JonasFranzDEV
/
jitsi-meet-helm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

feat(aws): add working example with AWS

Browse Source
master
taktakpeops 5 years ago
parent fc9d4f0175
commit 1fcb74a772
7 changed files with 448 additions and 35 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 264
      jitsi-meet-examples/aws/cloudformation.yaml
  2. 92
      jitsi-meet-examples/aws/jitsi-values.yaml
  3. 20
      jitsi-meet-examples/aws/k8s/ingress-values.yaml
  4. 14
      jitsi-meet-examples/aws/k8s/letsencrypt.yaml
  5. 23
      jitsi-meet-examples/aws/k8s/rbac-config-helm.yaml
  6. 68
      jitsi-meet/templates/deployment-prosody.yaml
  7. 2
      jitsi-meet/templates/service-jvb.yaml

264
jitsi-meet-examples/aws/cloudformation.yaml
Unescape View File

@ -0,0 +1,264 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: Jitsi platform
Parameters:
ClusterName:
Description: "Cluster name"
Type: String
Default: "dev"
Subnet1AvailabilityZone:
Description: "The availability zone for the subnet #1"
Type: "AWS::EC2::AvailabilityZone::Name"
Default: "us-east-1a"
Subnet2AvailabilityZone:
Description: "The availability zone for the subnet #2"
Type: "AWS::EC2::AvailabilityZone::Name"
Default: "us-east-1b"
Subnet3AvailabilityZone:
Description: "The availability zone for the subnet #3"
Type: "AWS::EC2::AvailabilityZone::Name"
Default: "us-east-1c"
Resources:
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- eks.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Resource: '*'
Action:
- autoscaling:DescribeAutoScalingGroups
- autoscaling:DescribeLaunchConfigurations
- autoscaling:DescribeTags
- ec2:DescribeInstances
- ec2:DescribeRegions
- ec2:DescribeAccountAttributes
- ec2:DescribeInternetGateways
- ec2:DescribeRouteTables
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVolumes
- ec2:CreateSecurityGroup
- ec2:CreateTags
- ec2:CreateVolume
- ec2:ModifyInstanceAttribute
- ec2:ModifyVolume
- ec2:AttachVolume
- ec2:AuthorizeSecurityGroupIngress
- ec2:CreateRoute
- ec2:DeleteRoute
- ec2:DeleteSecurityGroup
- ec2:DeleteVolume
- ec2:DetachVolume
- ec2:RevokeSecurityGroupIngress
- ec2:DescribeVpcs
- elasticloadbalancing:AddTags
- elasticloadbalancing:AttachLoadBalancerToSubnets
- elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
- elasticloadbalancing:CreateLoadBalancer
- elasticloadbalancing:CreateLoadBalancerPolicy
- elasticloadbalancing:CreateLoadBalancerListeners
- elasticloadbalancing:ConfigureHealthCheck
- elasticloadbalancing:DeleteLoadBalancer
- elasticloadbalancing:DeleteLoadBalancerListeners
- elasticloadbalancing:DescribeLoadBalancers
- elasticloadbalancing:DescribeLoadBalancerAttributes
- elasticloadbalancing:DetachLoadBalancerFromSubnets
- elasticloadbalancing:DeregisterInstancesFromLoadBalancer
- elasticloadbalancing:ModifyLoadBalancerAttributes
- elasticloadbalancing:RegisterInstancesWithLoadBalancer
- elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer
- elasticloadbalancing:AddTags
- elasticloadbalancing:CreateListener
- elasticloadbalancing:CreateTargetGroup
- elasticloadbalancing:DeleteListener
- elasticloadbalancing:DeleteTargetGroup
- elasticloadbalancing:DescribeListeners
- elasticloadbalancing:DescribeLoadBalancerPolicies
- elasticloadbalancing:DescribeTargetGroups
- elasticloadbalancing:DescribeTargetHealth
- elasticloadbalancing:ModifyListener
- elasticloadbalancing:ModifyTargetGroup
- elasticloadbalancing:RegisterTargets
- elasticloadbalancing:DeregisterTargets
- elasticloadbalancing:SetLoadBalancerPoliciesOfListener
- iam:CreateServiceLinkedRole
- kms:DescribeKey
PolicyName: 'eks-master'
ManagedPolicyArns:
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonEKSClusterPolicy'
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonEKSServicePolicy'
NodeInstanceRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- eks.amazonaws.com
Action:
- "sts:AssumeRole"
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- "sts:AssumeRole"
ManagedPolicyArns:
- !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEKSWorkerNodePolicy"
- !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEKS_CNI_Policy"
- !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess'
Policies:
- PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:DescribeInstances
- ec2:DescribeRegions
- ecr:GetAuthorizationToken
- ecr:BatchCheckLayerAvailability
- ecr:GetDownloadUrlForLayer
- ecr:GetRepositoryPolicy
- ecr:DescribeRepositories
- ecr:ListImages
- ecr:BatchGetImage
Resource: '*'
PolicyName: 'eks-node'
Path: /
Vpc:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: "10.0.0.0/24"
EnableDnsHostnames: true
EnableDnsSupport: true
PublicRouteTable:
Type: "AWS::EC2::RouteTable"
Properties:
VpcId: !Ref Vpc
Subnet1:
Type: "AWS::EC2::Subnet"
Properties:
CidrBlock: "10.0.0.0/26"
VpcId: !Ref Vpc
AvailabilityZone: !Ref Subnet1AvailabilityZone
MapPublicIpOnLaunch: true
Tags:
- Key: !Join
- "/"
- - "kubernetes.io/cluster"
- !Ref ClusterName
Value: shared
Subnet1Assoc:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref Subnet1
Subnet2:
Type: "AWS::EC2::Subnet"
Properties:
CidrBlock: "10.0.0.192/26"
VpcId: !Ref Vpc
AvailabilityZone: !Ref Subnet2AvailabilityZone
MapPublicIpOnLaunch: true
Tags:
- Key: !Join
- "/"
- - "kubernetes.io/cluster"
- !Ref ClusterName
Value: shared
Subnet2Assoc:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref Subnet2
# Elastic IP
Eip:
Type: AWS::EC2::EIP
DependsOn: VpcIgPairing
Properties:
Domain: vpc
# Gateways
InternetGateway:
Type: "AWS::EC2::InternetGateway"
InternetRoute:
Type: "AWS::EC2::Route"
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: "0.0.0.0/0"
GatewayId: !Ref InternetGateway
VpcIgPairing:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref Vpc
SecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: "Cluster SG"
GroupName: cluster-sg
VpcId: !Ref Vpc
SecurityGroupIngress:
- FromPort: 0
ToPort: 65535
IpProtocol: "-1"
CidrIp: "0.0.0.0/0"
SecurityGroupEgress:
- IpProtocol: "-1"
FromPort: 0
ToPort: 65535
CidrIp: "0.0.0.0/0"
Cluster:
Type: "AWS::EKS::Cluster"
Properties:
RoleArn: !GetAtt Role.Arn
Name: !Ref ClusterName
ResourcesVpcConfig:
SubnetIds:
- !Ref Subnet1
- !Ref Subnet2
SecurityGroupIds:
- !Ref SecurityGroup
BaseNodeGroup:
Type: "AWS::EKS::Nodegroup"
DependsOn: Cluster
Properties:
ClusterName: !Ref ClusterName
NodegroupName: base
AmiType: AL2_x86_64
RemoteAccess:
Ec2SshKey: "eks-dev-nodes"
SourceSecurityGroups:
- !Ref SecurityGroup
ScalingConfig:
MinSize: 2
DesiredSize: 3
MaxSize: 5
InstanceTypes:
- t2.small
NodeRole: !GetAtt NodeInstanceRole.Arn
Subnets:
- !Ref Subnet1
- !Ref Subnet2

92
jitsi-meet-examples/aws/jitsi-values.yaml
Unescape View File

@ -0,0 +1,92 @@
jicofo:
userAuth:
enabled: true
name: "focus"
secret: dG90bw==
componentSecret: dG90bw==
environment:
- name: TZ
value: Europe/Amsterdam
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
jvb:
userAuth:
enabled: true
name: "jvb"
secret: dG90bw==
environment:
- name: TZ
value: Europe/Amsterdam
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JVB_STUN_SERVERS
value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: DOCKER_HOST_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.hostIP
prosody:
environment:
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: TZ
value: Europe/Amsterdam
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
web:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt"
hosts:
- host: jitsi.meat-project.tk
paths:
- "/"
tls:
- hosts:
- jitsi.meat-project.tk
secretName: jitsi-web
environment:
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: TZ
value: America/Los_Angeles
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"

20
jitsi-meet-examples/aws/k8s/ingress-values.yaml
Unescape View File

@ -0,0 +1,20 @@
controller:
resources:
limits:
cpu: 150m
memory: 128Mi
requests:
cpu: 100m
memory: 64Mi
proxySetHeaders:
use-proxy-protocol: 'true'
proxy-real-ip-cidr: 'true'
autoscaling:
enabled: true
service:
externalTrafficPolicy: Local
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-type: nlb

14
jitsi-meet-examples/aws/k8s/letsencrypt.yaml
Unescape View File

@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: youremail@address.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-secret
solvers:
- http01:
ingress:
class: nginx

23
jitsi-meet-examples/aws/k8s/rbac-config-helm.yaml
Unescape View File

@ -0,0 +1,23 @@
apiVersion: v1
kind: Namespace
metadata:
name: helm
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: helm
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: helm

68
jitsi-meet/templates/deployment-prosody.yaml
Unescape View File

@ -24,40 +24,6 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
containers: containers:
- name: {{ include "jitsi-meet.name-jicofo" . }}
image: "{{ .Values.jicofo.image.repository }}:{{ .Values.jicofo.image.tag }}"
imagePullPolicy: {{ .Values.jicofo.image.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
ports:
- name: http
containerPort: 80
protocol: TCP
env:
{{ if .Values.jicofo.userAuth.enabled }}
- name: JICOFO_AUTH_USER
value: {{ .Values.jicofo.userAuth.name }}
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "jitsi-meet.name-jicofo-config" . }}
key: JICOFO_AUTH_PASSWORD
{{ end }}
{{ if .Values.jicofo.componentSecret }}
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "jitsi-meet.name-jicofo-config" . }}
key: JICOFO_COMPONENT_SECRET
{{ end }}
- name: XMPP_SERVER
value: localhost
{{- range .Values.jicofo.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
resources:
{{- toYaml .Values.jicofo.resources | nindent 12 }}
- name: {{ include "jitsi-meet.name-prosody" . }} - name: {{ include "jitsi-meet.name-prosody" . }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
@ -108,6 +74,40 @@ spec:
name: xmpp name: xmpp
resources: resources:
{{- toYaml .Values.prosody.resources | nindent 12 }} {{- toYaml .Values.prosody.resources | nindent 12 }}
- name: {{ include "jitsi-meet.name-jicofo" . }}
image: "{{ .Values.jicofo.image.repository }}:{{ .Values.jicofo.image.tag }}"
imagePullPolicy: {{ .Values.jicofo.image.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
ports:
- name: http
containerPort: 80
protocol: TCP
env:
{{ if .Values.jicofo.userAuth.enabled }}
- name: JICOFO_AUTH_USER
value: {{ .Values.jicofo.userAuth.name }}
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "jitsi-meet.name-jicofo-config" . }}
key: JICOFO_AUTH_PASSWORD
{{ end }}
{{ if .Values.jicofo.componentSecret }}
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "jitsi-meet.name-jicofo-config" . }}
key: JICOFO_COMPONENT_SECRET
{{ end }}
- name: XMPP_SERVER
value: localhost
{{- range .Values.jicofo.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
resources:
{{- toYaml .Values.jicofo.resources | nindent 12 }}
{{- with .Values.prosody.nodeSelector }} {{- with .Values.prosody.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

2
jitsi-meet/templates/service-jvb.yaml
Unescape View File

@ -10,7 +10,7 @@ metadata:
{{- end }} {{- end }}
spec: spec:
type: NodePort type: NodePort
externalTrafficPolicy: Cluster externalTrafficPolicy: Local
ports: ports:
- port: 30300 - port: 30300
protocol: UDP protocol: UDP

Write Preview
Loading…
Cancel
Save