apiVersion: apps/v1
kind: Deployment
metadata:
  name: jellyfin
  namespace: jellyfin
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      component: web
  template:
    metadata:
      labels:
        component: web
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 999
        runAsGroup: 999
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: jellyfin
          image: "{{ .apps.jellyfin.image }}"
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
              containerPort: 8096
              protocol: TCP
          env:
            - name: TZ
              value: "{{ .apps.jellyfin.timezone }}"
            - name: JELLYFIN_PublishedServerUrl
              value: "{{ .apps.jellyfin.publishedServerUrl }}"
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: false
          volumeMounts:
            - name: config
              mountPath: /config
            - name: cache
              mountPath: /cache
            - name: media
              mountPath: /media
          livenessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 30
            periodSeconds: 30
            timeoutSeconds: 10
          readinessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
            timeoutSeconds: 5
      volumes:
        - name: config
          persistentVolumeClaim:
            claimName: jellyfin-config
        - name: cache
          persistentVolumeClaim:
            claimName: jellyfin-cache
        - name: media
          persistentVolumeClaim:
            claimName: jellyfin-media