90 lines
2.3 KiB
YAML
90 lines
2.3 KiB
YAML
# services/comms/livekit-token-deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: livekit-token-service
|
|
labels:
|
|
app: livekit-token-service
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: livekit-token-service
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: livekit-token-service
|
|
spec:
|
|
serviceAccountName: comms-vault
|
|
nodeSelector:
|
|
hardware: rpi5
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 50
|
|
preference:
|
|
matchExpressions:
|
|
- key: hardware
|
|
operator: In
|
|
values: ["rpi5","rpi4"]
|
|
hostAliases:
|
|
- ip: 10.43.60.6
|
|
hostnames:
|
|
- live.bstein.dev
|
|
containers:
|
|
- name: token-service
|
|
image: ghcr.io/element-hq/lk-jwt-service:0.3.0
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
. /vault/scripts/comms_vault_env.sh
|
|
exec /lk-jwt-service
|
|
env:
|
|
- name: LIVEKIT_URL
|
|
value: wss://kit.live.bstein.dev/livekit/sfu
|
|
- name: LIVEKIT_KEY
|
|
value: primary
|
|
- name: LIVEKIT_FULL_ACCESS_HOMESERVERS
|
|
value: live.bstein.dev
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
volumeMounts:
|
|
- name: vault-secrets
|
|
mountPath: /vault/secrets
|
|
readOnly: true
|
|
- name: vault-scripts
|
|
mountPath: /vault/scripts
|
|
readOnly: true
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 300m
|
|
memory: 256Mi
|
|
volumes:
|
|
- name: vault-secrets
|
|
csi:
|
|
driver: secrets-store.csi.k8s.io
|
|
readOnly: true
|
|
volumeAttributes:
|
|
secretProviderClass: comms-vault
|
|
- name: vault-scripts
|
|
configMap:
|
|
name: comms-vault-env
|
|
defaultMode: 0555
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: livekit-token-service
|
|
spec:
|
|
selector:
|
|
app: livekit-token-service
|
|
ports:
|
|
- name: http
|
|
port: 8080
|
|
targetPort: 8080
|