runAsContext:
  - userName: root
    groupName: root
    gid: 0
    uid: 0
    description: Nextcloud runs as root user.
  - userName: root
    groupName: root
    gid: 0
    uid: 0
    description: Postgres runs as root user.
  - userName: root
    groupName: root
    gid: 0
    uid: 0
    description: Nginx runs as root user. (Nginx only runs when certificate is provided)
capabilities:
  - name: CHOWN
    description: Nextcloud, Nginx and Postgres are able to chown files.
  - name: FOWNER
    description: Nextcloud, Nginx and Postgres are able to bypass permission checks for it's sub-processes.
  - name: SYS_CHROOT
    description: Nextcloud, Nginx and Postgres are able to use chroot.
  - name: MKNOD
    description: Nextcloud, Nginx and Postgres are able to create device nodes.
  - name: DAC_OVERRIDE
    description: Nextcloud, Nginx and Postgres are able to bypass permission checks.
  - name: FSETID
    description: Nextcloud, Nginx and Postgres are able to set file capabilities.
  - name: KILL
    description: Nextcloud, Nginx and Postgres are able to kill processes.
  - name: SETGID
    description: Nextcloud, Nginx and Postgres are able to set group ID for it's sub-processes.
  - name: SETUID
    description: Nextcloud, Nginx and Postgres are able to set user ID for it's sub-processes.
  - name: SETPCAP
    description: Nextcloud, Nginx and Postgres are able to set process capabilities.
  - name: NET_BIND_SERVICE
    description: Nextcloud, Nginx and Postgres are able to bind to privileged ports.
  - name: SETFCAP
    description: Nextcloud, Nginx and Postgres are able to set file capabilities.
  - name: NET_RAW
    description: Nextcloud, Nginx and Postgres are able to use raw sockets.
  - name: AUDIT_WRITE
    description: Nextcloud, Nginx and Postgres are able to write to audit log.
hostMounts: []