# services/communication/livekit.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: livekit
  labels:
    app: livekit
spec:
  replicas: 1
  selector:
    matchLabels:
      app: livekit
  template:
    metadata:
      labels:
        app: livekit
    spec:
      enableServiceLinks: false
      nodeSelector:
        hardware: rpi5
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 50
              preference:
                matchExpressions:
                  - key: hardware
                    operator: In
                    values: ["rpi5","rpi4"]
      containers:
        - name: livekit
          image: livekit/livekit-server:v1.9.0
          command:
            - /bin/sh
            - -c
            - |
              set -euo pipefail
              umask 077
              printf "%s: %s\n" "${LIVEKIT_API_KEY_ID}" "${LIVEKIT_API_SECRET}" > /var/run/livekit/keys
              chmod 600 /var/run/livekit/keys
              exec /livekit-server --config /etc/livekit/livekit.yaml --key-file /var/run/livekit/keys
          env:
            - name: LIVEKIT_API_KEY_ID
              value: primary
            - name: LIVEKIT_API_SECRET
              valueFrom:
                secretKeyRef:
                  name: livekit-api
                  key: primary
            - name: LIVEKIT_RTC__TURN_SERVERS_0__USERNAME
              value: livekit
            - name: LIVEKIT_RTC__TURN_SERVERS_0__CREDENTIAL
              valueFrom:
                secretKeyRef:
                  name: turn-shared-secret
                  key: TURN_STATIC_AUTH_SECRET
            - name: LIVEKIT_RTC__TURN_SERVERS_1__USERNAME
              value: livekit
            - name: LIVEKIT_RTC__TURN_SERVERS_1__CREDENTIAL
              valueFrom:
                secretKeyRef:
                  name: turn-shared-secret
                  key: TURN_STATIC_AUTH_SECRET
          ports:
            - containerPort: 7880
              name: http
              protocol: TCP
            - containerPort: 7881
              name: tcp-media
              protocol: TCP
            - containerPort: 7882
              name: udp-media
              protocol: UDP
          volumeMounts:
            - name: config
              mountPath: /etc/livekit
            - name: runtime-keys
              mountPath: /var/run/livekit
          resources:
            requests:
              cpu: 500m
              memory: 512Mi
            limits:
              cpu: "2"
              memory: 1Gi
      volumes:
        - name: config
          configMap:
            name: livekit-config
            items:
              - key: livekit.yaml
                path: livekit.yaml
        - name: runtime-keys
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: livekit
  annotations:
    metallb.universe.tf/address-pool: communication-pool
spec:
  type: LoadBalancer
  loadBalancerClass: metallb
  loadBalancerIP: 192.168.22.6
  selector:
    app: livekit
  ports:
    - name: http
      port: 7880
      targetPort: 7880
      protocol: TCP
    - name: tcp-media
      port: 7881
      targetPort: 7881
      protocol: TCP
    - name: udp-media
      port: 7882
      targetPort: 7882
      protocol: UDP