# services/jitsi/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: jitsi-prosody namespace: jitsi spec: replicas: 1 selector: matchLabels: { app: jitsi-prosody } template: metadata: labels: { app: jitsi-prosody } spec: nodeSelector: kubernetes.io/hostname: titan-22 # keep everything on titan-22 for simplicity kubernetes.io/arch: amd64 containers: - name: prosody image: jitsi/prosody:stable ports: - { name: c2s, containerPort: 5222, protocol: TCP } - { name: http, containerPort: 5280, protocol: TCP } - { name: comp, containerPort: 5347, protocol: TCP } env: - { name: XMPP_DOMAIN, value: "meet.jitsi" } - { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" } - { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" } - { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" } - { name: ENABLE_AUTH, value: "0" } # open instance, no auth (fastest path) - { name: ENABLE_GUESTS, value: "1" } - { name: JICOFO_AUTH_USER, value: "focus" } - { name: JVB_AUTH_USER, value: "jvb" } - name: JICOFO_AUTH_PASSWORD valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_AUTH_PASSWORD } } - name: JICOFO_COMPONENT_SECRET valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_COMPONENT_SECRET } } - name: JVB_AUTH_PASSWORD valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JVB_AUTH_PASSWORD } } volumeMounts: - { name: cfg, mountPath: /config } volumes: - name: cfg persistentVolumeClaim: { claimName: jitsi-prosody-config } --- apiVersion: apps/v1 kind: Deployment metadata: name: jitsi-jicofo namespace: jitsi spec: replicas: 1 selector: matchLabels: { app: jitsi-jicofo } template: metadata: labels: { app: jitsi-jicofo } spec: nodeSelector: kubernetes.io/hostname: titan-22 kubernetes.io/arch: amd64 containers: - name: jicofo image: jitsi/jicofo:stable env: - { name: XMPP_DOMAIN, value: "meet.jitsi" } - { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" } - { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" } - { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" } - { name: XMPP_SERVER, value: "jitsi-prosody.jitsi.svc.cluster.local" } - { name: JICOFO_AUTH_USER, value: "focus" } - name: JICOFO_AUTH_PASSWORD valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_AUTH_PASSWORD } } - name: JICOFO_COMPONENT_SECRET valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_COMPONENT_SECRET } } - { name: JVB_BREWERY_MUC, value: "jvbbrewery" } volumeMounts: - { name: cfg, mountPath: /config } volumes: - name: cfg persistentVolumeClaim: { claimName: jitsi-jicofo-config } --- apiVersion: apps/v1 kind: Deployment metadata: name: jitsi-jvb namespace: jitsi spec: replicas: 1 selector: matchLabels: { app: jitsi-jvb } template: metadata: labels: { app: jitsi-jvb } spec: nodeSelector: kubernetes.io/hostname: titan-22 kubernetes.io/arch: amd64 containers: - name: jvb image: jitsi/jvb:stable ports: - { name: colibri-ws, containerPort: 9090, protocol: TCP } # WebSocket control channel - { name: rtp-udp, containerPort: 10000, hostPort: 10000, protocol: UDP } # media - { name: rtp-tcp, containerPort: 4443, hostPort: 4443, protocol: TCP } env: - { name: XMPP_DOMAIN, value: "meet.jitsi" } - { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" } - { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" } - { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" } - { name: XMPP_SERVER, value: "jitsi-prosody.jitsi.svc.cluster.local" } - { name: JVB_AUTH_USER, value: "jvb" } - name: JVB_AUTH_PASSWORD valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JVB_AUTH_PASSWORD } } - { name: JVB_BREWERY_MUC, value: "jvbbrewery" } - { name: JVB_PORT, value: "10000" } # matches hostPort above - { name: ENABLE_COLIBRI_WEBSOCKET, value: "1" } # enables /colibri-ws # - { name: JVB_STUN_SERVERS, value: "stun.l.google.com:19302,stun1.l.google.com:19302,meet-jit-si-turnrelay.jitsi.net:443" } - { name: JVB_ENABLE_APIS, value: "rest,colibri" } - { name: JVB_WS_DOMAIN, value: "meet.bstein.dev:443" } - { name: JVB_WS_TLS, value: "true" } - { name: JVB_ADVERTISE_IPS, value: "38.28.125.112" } - { name: JVB_TCP_HARVESTER_DISABLED, value: "false" } - { name: JVB_TCP_PORT, value: "4443" } volumeMounts: - { name: cfg, mountPath: /config } volumes: - name: cfg persistentVolumeClaim: { claimName: jitsi-jvb-config } --- apiVersion: apps/v1 kind: Deployment metadata: name: jitsi-web namespace: jitsi spec: replicas: 1 selector: matchLabels: { app: jitsi-web } template: metadata: labels: { app: jitsi-web } spec: nodeSelector: kubernetes.io/hostname: titan-22 kubernetes.io/arch: amd64 containers: - name: web image: jitsi/web:stable ports: - { name: http, containerPort: 80, protocol: TCP } env: - { name: PUBLIC_URL, value: "https://meet.bstein.dev" } - { name: XMPP_DOMAIN, value: "meet.jitsi" } - { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" } - { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" } - { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" } - { name: XMPP_BOSH_URL_BASE, value: "https://meet.bstein.dev" } - { name: ENABLE_XMPP_WEBSOCKET, value: "1" } - { name: ENABLE_COLIBRI_WEBSOCKET, value: "1" } volumeMounts: - { name: cfg, mountPath: /config } volumes: - name: cfg persistentVolumeClaim: { claimName: jitsi-web-config }