218 lines
8.5 KiB
YAML
218 lines
8.5 KiB
YAML
# services/jitsi/deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: jitsi-prosody
|
|
namespace: jitsi
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels: { app: jitsi-prosody }
|
|
template:
|
|
metadata:
|
|
labels: { app: jitsi-prosody }
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: titan-22
|
|
kubernetes.io/arch: amd64
|
|
initContainers:
|
|
- name: prosody-bootstrap-auth
|
|
image: jitsi/prosody:stable
|
|
command: ["/bin/sh","-c"]
|
|
args:
|
|
- |
|
|
set -eu
|
|
prosodyctl --config /config/prosody.cfg.lua register "${JITSI_AUTH_USER}" meet.jitsi "${JITSI_AUTH_PASSWORD}" || true
|
|
env:
|
|
- name: JITSI_AUTH_USER
|
|
valueFrom: { secretKeyRef: { name: jitsi-auth-user, key: username } }
|
|
- name: JITSI_AUTH_PASSWORD
|
|
valueFrom: { secretKeyRef: { name: jitsi-auth-user, key: password } }
|
|
volumeMounts:
|
|
- { name: cfg, mountPath: /config }
|
|
containers:
|
|
- name: prosody
|
|
image: jitsi/prosody:stable
|
|
ports:
|
|
- { name: c2s, containerPort: 5222, protocol: TCP }
|
|
- { name: http, containerPort: 5280, protocol: TCP }
|
|
- { name: comp, containerPort: 5347, protocol: TCP }
|
|
env:
|
|
- { name: XMPP_DOMAIN, value: "meet.jitsi" }
|
|
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
|
|
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
|
|
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
|
|
- { name: ENABLE_AUTH, value: "1" }
|
|
- { name: ENABLE_GUESTS, value: "1" }
|
|
- { name: AUTH_TYPE, value: "internal" }
|
|
- { name: XMPP_GUEST_DOMAIN, value: "guest.meet.jitsi" }
|
|
- { name: JICOFO_AUTH_USER, value: "focus" }
|
|
- { name: JVB_AUTH_USER, value: "jvb" }
|
|
- name: JICOFO_AUTH_PASSWORD
|
|
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_AUTH_PASSWORD } }
|
|
- name: JICOFO_COMPONENT_SECRET
|
|
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_COMPONENT_SECRET } }
|
|
- name: JVB_AUTH_PASSWORD
|
|
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JVB_AUTH_PASSWORD } }
|
|
volumeMounts:
|
|
- { name: cfg, mountPath: /config }
|
|
volumes:
|
|
- name: cfg
|
|
persistentVolumeClaim: { claimName: jitsi-prosody-config }
|
|
|
|
---
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: jitsi-jicofo
|
|
namespace: jitsi
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels: { app: jitsi-jicofo }
|
|
template:
|
|
metadata:
|
|
labels: { app: jitsi-jicofo }
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: titan-22
|
|
kubernetes.io/arch: amd64
|
|
containers:
|
|
- name: jicofo
|
|
image: jitsi/jicofo:stable
|
|
env:
|
|
- { name: XMPP_DOMAIN, value: "meet.jitsi" }
|
|
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
|
|
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
|
|
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
|
|
- { name: XMPP_GUEST_DOMAIN, value: "guest.meet.jitsi" }
|
|
- { name: ENABLE_AUTH, value: "1" }
|
|
- { name: ENABLE_GUESTS, value: "1" }
|
|
- { name: AUTH_TYPE, value: "internal" }
|
|
- { name: XMPP_SERVER, value: "jitsi-prosody.jitsi.svc.cluster.local" }
|
|
- { name: JICOFO_AUTH_USER, value: "focus" }
|
|
- name: JICOFO_AUTH_PASSWORD
|
|
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_AUTH_PASSWORD } }
|
|
- name: JICOFO_COMPONENT_SECRET
|
|
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JICOFO_COMPONENT_SECRET } }
|
|
- { name: JVB_BREWERY_MUC, value: "jvbbrewery" }
|
|
volumeMounts:
|
|
- { name: cfg, mountPath: /config }
|
|
volumes:
|
|
- name: cfg
|
|
persistentVolumeClaim: { claimName: jitsi-jicofo-config }
|
|
|
|
---
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: jitsi-jvb
|
|
namespace: jitsi
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels: { app: jitsi-jvb }
|
|
template:
|
|
metadata:
|
|
labels: { app: jitsi-jvb }
|
|
spec:
|
|
initContainers:
|
|
- name: jvb-custom-config
|
|
image: busybox:1.36
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
set -euo pipefail
|
|
cp /custom-config/custom-jvb.conf /config/custom-jvb.conf
|
|
cp /custom-config/sip-communicator.properties /config/sip-communicator.properties
|
|
volumeMounts:
|
|
- { name: cfg, mountPath: /config }
|
|
- { name: jvb-custom, mountPath: /custom-config }
|
|
nodeSelector:
|
|
kubernetes.io/hostname: titan-22
|
|
kubernetes.io/arch: amd64
|
|
containers:
|
|
- name: jvb
|
|
image: jitsi/jvb:stable
|
|
ports:
|
|
- { name: colibri-ws, containerPort: 9090, protocol: TCP } # WebSocket control channel
|
|
- { name: rtp-udp, containerPort: 10000, hostPort: 10000, protocol: UDP } # media
|
|
- { name: rtp-tcp, containerPort: 4443, hostPort: 4443, protocol: TCP }
|
|
env:
|
|
- { name: XMPP_DOMAIN, value: "meet.jitsi" }
|
|
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
|
|
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
|
|
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
|
|
- { name: XMPP_GUEST_DOMAIN, value: "guest.meet.jitsi" }
|
|
- { name: XMPP_SERVER, value: "jitsi-prosody.jitsi.svc.cluster.local" }
|
|
- { name: JVB_AUTH_USER, value: "jvb" }
|
|
- name: JVB_AUTH_PASSWORD
|
|
valueFrom: { secretKeyRef: { name: jitsi-internal-secrets, key: JVB_AUTH_PASSWORD } }
|
|
- { name: JVB_BREWERY_MUC, value: "jvbbrewery" }
|
|
- { name: JVB_PORT, value: "10000" } # matches hostPort above
|
|
- { name: ENABLE_COLIBRI_WEBSOCKET, value: "1" } # enables /colibri-ws
|
|
# - { name: JVB_STUN_SERVERS, value: "stun.l.google.com:19302,stun1.l.google.com:19302,meet-jit-si-turnrelay.jitsi.net:443" }
|
|
- { name: JVB_ENABLE_APIS, value: "rest,colibri" }
|
|
- { name: JVB_WS_DOMAIN, value: "meet.bstein.dev" }
|
|
- { name: JVB_WS_TLS, value: "true" } # advertise wss:// for bridge channel
|
|
- { name: JVB_ADVERTISE_IPS, value: "38.28.125.112,192.168.22.22" }
|
|
- { name: JVB_TCP_HARVESTER_DISABLED, value: "false" }
|
|
- { name: JVB_TCP_PORT, value: "4443" }
|
|
- name: JVB_OPTS
|
|
value: "-Dorg.jitsi.videobridge.DISABLE_TCP_HARVESTER=false -Dorg.ice4j.ice.harvest.DISABLE_TCP_HARVESTER=false -Dorg.jitsi.videobridge.TCP_HARVESTER_PORT=4443 -Dorg.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=4443"
|
|
volumeMounts:
|
|
- { name: cfg, mountPath: /config }
|
|
volumes:
|
|
- name: cfg
|
|
persistentVolumeClaim: { claimName: jitsi-jvb-config }
|
|
- name: jvb-custom
|
|
configMap:
|
|
name: jitsi-jvb-custom-config
|
|
|
|
---
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: jitsi-web
|
|
namespace: jitsi
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels: { app: jitsi-web }
|
|
template:
|
|
metadata:
|
|
labels: { app: jitsi-web }
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: titan-22
|
|
kubernetes.io/arch: amd64
|
|
containers:
|
|
- name: web
|
|
image: jitsi/web:stable
|
|
ports:
|
|
- { name: http, containerPort: 80, protocol: TCP }
|
|
env:
|
|
- { name: PUBLIC_URL, value: "https://meet.bstein.dev" }
|
|
- { name: XMPP_DOMAIN, value: "meet.jitsi" }
|
|
- { name: XMPP_AUTH_DOMAIN, value: "auth.meet.jitsi" }
|
|
- { name: XMPP_MUC_DOMAIN, value: "muc.meet.jitsi" }
|
|
- { name: XMPP_INTERNAL_MUC_DOMAIN, value: "internal-muc.meet.jitsi" }
|
|
- { name: XMPP_GUEST_DOMAIN, value: "guest.meet.jitsi" }
|
|
- { name: ENABLE_AUTH, value: "1" }
|
|
- { name: ENABLE_GUESTS, value: "1" }
|
|
- { name: AUTH_TYPE, value: "internal" }
|
|
- { name: XMPP_BOSH_URL_BASE, value: "https://meet.bstein.dev" }
|
|
- { name: ENABLE_XMPP_WEBSOCKET, value: "1" }
|
|
- { name: ENABLE_COLIBRI_WEBSOCKET, value: "1" }
|
|
volumeMounts:
|
|
- { name: cfg, mountPath: /config }
|
|
volumes:
|
|
- name: cfg
|
|
persistentVolumeClaim: { claimName: jitsi-web-config }
|