bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/jitsi/deployment.yaml

170 lines
6.3 KiB
YAML
Raw Normal View History

jitsi setup
2025-09-07 13:20:49 -05:00
# services/jitsi/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jitsi-prosody
namespace: jitsi
spec:
replicas: 1
selector:
matchLabels: { app: jitsi-prosody }
template:
metadata:
labels: { app: jitsi-prosody }
spec:
nodeSelector:
kubernetes.io/hostname: titan-22 # keep everything on titan-22 for simplicity
kubernetes.io/arch: amd64
containers:
- name: prosody
image: jitsi/prosody:stable
ports:
- { name: c2s, containerPort: 5222, protocol: TCP }
- { name: http, containerPort: 5280, protocol: TCP }
- { name: comp, containerPort: 5347, protocol: TCP }
env:
- { name: XMPP_DOMAIN, value: "meet.jitsi" }
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
- { name: ENABLE_AUTH, value: "0" } # open instance, no auth (fastest path)
- { name: ENABLE_GUESTS, value: "1" }
- { name: JICOFO_AUTH_USER, value: "focus" }
- { name: JVB_AUTH_USER, value: "jvb" }
- name: JICOFO_AUTH_PASSWORD
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_AUTH_PASSWORD } }
- name: JICOFO_COMPONENT_SECRET
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_COMPONENT_SECRET } }
- name: JVB_AUTH_PASSWORD
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JVB_AUTH_PASSWORD } }
volumeMounts:
- { name: cfg, mountPath: /config }
volumes:
- name: cfg
persistentVolumeClaim: { claimName: jitsi-prosody-config }
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jitsi-jicofo
namespace: jitsi
spec:
replicas: 1
selector:
matchLabels: { app: jitsi-jicofo }
template:
metadata:
labels: { app: jitsi-jicofo }
spec:
nodeSelector:
kubernetes.io/hostname: titan-22
kubernetes.io/arch: amd64
containers:
- name: jicofo
image: jitsi/jicofo:stable
env:
- { name: XMPP_DOMAIN, value: "meet.jitsi" }
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
- { name: XMPP_SERVER, value: "jitsi-prosody.jitsi.svc.cluster.local" }
- { name: JICOFO_AUTH_USER, value: "focus" }
- name: JICOFO_AUTH_PASSWORD
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_AUTH_PASSWORD } }
- name: JICOFO_COMPONENT_SECRET
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_COMPONENT_SECRET } }
- { name: JVB_BREWERY_MUC, value: "jvbbrewery" }
volumeMounts:
- { name: cfg, mountPath: /config }
volumes:
- name: cfg
persistentVolumeClaim: { claimName: jitsi-jicofo-config }
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jitsi-jvb
namespace: jitsi
spec:
replicas: 1
selector:
matchLabels: { app: jitsi-jvb }
template:
metadata:
labels: { app: jitsi-jvb }
spec:
nodeSelector:
kubernetes.io/hostname: titan-22
kubernetes.io/arch: amd64
containers:
- name: jvb
image: jitsi/jvb:stable
ports:
- { name: colibri-ws, containerPort: 9090, protocol: TCP } # WebSocket control channel
- { name: rtp-udp, containerPort: 10000, hostPort: 10000, protocol: UDP } # media
env:
- { name: XMPP_DOMAIN, value: "meet.jitsi" }
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
- { name: XMPP_SERVER, value: "jitsi-prosody.jitsi.svc.cluster.local" }
- { name: JVB_AUTH_USER, value: "jvb" }
- name: JVB_AUTH_PASSWORD
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JVB_AUTH_PASSWORD } }
- { name: JVB_BREWERY_MUC, value: "jvbbrewery" }
- { name: JVB_PORT, value: "10000" } # matches hostPort above
- { name: ENABLE_COLIBRI_WEBSOCKET, value: "1" } # enables /colibri-ws
- { name: JVB_STUN_SERVERS, value: "stun.l.google.com:19302,stun1.l.google.com:19302,meet-jit-si-turnrelay.jitsi.net:443" }
# For pure speed you can advertise your public IP here if STUN is flaky:
# - name: JVB_ADVERTISE_IPS
# value: "YOUR.PUBLIC.IP.ADDR"
volumeMounts:
- { name: cfg, mountPath: /config }
volumes:
- name: cfg
persistentVolumeClaim: { claimName: jitsi-jvb-config }
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jitsi-web
namespace: jitsi
spec:
replicas: 1
selector:
matchLabels: { app: jitsi-web }
template:
metadata:
labels: { app: jitsi-web }
spec:
nodeSelector:
kubernetes.io/hostname: titan-22
kubernetes.io/arch: amd64
containers:
- name: web
image: jitsi/web:stable
ports:
- { name: http, containerPort: 80, protocol: TCP }
env:
- { name: PUBLIC_URL, value: "https://meet.bstein.dev" }
- { name: XMPP_DOMAIN, value: "meet.jitsi" }
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
- { name: XMPP_BOSH_URL_BASE, value: "http://jitsi-prosody.jitsi.svc.cluster.local:5280" }
- { name: ENABLE_XMPP_WEBSOCKET, value: "1" }
- { name: ENABLE_COLIBRI_WEBSOCKET, value: "1" }
# Optional: lower default quality a bit for tough links
# - { name: RESOLUTION, value: "360" }
volumeMounts:
- { name: cfg, mountPath: /config }
volumes:
- name: cfg
persistentVolumeClaim: { claimName: jitsi-web-config }
Reference in New Issue Copy Permalink