# services/comms/livekit-token-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: livekit-token-service labels: app: livekit-token-service spec: replicas: 1 selector: matchLabels: app: livekit-token-service template: metadata: labels: app: livekit-token-service annotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-livekit-env: "kv/data/atlas/comms/livekit-api" vault.hashicorp.com/agent-inject-template-livekit-env: | {{- with secret "kv/data/atlas/comms/livekit-api" -}} export LIVEKIT_SECRET="{{ .Data.data.primary }}" {{- end -}} spec: serviceAccountName: comms-vault imagePullSecrets: - name: harbor-regcred hostAliases: - ip: "10.43.6.87" hostnames: - live.bstein.dev - matrix.live.bstein.dev - kit.live.bstein.dev nodeSelector: hardware: rpi5 affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 50 preference: matchExpressions: - key: hardware operator: In values: ["rpi5","rpi4"] containers: - name: token-service image: registry.bstein.dev/tools/lk-jwt-service-vault:0.3.0 env: - name: LIVEKIT_URL value: wss://kit.live.bstein.dev/livekit/sfu - name: LIVEKIT_KEY value: primary - name: VAULT_ENV_FILE value: /vault/secrets/livekit-env - name: LIVEKIT_FULL_ACCESS_HOMESERVERS value: live.bstein.dev ports: - containerPort: 8080 name: http resources: requests: cpu: 50m memory: 128Mi limits: cpu: 300m memory: 256Mi volumes: --- apiVersion: v1 kind: Service metadata: name: livekit-token-service spec: selector: app: livekit-token-service ports: - name: http port: 8080 targetPort: 8080