titan-iac/services/comms/livekit-token-deployment.yaml

# services/comms/livekit-token-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: livekit-token-service
  labels:
    app: livekit-token-service
spec:
  replicas: 1
  selector:
    matchLabels:
      app: livekit-token-service
  template:
    metadata:
      labels:
        app: livekit-token-service
      annotations:
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/role: "comms"
        vault.hashicorp.com/agent-inject-secret-livekit-env: "kv/data/atlas/comms/livekit-api"
        vault.hashicorp.com/agent-inject-template-livekit-env: |
          {{- with secret "kv/data/atlas/comms/livekit-api" -}}
          export LIVEKIT_SECRET="{{ .Data.data.primary }}"
          {{- end -}}
    spec:
      serviceAccountName: comms-vault
      imagePullSecrets:
        - name: harbor-regcred
      nodeSelector:
        hardware: rpi5
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 50
              preference:
                matchExpressions:
                  - key: hardware
                    operator: In
                    values: ["rpi5","rpi4"]
      hostAliases:
        - ip: 10.43.60.6
          hostnames:
            - live.bstein.dev
      containers:
        - name: token-service
          image: registry.bstein.dev/tools/lk-jwt-service-vault:0.3.0
          env:
            - name: LIVEKIT_URL
              value: wss://kit.live.bstein.dev/livekit/sfu
            - name: LIVEKIT_KEY
              value: primary
            - name: VAULT_ENV_FILE
              value: /vault/secrets/livekit-env
            - name: LIVEKIT_FULL_ACCESS_HOMESERVERS
              value: live.bstein.dev
          ports:
            - containerPort: 8080
              name: http
          resources:
            requests:
              cpu: 50m
              memory: 128Mi
            limits:
              cpu: 300m
              memory: 256Mi
      volumes:
---
apiVersion: v1
kind: Service
metadata:
  name: livekit-token-service
spec:
  selector:
    app: livekit-token-service
  ports:
    - name: http
      port: 8080
      targetPort: 8080
comms: consolidate stack manifests 2026-01-08 01:55:58 -03:00			`# services/comms/livekit-token-deployment.yaml`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: livekit-token-service`
			`labels:`
			`app: livekit-token-service`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: livekit-token-service`
			`template:`
			`metadata:`
			`labels:`
			`app: livekit-token-service`
vault: inject remaining services with wrappers 2026-01-14 17:29:09 -03:00			`annotations:`
			`vault.hashicorp.com/agent-inject: "true"`
			`vault.hashicorp.com/role: "comms"`
			`vault.hashicorp.com/agent-inject-secret-livekit-env: "kv/data/atlas/comms/livekit-api"`
			`vault.hashicorp.com/agent-inject-template-livekit-env: \|`
			`{{- with secret "kv/data/atlas/comms/livekit-api" -}}`
			`export LIVEKIT_SECRET="{{ .Data.data.primary }}"`
			`{{- end -}}`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`spec:`
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`serviceAccountName: comms-vault`
vault: inject remaining services with wrappers 2026-01-14 17:29:09 -03:00			`imagePullSecrets:`
			`- name: harbor-regcred`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`nodeSelector:`
			`hardware: rpi5`
			`affinity:`
			`nodeAffinity:`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 50`
			`preference:`
			`matchExpressions:`
			`- key: hardware`
			`operator: In`
			`values: ["rpi5","rpi4"]`
			`hostAliases:`
			`- ip: 10.43.60.6`
			`hostnames:`
			`- live.bstein.dev`
			`containers:`
			`- name: token-service`
vault: inject remaining services with wrappers 2026-01-14 17:29:09 -03:00			`image: registry.bstein.dev/tools/lk-jwt-service-vault:0.3.0`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`env:`
			`- name: LIVEKIT_URL`
			`value: wss://kit.live.bstein.dev/livekit/sfu`
			`- name: LIVEKIT_KEY`
			`value: primary`
vault: inject remaining services with wrappers 2026-01-14 17:29:09 -03:00			`- name: VAULT_ENV_FILE`
			`value: /vault/secrets/livekit-env`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`- name: LIVEKIT_FULL_ACCESS_HOMESERVERS`
			`value: live.bstein.dev`
			`ports:`
			`- containerPort: 8080`
			`name: http`
			`resources:`
			`requests:`
			`cpu: 50m`
			`memory: 128Mi`
			`limits:`
			`cpu: 300m`
			`memory: 256Mi`
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`volumes:`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: livekit-token-service`
			`spec:`
			`selector:`
			`app: livekit-token-service`
			`ports:`
			`- name: http`
			`port: 8080`
			`targetPort: 8080`