bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jitsi: require auth to start rooms; vault ui default oidc

Browse Source
This commit is contained in:
Brad Stein 2025-12-24 20:11:29 -03:00
parent bbe4fb2cff
commit cf2e4c8bb2
4 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
services/jitsi/deployment.yaml
View File

@ -15,6 +15,21 @@ spec:
nodeSelector: nodeSelector:
kubernetes.io/hostname: titan-22 kubernetes.io/hostname: titan-22
kubernetes.io/arch: amd64 kubernetes.io/arch: amd64
initContainers:
- name: prosody-bootstrap-auth
image: jitsi/prosody:stable
command: ["/bin/sh","-c"]
args:
- |
set -euo pipefail
prosodyctl --config /config/prosody.cfg.lua register "${JITSI_AUTH_USER}" meet.jitsi "${JITSI_AUTH_PASSWORD}" || true
env:
- name: JITSI_AUTH_USER
valueFrom: { secretKeyRef: { name: jitsi-auth-user, key: username } }
- name: JITSI_AUTH_PASSWORD
valueFrom: { secretKeyRef: { name: jitsi-auth-user, key: password } }
volumeMounts:
- { name: cfg, mountPath: /config }
containers: containers:
- name: prosody - name: prosody
image: jitsi/prosody:stable image: jitsi/prosody:stable
@ -27,8 +42,10 @@ spec:
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" } - { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" } - { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" } - { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
- { name: ENABLE_AUTH, value: "0" } # open instance, no auth (fastest path) - { name: ENABLE_AUTH, value: "1" }
- { name: ENABLE_GUESTS, value: "1" } - { name: ENABLE_GUESTS, value: "1" }
- { name: AUTH_TYPE, value: "internal" }
- { name: XMPP_GUEST_DOMAIN, value: "guest.meet.jitsi" }
- { name: JICOFO_AUTH_USER, value: "focus" } - { name: JICOFO_AUTH_USER, value: "focus" }
- { name: JVB_AUTH_USER, value: "jvb" } - { name: JVB_AUTH_USER, value: "jvb" }
- name: JICOFO_AUTH_PASSWORD - name: JICOFO_AUTH_PASSWORD
@ -181,6 +198,7 @@ spec:
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" } - { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" } - { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" } - { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
- { name: XMPP_GUEST_DOMAIN, value: "guest.meet.jitsi" }
- { name: XMPP_BOSH_URL_BASE, value: "https://meet.bstein.dev" } - { name: XMPP_BOSH_URL_BASE, value: "https://meet.bstein.dev" }
- { name: ENABLE_XMPP_WEBSOCKET, value: "1" } - { name: ENABLE_XMPP_WEBSOCKET, value: "1" }
- { name: ENABLE_COLIBRI_WEBSOCKET, value: "1" } - { name: ENABLE_COLIBRI_WEBSOCKET, value: "1" }

1
services/jitsi/kustomization.yaml
View File

@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- namespace.yaml - namespace.yaml
- secret-auth-user.yaml
- deployment.yaml - deployment.yaml
- service.yaml - service.yaml
- pvc.yaml - pvc.yaml

9
services/jitsi/secret-auth-user.yaml Normal file
View File

@ -0,0 +1,9 @@
# services/jitsi/secret-auth-user.yaml
apiVersion: v1
kind: Secret
metadata:
name: jitsi-auth-user
namespace: jitsi
stringData:
username: brad
password: qvUqX5foh2zyM0th

3
services/vault/configmap.yaml
View File

@ -9,6 +9,9 @@ data:
ui = true ui = true
cluster_name = "vault-k8s" cluster_name = "vault-k8s"
disable_mlock = true disable_mlock = true
ui {
default_auth_method = "oidc"
}
listener "tcp" { listener "tcp" {
address = "0.0.0.0:8200" address = "0.0.0.0:8200"