apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: spreed-prod.allarddcs.nl
  namespace: nextcloud
spec:
  secretName: spreed-prod.allarddcs.nl
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
  dnsNames:
    - spreed-prod.allarddcs.nl
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: spreed
  namespace: nextcloud
spec:
  replicas: 1
  selector:
    matchLabels:
      app: spreed
  template:
    metadata:
      labels:
        app: spreed
    spec:
      containers:
        - name: spreed
          image: ghcr.io/strukturag/nextcloud-spreed-signaling:latest
          ports:
            - containerPort: 3478
            - containerPort: 5349
            - containerPort: 8443
            - containerPort: 8080
          volumeMounts:
            - mountPath: /var/run
              name: spreed-socket
            - mountPath: /etc/tls
              name: spreed-prod-cert
              readOnly: true
            - name: spreed-config
              mountPath: /config/server.conf  # Mount location inside the container
              subPath: server.conf  # Ensure we only mount the file, not the entire directory
      volumes:
        - name: spreed-socket
          emptyDir: {}
        - name: spreed-prod-cert
          secret:
            secretName: spreed-prod.allarddcs.nl
        - name: spreed-config
          persistentVolumeClaim:
            claimName: spreed-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: spreed
  namespace: nextcloud
spec:
  type: ClusterIP
  selector:
    app: spreed
  ports:
    - name: websocket-web
      protocol: TCP
      port: 8080
      targetPort: 8080
    - name: websocket
      protocol: TCP
      port: 8443
      targetPort: 8443
    - name: stun-port
      protocol: TCP
      port: 3478
      targetPort: 3478
    - name: signaling-port
      protocol: TCP
      port: 5349
      targetPort: 5349
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: spreed-pv
spec:
  storageClassName: ""
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  mountOptions:
    - hard
    - nfsvers=4.1
  nfs:
    server: 192.168.2.110
    path: /mnt/nfs_share/spreed
    readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: spreed-pvc
  namespace: nextcloud
spec:
  storageClassName: ""
  volumeName: spreed-pv
  accessModes:
    - ReadWriteMany
  volumeMode: Filesystem
  resources:
    requests:
      storage: 1Gi
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: spreed
  namespace: nextcloud
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`spreed-prod.allarddcs.nl`)
      kind: Rule
      services:
        - name: spreed
          port: 8080
      middlewares:
        - name: websocket-headers
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: websocket-headers
  namespace: nextcloud
spec:
  headers:
    customRequestHeaders:
      X-Forwarded-Proto: "https"
    customResponseHeaders:
      Connection: "Upgrade"
      Upgrade: "websocket"
    accessControlAllowMethods:
      - GET
      - OPTIONS
      - POST
    accessControlAllowHeaders:
      - "*"