54 lines
1.8 KiB
YAML
54 lines
1.8 KiB
YAML
# services/jitsi/launcher-deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: jitsi-launcher
|
|
namespace: jitsi
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels: { app: jitsi-launcher }
|
|
template:
|
|
metadata:
|
|
labels: { app: jitsi-launcher }
|
|
spec:
|
|
serviceAccountName: jitsi
|
|
nodeSelector:
|
|
kubernetes.io/hostname: titan-22
|
|
kubernetes.io/arch: amd64
|
|
containers:
|
|
- name: launcher
|
|
image: docker.io/tiangolo/uvicorn-gunicorn-fastapi:python3.11-slim
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- { name: JWT_SECRET_FILE, value: "/var/lib/jitsi-jwt/jwt" }
|
|
- { name: JWT_ISSUER, value: "https://sso.bstein.dev/realms/atlas" }
|
|
- { name: JWT_AUDIENCE, value: "jitsi" }
|
|
- { name: JWT_APP_ID, value: "jitsi" }
|
|
- { name: PUBLIC_URL, value: "https://meet.bstein.dev" }
|
|
# Allow any authenticated user to mint; tighten later by setting comma list
|
|
- { name: ALLOWED_GROUPS, value: "" }
|
|
- { name: JWT_TTL_SECONDS, value: "600" }
|
|
ports:
|
|
- { name: http, containerPort: 80 }
|
|
volumeMounts:
|
|
- { name: app, mountPath: /app/main.py, subPath: app.py }
|
|
- { name: jwt, mountPath: /var/lib/jitsi-jwt, readOnly: true }
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 80
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
volumes:
|
|
- name: app
|
|
configMap:
|
|
name: jitsi-launcher
|
|
defaultMode: 0444
|
|
- name: jwt
|
|
csi:
|
|
driver: secrets-store.csi.k8s.io
|
|
readOnly: true
|
|
volumeAttributes:
|
|
secretProviderClass: jitsi-jwt
|