diff --git a/services/communication/livekit-config.yaml b/services/communication/livekit-config.yaml index 107271c..c39c783 100644 --- a/services/communication/livekit-config.yaml +++ b/services/communication/livekit-config.yaml @@ -14,11 +14,17 @@ data: - host: turn.live.bstein.dev port: 5349 protocol: tls + username: livekit + credential: "@@TURN_PASSWORD@@" - host: turn.live.bstein.dev port: 3478 protocol: tcp + username: livekit + credential: "@@TURN_PASSWORD@@" - host: turn.live.bstein.dev port: 3478 protocol: udp + username: livekit + credential: "@@TURN_PASSWORD@@" room: auto_create: false diff --git a/services/communication/livekit.yaml b/services/communication/livekit.yaml index 83c67e0..6de11e4 100644 --- a/services/communication/livekit.yaml +++ b/services/communication/livekit.yaml @@ -13,7 +13,7 @@ spec: template: metadata: annotations: - checksum/config: livekit-config-v4 + checksum/config: livekit-config-v5 labels: app: livekit spec: @@ -29,6 +29,30 @@ spec: - key: hardware operator: In values: ["rpi5","rpi4"] + initContainers: + - name: render-config + image: alpine:3.20 + command: ["/bin/sh","-c"] + args: + - | + set -euo pipefail + umask 077 + TURN_PASSWORD_ESCAPED="$(printf '%s' "${TURN_PASSWORD}" | sed 's/[\\/&]/\\&/g')" + sed "s/@@TURN_PASSWORD@@/${TURN_PASSWORD_ESCAPED}/g" /etc/livekit-template/livekit.yaml > /etc/livekit/livekit.yaml + chmod 0644 /etc/livekit/livekit.yaml + env: + - name: TURN_PASSWORD + valueFrom: + secretKeyRef: + name: turn-shared-secret + key: TURN_STATIC_AUTH_SECRET + volumeMounts: + - name: config-template + mountPath: /etc/livekit-template + readOnly: true + - name: config + mountPath: /etc/livekit + readOnly: false containers: - name: livekit image: livekit/livekit-server:v1.9.0 @@ -49,27 +73,6 @@ spec: secretKeyRef: name: livekit-api key: primary - - name: LIVEKIT_RTC__TURN_SERVERS_0__USERNAME - value: livekit - - name: LIVEKIT_RTC__TURN_SERVERS_0__CREDENTIAL - valueFrom: - secretKeyRef: - name: turn-shared-secret - key: TURN_STATIC_AUTH_SECRET - - name: LIVEKIT_RTC__TURN_SERVERS_1__USERNAME - value: livekit - - name: LIVEKIT_RTC__TURN_SERVERS_1__CREDENTIAL - valueFrom: - secretKeyRef: - name: turn-shared-secret - key: TURN_STATIC_AUTH_SECRET - - name: LIVEKIT_RTC__TURN_SERVERS_2__USERNAME - value: livekit - - name: LIVEKIT_RTC__TURN_SERVERS_2__CREDENTIAL - valueFrom: - secretKeyRef: - name: turn-shared-secret - key: TURN_STATIC_AUTH_SECRET ports: - containerPort: 7880 name: http @@ -86,6 +89,7 @@ spec: volumeMounts: - name: config mountPath: /etc/livekit + readOnly: true - name: runtime-keys mountPath: /var/run/livekit resources: @@ -96,12 +100,14 @@ spec: cpu: "2" memory: 1Gi volumes: - - name: config + - name: config-template configMap: name: livekit-config items: - key: livekit.yaml path: livekit.yaml + - name: config + emptyDir: {} - name: runtime-keys emptyDir: {} ---