apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/name: gotenberg
    app.kubernetes.io/component: gotenberg
    app.kubernetes.io/instance: paperless-ngx
    app.kubernetes.io/part-of: paperless-ngx
  name: gotenberg
  namespace: paperless-ngx
spec:
  ports:
  - name: gotenberg
    port: 3000
  selector:
    app.kubernetes.io/name: gotenberg
    app.kubernetes.io/component: gotenberg
    app.kubernetes.io/instance: paperless-ngx
  type: ClusterIP

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gotenberg
  namespace: paperless-ngx
  labels:
    app.kubernetes.io/name: gotenberg
    app.kubernetes.io/component: gotenberg
    app.kubernetes.io/instance: paperless-ngx
    app.kubernetes.io/part-of: paperless-ngx
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: gotenberg
      app.kubernetes.io/component: gotenberg
      app.kubernetes.io/instance: paperless-ngx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: gotenberg
        app.kubernetes.io/component: gotenberg
        app.kubernetes.io/instance: paperless-ngx
    spec:
      containers:
      - name: gotenberg
        image: docker.io/gotenberg/gotenberg:7.5.4
        imagePullPolicy: IfNotPresent
        command:
        - gotenberg
        - --chromium-disable-javascript=true
        - --chromium-allow-list=file:///tmp/.*
        securityContext:
          runAsNonRoot: true
          readOnlyRootFilesystem: true
          runAsUser: 1001
          runAsGroup: 1001
        volumeMounts:
        - mountPath: /home/gotenberg
          name: tmp
          subPath: home
        - mountPath: /tmp
          name: tmp
          subPath: tmp
      securityContext:
        fsGroup: 1001
      volumes:
      - name: tmp
        emptyDir: