bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/communication/coturn.yaml

324 lines
7.2 KiB
YAML
Raw Normal View History

communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
# services/communication/coturn.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: coturn
labels:
app: coturn
spec:
replicas: 1
selector:
matchLabels:
app: coturn
template:
metadata:
labels:
app: coturn
spec:
nodeSelector:
hardware: rpi5
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 50
preference:
matchExpressions:
- key: hardware
operator: In
values: ["rpi5","rpi4"]
containers:
- name: coturn
image: ghcr.io/coturn/coturn:4.6.2
command:
- /bin/sh
- -c
- |
exec /usr/bin/turnserver \
--no-cli \
--fingerprint \
--lt-cred-mech \
--user=livekit:"${TURN_STATIC_AUTH_SECRET}" \
--realm=live.bstein.dev \
--listening-port=3478 \
--tls-listening-port=5349 \
--min-port=50000 \
--max-port=50050 \
--cert=/etc/coturn/tls/tls.crt \
--pkey=/etc/coturn/tls/tls.key \
--log-file=stdout \
--no-software-attribute
env:
- name: TURN_STATIC_AUTH_SECRET
valueFrom:
secretKeyRef:
name: turn-shared-secret
key: TURN_STATIC_AUTH_SECRET
ports:
- name: turn-udp
containerPort: 3478
protocol: UDP
- name: turn-tcp
containerPort: 3478
protocol: TCP
- name: turn-tls
containerPort: 5349
protocol: TCP
volumeMounts:
- name: tls
mountPath: /etc/coturn/tls
readOnly: true
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: "2"
memory: 512Mi
volumes:
- name: tls
secret:
secretName: turn-live-tls
---
apiVersion: v1
kind: Service
metadata:
name: coturn
annotations:
metallb.universe.tf/address-pool: communication-pool
spec:
type: LoadBalancer
loadBalancerClass: metallb
loadBalancerIP: 192.168.22.5
selector:
app: coturn
ports:
- name: turn-udp
port: 3478
targetPort: 3478
protocol: UDP
- name: turn-tcp
port: 3478
targetPort: 3478
protocol: TCP
- name: turn-tls
port: 5349
targetPort: 5349
protocol: TCP
# Expose relay range for UDP media
- name: relay-50000
port: 50000
targetPort: 50000
protocol: UDP
- name: relay-50001
port: 50001
targetPort: 50001
protocol: UDP
- name: relay-50002
port: 50002
targetPort: 50002
protocol: UDP
- name: relay-50003
port: 50003
targetPort: 50003
protocol: UDP
- name: relay-50004
port: 50004
targetPort: 50004
protocol: UDP
- name: relay-50005
port: 50005
targetPort: 50005
protocol: UDP
- name: relay-50006
port: 50006
targetPort: 50006
protocol: UDP
- name: relay-50007
port: 50007
targetPort: 50007
protocol: UDP
- name: relay-50008
port: 50008
targetPort: 50008
protocol: UDP
- name: relay-50009
port: 50009
targetPort: 50009
protocol: UDP
- name: relay-50010
port: 50010
targetPort: 50010
protocol: UDP
- name: relay-50011
port: 50011
targetPort: 50011
protocol: UDP
- name: relay-50012
port: 50012
targetPort: 50012
protocol: UDP
- name: relay-50013
port: 50013
targetPort: 50013
protocol: UDP
- name: relay-50014
port: 50014
targetPort: 50014
protocol: UDP
- name: relay-50015
port: 50015
targetPort: 50015
protocol: UDP
- name: relay-50016
port: 50016
targetPort: 50016
protocol: UDP
- name: relay-50017
port: 50017
targetPort: 50017
protocol: UDP
- name: relay-50018
port: 50018
targetPort: 50018
protocol: UDP
- name: relay-50019
port: 50019
targetPort: 50019
protocol: UDP
- name: relay-50020
port: 50020
targetPort: 50020
protocol: UDP
- name: relay-50021
port: 50021
targetPort: 50021
protocol: UDP
- name: relay-50022
port: 50022
targetPort: 50022
protocol: UDP
- name: relay-50023
port: 50023
targetPort: 50023
protocol: UDP
- name: relay-50024
port: 50024
targetPort: 50024
protocol: UDP
- name: relay-50025
port: 50025
targetPort: 50025
protocol: UDP
- name: relay-50026
port: 50026
targetPort: 50026
protocol: UDP
- name: relay-50027
port: 50027
targetPort: 50027
protocol: UDP
- name: relay-50028
port: 50028
targetPort: 50028
protocol: UDP
- name: relay-50029
port: 50029
targetPort: 50029
protocol: UDP
- name: relay-50030
port: 50030
targetPort: 50030
protocol: UDP
- name: relay-50031
port: 50031
targetPort: 50031
protocol: UDP
- name: relay-50032
port: 50032
targetPort: 50032
protocol: UDP
- name: relay-50033
port: 50033
targetPort: 50033
protocol: UDP
- name: relay-50034
port: 50034
targetPort: 50034
protocol: UDP
- name: relay-50035
port: 50035
targetPort: 50035
protocol: UDP
- name: relay-50036
port: 50036
targetPort: 50036
protocol: UDP
- name: relay-50037
port: 50037
targetPort: 50037
protocol: UDP
- name: relay-50038
port: 50038
targetPort: 50038
protocol: UDP
- name: relay-50039
port: 50039
targetPort: 50039
protocol: UDP
- name: relay-50040
port: 50040
targetPort: 50040
protocol: UDP
- name: relay-50041
port: 50041
targetPort: 50041
protocol: UDP
- name: relay-50042
port: 50042
targetPort: 50042
protocol: UDP
- name: relay-50043
port: 50043
targetPort: 50043
protocol: UDP
- name: relay-50044
port: 50044
targetPort: 50044
protocol: UDP
- name: relay-50045
port: 50045
targetPort: 50045
protocol: UDP
- name: relay-50046
port: 50046
targetPort: 50046
protocol: UDP
- name: relay-50047
port: 50047
targetPort: 50047
protocol: UDP
- name: relay-50048
port: 50048
targetPort: 50048
protocol: UDP
- name: relay-50049
port: 50049
targetPort: 50049
protocol: UDP
- name: relay-50050
port: 50050
targetPort: 50050
protocol: UDP
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: turn-live-cert
spec:
secretName: turn-live-tls
issuerRef:
name: letsencrypt
kind: ClusterIssuer
dnsNames:
- turn.live.bstein.dev
Reference in New Issue Copy Permalink