---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud-hpb
  namespace: nextcloud-hpb
  labels:
    app: nextcloud-hpb
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nextcloud-hpb
  template:
    metadata:
      labels:
        app: nextcloud-hpb
    spec:
      containers:
        - name: nextcloud-hpb
          image: ghcr.io/nextcloud-releases/aio-talk:latest
          imagePullPolicy: IfNotPresent
          ports:
            - name: turn-tcp
              containerPort: 3478
              protocol: TCP
            - name: turn-udp
              containerPort: 3478
              protocol: UDP
            - name: signaling
              containerPort: 8081
              protocol: TCP

          # Domain/Host aus ConfigMap, Secrets separat
          envFrom:
            - configMapRef:
                name: nextcloud-hpb-config
          env:
            - name: TURN_SECRET
              valueFrom:
                secretKeyRef:
                  name: nextcloud-hpb-secrets
                  key: TURN_SECRET
            - name: SIGNALING_SECRET
              valueFrom:
                secretKeyRef:
                  name: nextcloud-hpb-secrets
                  key: SIGNALING_SECRET
            - name: INTERNAL_SECRET
              valueFrom:
                secretKeyRef:
                  name: nextcloud-hpb-secrets
                  key: INTERNAL_SECRET

          resources:
            requests:
              cpu: 100m
              memory: 256Mi
            limits:
              cpu: "1"
              memory: 1Gi

          # Probes (TCP auf Signaling-Port 8081)
          livenessProbe:
            tcpSocket:
              port: signaling
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 1
            failureThreshold: 3

          readinessProbe:
            tcpSocket:
              port: signaling
            failureThreshold: 3