fix(cluster): run multiple instances

master
taktakpeops 4 years ago
parent d161729e19
commit 93ea9b8bed
  1. 19
      jitsi-meet/configs/jicofo/sip-communicator.properties
  2. 13
      jitsi-meet/configs/jvb/logging.properties
  3. 7
      jitsi-meet/configs/jvb/sip-communicator.properties
  4. 106
      jitsi-meet/configs/prosody/jitsi-meet.cfg.lua
  5. 146
      jitsi-meet/configs/prosody/prosody.cfg.lua
  6. 48
      jitsi-meet/templates/_helpers.tpl
  7. 100
      jitsi-meet/templates/deployment-jvb.yaml
  8. 8
      jitsi-meet/templates/ingress-web.yaml
  9. 4
      jitsi-meet/templates/jicofo-config.yaml
  10. 9
      jitsi-meet/templates/jicofo-sip-config.yaml
  11. 111
      jitsi-meet/templates/jvb-deployment.yaml
  12. 31
      jitsi-meet/templates/jvb-service.yaml
  13. 8
      jitsi-meet/templates/jvb-sip-config.yaml
  14. 11
      jitsi-meet/templates/prosody-cfg-cm.yaml
  15. 5
      jitsi-meet/templates/prosody-service.yaml
  16. 99
      jitsi-meet/templates/prosody-statefulset.yaml
  17. 25
      jitsi-meet/templates/service-jvb.yaml
  18. 16
      jitsi-meet/templates/service-web-jwt.yaml
  19. 9
      jitsi-meet/templates/tcp-routes.yaml
  20. 9
      jitsi-meet/templates/udp-routes.yaml
  21. 14
      jitsi-meet/templates/web-deployment.yaml
  22. 56
      jitsi-meet/templates/web-jwt-deployment.yaml
  23. 31
      jitsi-meet/values.yaml

@ -0,0 +1,19 @@
org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
org.jitsi.jicofo.BRIDGE_MUC={{ .Env.JVB_BREWERY_MUC }}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}
{{ if and .Env.JIBRI_BREWERY_MUC .Env.JIBRI_PENDING_TIMEOUT }}
org.jitsi.jicofo.jibri.BREWERY={{ .Env.JIBRI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}
org.jitsi.jicofo.jibri.PENDING_TIMEOUT={{ .Env.JIBRI_PENDING_TIMEOUT }}
{{ end }}
{{ if and .Env.JIGASI_SIP_URI .Env.JIGASI_BREWERY_MUC }}
org.jitsi.jicofo.jigasi.BREWERY={{ .Env.JIGASI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}
{{ end }}
{{ if .Env.ENABLE_AUTH | default "0" | toBool }}
org.jitsi.jicofo.auth.URL=XMPP:{{ .Env.XMPP_DOMAIN }}
{{ end }}
{{ if .Env.JICOFO_RESERVATION_REST_BASE_URL }}
org.jitsi.impl.reservation.rest.BASE_URL={{ .Env.JICOFO_RESERVATION_REST_BASE_URL }}
{{ end }}

@ -0,0 +1,13 @@
handlers= java.util.logging.ConsoleHandler
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
net.java.sip.communicator.util.ScLogFormatter.programname=JVB
.level=INFO
org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE
# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING

@ -18,11 +18,6 @@ org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ .Env.JVB_BREWERY_MUC }}@{{ .En
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ .Env.HOSTNAME }}
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.ENABLE_STATISTICS={{ .Env.ENABLE_STATISTICS }}
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.STATISTICS_INTERVAL=5000
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=pubsub
org.jitsi.videobridge.PUBSUB_SERVICE={{ .Env.XMPP_DOMAIN }}
org.jitsi.videobridge.PUBSUB_NODE=sharedStatsNode

@ -0,0 +1,106 @@
admins = { {{ .Env.JVB_ADMINS }} }
plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
http_default_host = "{{ .Env.XMPP_DOMAIN }}"
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }}
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }}
{{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }}
{{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }}
{{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" }}
{{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
{{ end }}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_AUDIENCES }}
asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" }
{{ end }}
VirtualHost "{{ .Env.XMPP_DOMAIN }}"
{{ if $ENABLE_AUTH }}
{{ if eq $AUTH_TYPE "jwt" }}
authentication = "{{ $JWT_AUTH_TYPE }}"
app_id = "{{ .Env.JWT_APP_ID }}"
app_secret = "{{ .Env.JWT_APP_SECRET }}"
allow_empty_token = {{ if $JWT_ALLOW_EMPTY }}true{{ else }}false{{ end }}
{{ if $JWT_ASAP_KEYSERVER }}
asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}"
{{ end }}
{{ else if eq $AUTH_TYPE "ldap" }}
authentication = "cyrus"
cyrus_application_name = "xmpp"
allow_unencrypted_plain_auth = true
{{ else if eq $AUTH_TYPE "internal" }}
authentication = "internal_hashed"
{{ end }}
{{ else }}
authentication = "anonymous"
{{ end }}
ssl = {
key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key";
certificate = "/config/certs/{{ .Env.XMPP_DOMAIN }}.crt";
}
modules_enabled = {
"bosh";
"pubsub";
"ping";
"speakerstats";
"conference_duration";
{{ if eq $AUTH_TYPE "jwt" }}
"{{ $JWT_TOKEN_AUTH_MODULE }}";
{{ end }}
{{ if .Env.XMPP_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}";
{{ end }}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "ldap") }}
"auth_cyrus";
{{end}}
}
speakerstats_component = "speakerstats.{{ .Env.XMPP_DOMAIN }}"
conference_duration_component = "conferenceduration.{{ .Env.XMPP_DOMAIN }}"
c2s_require_encryption = false
{{ if and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) }}
VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}"
authentication = "anonymous"
c2s_require_encryption = false
{{ end }}
VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}"
ssl = {
key = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.key";
certificate = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.crt";
}
authentication = "internal_hashed"
{{ if .Env.XMPP_RECORDER_DOMAIN }}
VirtualHost "{{ .Env.XMPP_RECORDER_DOMAIN }}"
modules_enabled = {
"ping";
}
authentication = "internal_hashed"
{{ end }}
Component "{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" "muc"
modules_enabled = {
"ping";
{{ if .Env.XMPP_INTERNAL_MUC_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.XMPP_INTERNAL_MUC_MODULES) }}";
{{ end }}
}
storage = "memory"
muc_room_cache_size = 1000
Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
storage = "memory"
modules_enabled = {
{{ if .Env.XMPP_MUC_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
{{ end }}
{{ if eq $AUTH_TYPE "jwt" }}
"{{ $JWT_TOKEN_AUTH_MODULE }}";
{{ end }}
}
muc_room_locking = false
muc_room_default_public_jids = true
Component "focus.{{ .Env.XMPP_DOMAIN }}"
component_secret = "{{ .Env.JICOFO_COMPONENT_SECRET }}"
Component "speakerstats.{{ .Env.XMPP_DOMAIN }}" "speakerstats_component"
muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}"
Component "conferenceduration.{{ .Env.XMPP_DOMAIN }}" "conference_duration_component"
muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}"

@ -0,0 +1,146 @@
{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }}
-- Prosody Example Configuration File
--
-- Information on configuring Prosody can be found on our
-- website at http://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running: luac -p prosody.cfg.lua
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the
-- blanks. Good luck, and happy Jabbering!
---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts
-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see http://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { {{ .Env.JVB_ADMINS }} }
-- Enable use of libevent for better performance under high load
-- For more information see: http://prosody.im/doc/libevent
--use_libevent = true;
-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation on modules can be found at: http://prosody.im/doc/modules
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- These are commented by default as they have a performance impact
--"privacy"; -- Support privacy lists
--"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
--"groups"; -- Shared roster support
--"announce"; -- Send announcement to all online users
--"welcome"; -- Welcome users who register accounts
--"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
{{ if .Env.GLOBAL_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}";
{{ end }}
};
consider_bosh_secure = true;
https_ports = { }
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
-- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
};
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
daemonize = false;
pidfile = "/config/data/prosody.pid";
-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.
c2s_require_encryption = false
-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see http://prosody.im/doc/s2s#security
s2s_secure_auth = false
-- Many servers don't support encryption or have invalid or self-signed
-- certificates. You can list domains here that will not be required to
-- authenticate using certificates. They will be authenticated using DNS.
--s2s_insecure_domains = { "gmail.com" }
-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.
--s2s_secure_domains = { "jabber.org" }
-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.
authentication = "internal_hashed"
-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See http://prosody.im/doc/storage for more info.
--storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the
-- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work)
-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-- Logging configuration
-- For advanced logging see http://prosody.im/doc/logging
--
-- Debian:
-- Logs info and higher to /var/log
-- Logs errors to syslog also
log = {
{ levels = {min = "{{ $LOG_LEVEL }}"}, to = "console"};
}
{{ if .Env.GLOBAL_CONFIG }}
{{ join "\n" (splitList "\\n" .Env.GLOBAL_CONFIG) }}
{{ end }}
-- Enable use of native prosody 0.11 support for epoll over select
network_backend = "epoll";
-- Set the TCP backlog to 511 since the kernel rounds it up to the next power of 2: 512.
network_settings = {
tcp_backlog = 511;
}
component_interface = { "*" }
data_path = "/config/data"
Include "conf.d/*.cfg.lua"

@ -6,64 +6,72 @@ Expand the name of the chart.
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "jitsi-meet.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the web server name
*/}}
{{- define "jitsi-meet.name-web" -}}
{{- default .Chart.Name "web" | trimSuffix "-" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" $name "web" | trunc 63 -}}
{{- end -}}
{{/*
Create the XMPP server name
*/}}
{{- define "jitsi-meet.name-prosody" -}}
{{- default .Chart.Name "prosody" | trimSuffix "-" -}}
{{- printf "%s-%s" .Chart.Name "prosody" | trunc 63 -}}
{{- end -}}
{{/*
Create the jicofo cmp name
*/}}
{{- define "jitsi-meet.name-jicofo" -}}
{{- default .Chart.Name "jicofo" | trimSuffix "-" -}}
{{- printf "%s-%s" .Chart.Name "jicofo" | trunc 63 -}}
{{- end -}}
{{/*
Create the jicofo config name
*/}}
{{- define "jitsi-meet.name-jicofo-config" -}}
{{- default .Chart.Name "jicofo" "config" | trimSuffix "-" -}}
{{- printf "%s-%s" .Chart.Name "jicofo-config" | trunc 63 -}}
{{- end -}}
{{/*
Create the jvb server name
*/}}
{{- define "jitsi-meet.name-jvb" -}}
{{- default .Chart.Name "jvb" | trimSuffix "-" -}}
{{- printf "%s-%s" .Chart.Name "jvb" | trunc 63 -}}
{{- end -}}
{{/*
Create the jvb config name
*/}}
{{- define "jitsi-meet.name-jvb-config" -}}
{{- default .Chart.Name "jvb" "config" | trimSuffix "-" -}}
{{- printf "%s-%s" .Chart.Name "jvb-config" | trunc 63 -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
Create the sidecar name for jwt auth
*/}}
{{- define "jitsi-meet.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- define "jitsi-meet.name-jwt-sidecar" -}}
{{- printf "%s-%s" .Chart.Name "jwt" | trunc 63 -}}
{{- end -}}
{{/*

@ -1,100 +0,0 @@
{{- $xmppServer := include "jitsi-meet.name-prosody" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "jitsi-meet.name-jvb" . }}
labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
spec:
serviceName: {{ include "jitsi-meet.name-jvb" . }}
replicas: {{ .Values.jvb.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "jitsi-meet.name-jvb" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "jitsi-meet.name-jvb" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.jvb.podSecurityContext | nindent 8 }}
containers:
- name: {{ include "jitsi-meet.name-jvb" . }}
image: "{{ .Values.jvb.image.repository }}:{{ .Values.jvb.image.tag }}"
imagePullPolicy: {{ .Values.jvb.image.pullPolicy }}
env:
- name: XMPP_SERVER
value: {{ include "jitsi-meet.name-prosody" . }}
{{- if .Values.jicofo.userAuth.enabled }}
- name: JICOFO_AUTH_USER
value: {{ .Values.jicofo.userAuth.name }}
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "jitsi-meet.name-jicofo-config" . }}
key: JICOFO_AUTH_PASSWORD
{{- end }}
{{- if .Values.jvb.userAuth.enabled }}
- name: JVB_AUTH_USER
value: {{ .Values.jvb.userAuth.name }}
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "jitsi-meet.name-jvb-config" . }}
key: JVB_AUTH_PASSWORD
{{- end }}
{{ if .Values.jicofo.componentSecret }}
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "jitsi-meet.name-jicofo-config" . }}
key: JICOFO_COMPONENT_SECRET
{{ end }}
- name: JVB_PORT
value: "30300"
{{- with .Values.jvb.environment }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: video
containerPort: 30300
protocol: UDP
volumeMounts:
- name: dockersock
mountPath: "/var/run/docker.sock"
- name: config
mountPath: "/var/app"
lifecycle:
podStart:
exec:
- /bin/bash
- -c
- cp /var/app/sip-communicator.properties /config/sip-communicator.properties
resources:
{{- toYaml .Values.jvb.resources | nindent 12 }}
volumes:
- name: dockersock
hostPath:
path: /var/run/docker.sock
- name: config
configMap:
name: {{ template "jitsi-meet.name-jvb-config" . }}-cm
{{- with .Values.jvb.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jvb.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jvb.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

@ -31,8 +31,14 @@ spec:
- host: {{ .host | quote }}
http:
paths:
{{- if .oauth }}
- path: /oauth2
backend:
serviceName: "{{ $fullName }}-jwt"
servicePort: 4180
{{- end }}
{{- range .paths }}
- path: {{ . }}
- path: {{ . | quote }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}

@ -5,7 +5,7 @@ metadata:
labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
data:
{{ if .Values.jicofo.userAuth.enabled }}
{{- if .Values.jicofo.userAuth.enabled }}
JICOFO_AUTH_PASSWORD: {{ .Values.jicofo.userAuth.secret | quote }}
{{ end }}
{{- end }}
JICOFO_COMPONENT_SECRET: {{ .Values.jicofo.componentSecret | quote }}

@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "jitsi-meet.name-jicofo-config" . }}-cm
labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
data:
sip-communicator.properties: |-
{{- .Files.Get "configs/jicofo/sip-communicator.properties" | nindent 4 }}

@ -0,0 +1,111 @@
{{- $root := . -}}
{{- $name := include "jitsi-meet.name-jvb" $root -}}
{{- range $index, $nbr := until (.Values.prosody.replicaCount | int) }}
---
{{- $depName := printf "%s-%d" $name $nbr -}}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ $depName | quote }}
labels:
{{ include "jitsi-meet.labels" $root | indent 4 }}
spec:
replicas: {{ $root.Values.jvb.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ $depName | quote }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ $depName | quote }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
spec:
{{- with $root.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "jitsi-meet.serviceAccountName" $root }}
securityContext:
{{- toYaml $root.Values.jvb.securityContext | nindent 8 }}
containers:
- name: {{ $name | quote }}
image: {{ printf "%s:%s" $root.Values.jvb.image.repository $root.Values.jvb.image.tag | quote }}
imagePullPolicy: {{ $root.Values.jvb.image.pullPolicy | quote }}
securityContext:
capabilities:
add:
- SYS_RESOURCE
- NET_ADMIN
{{- with $root.Values.jvb.podSecurityContext }}
{{- toYaml . | nindent 12 }}
{{- end }}
env:
- name: XMPP_SERVER
value: {{ include "jitsi-meet.name-prosody" $root }}
- name: PROSODY_INSTANCE
value: {{ printf "%d" $nbr | quote }}
{{- if $root.Values.jicofo.userAuth.enabled }}
- name: JICOFO_AUTH_USER
value: {{ $root.Values.jicofo.userAuth.name }}
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "jitsi-meet.name-jicofo-config" $root }}
key: JICOFO_AUTH_PASSWORD
{{- end }}
{{- if $root.Values.jvb.userAuth.enabled }}
- name: JVB_AUTH_USER
value: {{ $root.Values.jvb.userAuth.name }}
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "jitsi-meet.name-jvb-config" $root }}
key: JVB_AUTH_PASSWORD
{{- end }}
{{- if $root.Values.jicofo.componentSecret }}
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "jitsi-meet.name-jicofo-config" $root }}
key: JICOFO_COMPONENT_SECRET
{{- end }}
- name: JVB_PORT
value: {{ printf "%s%s" "3030" (toString $nbr) | quote }}
{{- with $root.Values.jvb.environment }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with $root.Values.common.environment }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: video
containerPort: {{ printf "%s%s" "3030" (toString $nbr) | int }}
protocol: UDP
volumeMounts:
- name: dockersock
mountPath: "/var/run/docker.sock"
- name: config
mountPath: "/defaults"
resources:
{{- toYaml $root.Values.jvb.resources | nindent 12 }}
volumes:
- name: dockersock
hostPath:
path: /var/run/docker.sock
- name: config
configMap:
name: {{ template "jitsi-meet.name-jvb-config" $root }}-cm
{{- with $root.Values.jvb.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $root.Values.jvb.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $root.Values.jvb.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

@ -0,0 +1,31 @@
{{- $root := . }}
{{- $name := include "jitsi-meet.name-jvb" $root }}
{{- range $index, $nbr := until (.Values.prosody.replicaCount | int) }}
{{- $port := printf "%s%s" "3030" (toString $nbr) }}
{{- $target := printf "%s-%d" $name $nbr}}
apiVersion: v1
kind: Service
metadata:
name: {{ $target | quote }}
labels:
{{ include "jitsi-meet.labels" $root | indent 4 }}
{{- with $root.Values.jvb.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: NodePort
externalTrafficPolicy: Local
sessionAffinity: {{ $root.Values.jvb.service.sessionAffinity }}
{{- if $root.Values.jvb.service.sessionAffinityConfig }}
{{- toYaml $root.Values.jvb.service.sessionAffinityConfig }}
{{- end }}
ports:
- port: {{ atoi $port }}
protocol: UDP
targetPort: video
nodePort: {{ atoi $port }}
selector:
app.kubernetes.io/name: {{ $target | quote }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
{{- end }}

@ -5,7 +5,7 @@ metadata:
labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
data:
{{- range $path, $d := .Files.Glob "configs/jvb/*.properties" }}
{{- $path }}: |-
{{- $d | toString | nindent 4 }}
{{- end }}
sip-communicator.properties: |-
{{- .Files.Get "configs/jvb/sip-communicator.properties" | nindent 4 }}
logging.properties: |-
{{- .Files.Get "configs/jvb/logging.properties" | nindent 4 }}

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "jitsi-meet.name-prosody" . }}-config-cm
labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
data:
prosody.cfg.lua: |-
{{- .Files.Get "configs/prosody/prosody.cfg.lua" | b64enc | nindent 4 }}
jitsi-meet.cfg.lua: |-
{{- .Files.Get "configs/prosody/jitsi-meet.cfg.lua" | b64enc | nindent 4 }}

@ -7,11 +7,11 @@ metadata:
spec:
type: {{ .Values.prosody.service.type }}
ports:
- port: {{ .Values.prosody.service.portC2S1 }}
- port: 5222
targetPort: c2s1
protocol: TCP
name: c2s1
- port: {{ .Values.prosody.service.portC2S2 }}
- port: 5269
targetPort: c2s2
protocol: TCP
name: c2s2
@ -23,6 +23,7 @@ spec:
targetPort: xmpp
protocol: TCP
name: xmpp
sessionAffinity: ClientIP
selector:
app.kubernetes.io/name: {{ include "jitsi-meet.name-prosody" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

@ -1,11 +1,12 @@
apiVersion: apps/v1
kind: Deployment
kind: StatefulSet
metadata:
name: {{ include "jitsi-meet.name-prosody" . }}
labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
spec:
replicas: {{ .Values.jicofo.replicaCount }}
serviceName: {{ include "jitsi-meet.name-prosody" . }}
replicas: {{ .Values.prosody.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "jitsi-meet.name-prosody" . }}
@ -55,15 +56,27 @@ spec:
name: {{ template "jitsi-meet.name-jvb-config" . }}
key: JVB_AUTH_PASSWORD
{{- end }}
{{- if .Values.prosody.auth.enabled }}
- name: ENABLE_AUTH
value: "1"
- name: ENABLE_GUESTS
value: {{ .Values.prosody.auth.guest | quote }}
- name: AUTH_TYPE
value: {{ .Values.prosody.auth.type | quote }}
{{- end }}
{{- range .Values.prosody.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
{{- range .Values.common.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
ports:
- containerPort: 5222
protocol: TCP
name: c2s1
- containerPort: 5322
- containerPort: 5269
protocol: TCP
name: c2s2
- containerPort: 5280
@ -72,8 +85,22 @@ spec:
- containerPort: 5347
protocol: TCP
name: xmpp
# lifecycle:
# postStart:
# exec:
# command:
# - /bin/bash
# - -c
# - cat /var/app/prosody.cfg.lua | base64 -d > /defaults/prosody.cfg.lua
# - cat /var/app/jitsi-meet.cfg.lua | base64 -d > /defaults/conf.d/jitsi-meet.cfg.lua
# # {{ if .Values.prosody.auth.enabled }}
# # - prosodyctl --config /config/prosody.cfg.lua register me $XMPP_DOMAIN $JVB_AUTH_PASSWORD;
# # {{ end }}
resources:
{{- toYaml .Values.prosody.resources | nindent 12 }}
volumeMounts:
- name: config-prosody
mountPath: "/var/app"
- name: {{ include "jitsi-meet.name-jicofo" . }}
image: "{{ .Values.jicofo.image.repository }}:{{ .Values.jicofo.image.tag }}"
imagePullPolicy: {{ .Values.jicofo.image.pullPolicy }}
@ -101,13 +128,77 @@ spec:
key: JICOFO_COMPONENT_SECRET
{{ end }}
- name: XMPP_SERVER
value: localhost
value: "localhost"
{{- if .Values.prosody.auth.enabled }}
- name: ENABLE_AUTH
value: "1"
{{- end }}
{{- range .Values.jicofo.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
{{- range .Values.common.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
resources:
{{- toYaml .Values.jicofo.resources | nindent 12 }}
# lifecycle:
# postStart:
# exec:
# command:
# - /bin/bash
# - -c
# - cp /var/app/sip-communicator.properties /defaults/sip-communicator.properties
volumeMounts:
- name: config-jicofo
mountPath: "/var/app"
{{ if .Values.prosody.recorder }}
- name: {{ include "jitsi-meet.name-jibri" . }}
image: "{{ .Values.jibri.image.repository }}:{{ .Values.jibri.image.tag }}"
imagePullPolicy: {{ .Values.jibri.image.pullPolicy }}
securityContext:
# required to record sound
privileged: true
capabilities:
add:
- SYS_RESOURCE
- NET_BIND_SERVICE
{{- with .Values.jibri.podSecurityContext }}
{{- toYaml . | nindent 12 }}
{{- end }}
env:
- name: XMPP_SERVER
value: localhost
{{- range .Values.jibri.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
{{- range .Values.common.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
volumeMounts:
- mountPath: /dev/shm
name: shm
- mountPath: /dev/snd
name: dev-snd
{{ end }}
volumes:
- name: config-jicofo
configMap:
name: {{ template "jitsi-meet.name-jicofo-config" . }}-cm
- name: config-prosody
configMap:
name: {{ template "jitsi-meet.name-prosody" . }}-config-cm
{{ if .Values.prosody.recorder }}
- name: shm
hostPath:
path: /dev/shm
- name: dev-snd
hostPath:
path: /dev/snd
{{ end }}
{{- with .Values.prosody.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

@ -1,25 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "jitsi-meet.name-jvb" . }}
labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
{{- with .Values.jvb.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: NodePort
externalTrafficPolicy: Local
sessionAffinity: {{ .Values.jvb.service.sessionAffinity }}
{{ if .Values.jvb.service.sessionAffinityConfig }}
{{- toYaml .Values.jvb.service.sessionAffinityConfig }}
{{ end }}
ports:
- port: 30300
protocol: UDP
targetPort: video
nodePort: 30300
selector:
app.kubernetes.io/name: {{ include "jitsi-meet.name-jvb" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "jitsi-meet.name-web" . }}-jwt
labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
spec:
type: {{ .Values.web.service.type }}
ports:
- port: 4180
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: {{ include "jitsi-meet.name-web" . }}-jwt
app.kubernetes.io/instance: {{ .Release.Name }}

@ -1,9 +0,0 @@
{{- if .Values.jvb.ingress.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: {{ .Values.serviceAccount.create }}
data:
{{ include "jitsi-meet.tcp-route-table-entry" . }}
{{- end -}}

@ -1,9 +0,0 @@
{{- if .Values.jvb.ingress.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: udp-services
namespace: {{ .Values.serviceAccount.create }}
data:
{{ include "jitsi-meet.udp-route-table-entry" . }}
{{- end -}}

@ -32,7 +32,7 @@ spec:
env:
- name: XMPP_SERVER
value: {{ include "jitsi-meet.name-prosody" . }}
{{ if .Values.jicofo.userAuth.enabled }}
{{- if .Values.jicofo.userAuth.enabled }}
- name: JICOFO_AUTH_USER
value: {{ .Values.jicofo.userAuth.name }}
- name: JICOFO_AUTH_PASSWORD
@ -40,7 +40,7 @@ spec:
secretKeyRef:
name: {{ include "jitsi-meet.name-jicofo-config" . }}
key: JICOFO_AUTH_PASSWORD
{{ end }}
{{- end }}
{{- if .Values.jvb.userAuth.enabled }}
- name: JVB_AUTH_USER
value: {{ .Values.jvb.userAuth.name }}
@ -50,12 +50,22 @@ spec:
name: {{ template "jitsi-meet.name-jvb-config" . }}
key: JVB_AUTH_PASSWORD
{{- end }}
{{- if .Values.prosody.auth.enabled }}
- name: ENABLE_AUTH
value: "1"
- name: ENABLE_GUESTS
value: {{ .Values.prosody.auth.guest | quote }}
{{- end }}
- name: XMPP_BOSH_URL_BASE
value: "http://{{ include "jitsi-meet.name-prosody" . }}:5280"
{{- range .Values.web.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
{{- range .Values.common.environment }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
ports:
- name: http
containerPort: 80

@ -0,0 +1,56 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "jitsi-meet.name-web" . }}-jwt
labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
spec:
replicas: {{ .Values.web.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "jitsi-meet.name-web" . }}-jwt
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "jitsi-meet.name-web" . }}-jwt
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "jitsi-meet.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ include "jitsi-meet.name-jwt-sidecar" . }}
image: quay.io/oauth2-proxy/oauth2-proxy:latest
imagePullPolicy: IfNotPresent
args:
- --http-address=0.0.0.0:4180
{{- range $key, $value := .Values.web.jwtsidecar.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: 4180
protocol: TCP
resources:
{{- toYaml .Values.web.jwtsidecar.resources | nindent 12 }}
{{- with .Values.web.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.web.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.web.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

@ -5,6 +5,8 @@
image:
pullSecrets: []
webHost: jitsi.meet.local
web:
image:
repository: jitsi/web
@ -14,6 +16,9 @@ web:
- name: ENABLE_LETSENCRYPT
value: false
replicaCount: 1
jwtsidecar:
extraArgs: {}
resources: {}
hpa:
enabled: false
minReplicas: 1
@ -30,6 +35,7 @@ web:
annotations: []
hosts:
- host: jitsi.meet.local
oauth: false
paths: []
tls: []
resources: {}
@ -37,14 +43,24 @@ web:
tolerations: []
affinity: {}
jibri:
image:
repository: jitsi/jibri
tag: latest
pullPolicy: Always
environment: []
resources: {}
prosody:
auth:
enabled: true
guest: 0
type: internal
image:
repository: jitsi/prosody
tag: latest
pullPolicy: Always
environment:
- name: ENABLE_GUEST
value: true
environment: []
replicaCount: 1
service:
annotations: []
@ -71,6 +87,7 @@ prosody:
nodeSelector: {}
tolerations: []
affinity: {}
recorder: false
jicofo: # jicofo is used as a sidecar container for every prosody instance
image:
@ -94,14 +111,16 @@ jvb:
replicaCount: 1
securityContext:
fsGroup: 412
podSecurityContext:
capabilities:
add:
- SYS_RESOURCE
- NET_ADMIN
service:
annotations: []
type: NodePort
externalTrafficPolicy: Cluster
sessionAffinity: None
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
ingress:
enabled: false
resources: {}

Loading…
Cancel
Save