: *DefaultContainerSecurityContext

        - name: jvb
          image: jvb
          imagePullPolicy: IfNotPresent
          envFrom: *DefaultEnvFrom
          securityContext: *DefaultContainerSecurityContext

      volumes:
        - name: ephemeral
          emptyDir:
            sizeLimit: 256Mi