bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

communication: render LiveKit TURN creds

Browse Source
This commit is contained in:
Brad Stein 2026-01-01 11:31:39 -03:00
parent 5c59640bf5
commit beb975182a
2 changed files with 35 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
services/communication/livekit-config.yaml
View File

@ -14,11 +14,17 @@ data:
- host: turn.live.bstein.dev - host: turn.live.bstein.dev
port: 5349 port: 5349
protocol: tls protocol: tls
username: livekit
credential: "@@TURN_PASSWORD@@"
- host: turn.live.bstein.dev - host: turn.live.bstein.dev
port: 3478 port: 3478
protocol: tcp protocol: tcp
username: livekit
credential: "@@TURN_PASSWORD@@"
- host: turn.live.bstein.dev - host: turn.live.bstein.dev
port: 3478 port: 3478
protocol: udp protocol: udp
username: livekit
credential: "@@TURN_PASSWORD@@"
room: room:
auto_create: false auto_create: false

52
services/communication/livekit.yaml
View File

@ -13,7 +13,7 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
checksum/config: livekit-config-v4 checksum/config: livekit-config-v5
labels: labels:
app: livekit app: livekit
spec: spec:
@ -29,6 +29,30 @@ spec:
- key: hardware - key: hardware
operator: In operator: In
values: ["rpi5","rpi4"] values: ["rpi5","rpi4"]
initContainers:
- name: render-config
image: alpine:3.20
command: ["/bin/sh","-c"]
args:
- |
set -euo pipefail
umask 077
TURN_PASSWORD_ESCAPED="$(printf '%s' "${TURN_PASSWORD}" | sed 's/[\\/&]/\\&/g')"
sed "s/@@TURN_PASSWORD@@/${TURN_PASSWORD_ESCAPED}/g" /etc/livekit-template/livekit.yaml > /etc/livekit/livekit.yaml
chmod 0644 /etc/livekit/livekit.yaml
env:
- name: TURN_PASSWORD
valueFrom:
secretKeyRef:
name: turn-shared-secret
key: TURN_STATIC_AUTH_SECRET
volumeMounts:
- name: config-template
mountPath: /etc/livekit-template
readOnly: true
- name: config
mountPath: /etc/livekit
readOnly: false
containers: containers:
- name: livekit - name: livekit
image: livekit/livekit-server:v1.9.0 image: livekit/livekit-server:v1.9.0
@ -49,27 +73,6 @@ spec:
secretKeyRef: secretKeyRef:
name: livekit-api name: livekit-api
key: primary key: primary
- name: LIVEKIT_RTC__TURN_SERVERS_0__USERNAME
value: livekit
- name: LIVEKIT_RTC__TURN_SERVERS_0__CREDENTIAL
valueFrom:
secretKeyRef:
name: turn-shared-secret
key: TURN_STATIC_AUTH_SECRET
- name: LIVEKIT_RTC__TURN_SERVERS_1__USERNAME
value: livekit
- name: LIVEKIT_RTC__TURN_SERVERS_1__CREDENTIAL
valueFrom:
secretKeyRef:
name: turn-shared-secret
key: TURN_STATIC_AUTH_SECRET
- name: LIVEKIT_RTC__TURN_SERVERS_2__USERNAME
value: livekit
- name: LIVEKIT_RTC__TURN_SERVERS_2__CREDENTIAL
valueFrom:
secretKeyRef:
name: turn-shared-secret
key: TURN_STATIC_AUTH_SECRET
ports: ports:
- containerPort: 7880 - containerPort: 7880
name: http name: http
@ -86,6 +89,7 @@ spec:
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: /etc/livekit mountPath: /etc/livekit
readOnly: true
- name: runtime-keys - name: runtime-keys
mountPath: /var/run/livekit mountPath: /var/run/livekit
resources: resources:
@ -96,12 +100,14 @@ spec:
cpu: "2" cpu: "2"
memory: 1Gi memory: 1Gi
volumes: volumes:
- name: config - name: config-template
configMap: configMap:
name: livekit-config name: livekit-config
items: items:
- key: livekit.yaml - key: livekit.yaml
path: livekit.yaml path: livekit.yaml
- name: config
emptyDir: {}
- name: runtime-keys - name: runtime-keys
emptyDir: {} emptyDir: {}
--- ---