apiVersion: apps/v1
kind: Deployment
metadata:
  name: webmail
  namespace: {{ .namespace }}
spec:
  replicas: 1
  selector:
    matchLabels:
      component: webmail
  template:
    metadata:
      labels:
        component: webmail
    spec:
      initContainers:
      - name: fix-permissions
        image: busybox:latest
        command: ['sh', '-c', 'chown -R 999:999 /data']
        volumeMounts:
        - name: data
          subPath: webmail
          mountPath: /data
      containers:
      - name: webmail
        image: {{ .images.webmail }}
        imagePullPolicy: IfNotPresent
        securityContext:
          capabilities:
            add:
            - SYS_CHROOT
            - CHOWN
            - SETGID
            - SETUID
        env:
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: mailu-secrets
              key: secretKey
        envFrom:
        - configMapRef:
            name: mailu-config
        ports:
        - name: http
          containerPort: 80
        volumeMounts:
        - name: data
          subPath: webmail
          mountPath: /data
        resources:
          requests:
            memory: "512Mi"
            cpu: "250m"
          limits:
            memory: "1Gi"
            cpu: "1000m"
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: mailu-storage