diff --git a/jitsi-meet-examples/aws/README.md b/jitsi-meet-examples/aws/README.md new file mode 100644 index 0000000..28fa06a --- /dev/null +++ b/jitsi-meet-examples/aws/README.md @@ -0,0 +1,71 @@ +# AWS EKS Example + +An example for creating an EKS cluster and deploying Jitsi in EKS. + +## Installation + +Make sure that you Helm (v2+) and the AWS CLI installed on your machine. Clone this repository and go to `jitsi-meet-examples/aws`. + +AWS offers a free tier that can be used for test purposes, more info [here](https://aws.amazon.com/free/). + +In this folder, you can find a CloudFormation template creating an EKS cluster and its VPC along with an EKS node group. A folder called `k8s` contains all the manifest to deploy for installing NGinx ingress, CertManager and ACME issuer. + +### Creating the cluster + +First, go to your AWS Console in EC2 -> Key Pairs and create a new key called `eks-dev-nodes`. It will be used later for granting SSH access to the nodes. + +To create the cluster, make sure that your AWS CLI is correctly setup and authenticated. In your terminal, run the following command: + +```bash +aws cloudformation create-stack --stack-name eks-cluster --template-body="$(cat ./cloudformation.yaml)" --capabilities=CAPABILITY_IAM +``` + +After the stack got created, retrieve the credentials for updating your `kubeconfig` by running `aws eks update-kubeconfig --name dev`. + +### Setting up the cluster +Run `helm init` to install `tiller` in your cluster. In case you want to user a service account + a role binding, deploy at first `k8s/rbac-config-helm.yaml` (edit namespace name and service account manifest according to your need. Default is creating a `helm` namespace forcing to suffix all commands with `--tiller-namespace=helm` for executing the different commands). + +Once it's done, deploy the ingress controller using the values specified in `k8s/ingress-values.yaml` by doing the following in your terminal: + +```bash +kubectl create ns ingress +helm upgrade -f ./k8s/ingress-values.yaml ingress stable/nginx-ingress --namespace ingress -i --wait +``` + +After it completes, deploy CertManager in the cluster: + +```bash +kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml +helm repo add jetstack https://charts.jetstack.io +helm repo update +helm upgrade cert-manager jetstack/cert-manager --namespace ingress --version v0.11.0 -i --wait +kubectl apply -f ./k8s/letsencrypt.yaml +``` + +### Creating the DNS +For creating the DNS, I used [`https://my.freenom.com/`](https://my.freenom.com/) which offers free `.tk` domain name. + +For administrating the DNS, I decided to use [`Cloudflare`](https://www.cloudflare.com/pricing/) with a free-account. + +After creating your DNS, update the name servers to point to the Cloudflare ones. Once it's done, go to your AWS console in EC2 -> Load Balancers. Look for the ingress NLB and add its domain name as CNAME entry in Cloudflare. Create a new subdomain for Jitsi: add a new CNAME entry for your domain name in Cloudflare targetting the NLB URL. The NLB will take care of redirecting the traffic to the correct ingress controller. + +### Deploying Jitsi +Now that the cluster is setup, we can deploy Jitsi Meet in the cluster. Make sure that you edit the value of `web.ingress.hosts[0].host` to target the domain name created in the previous step. + +Run the following command in your terminal: +```bash +kubectl create ns jitsi +helm upgrade jitsi ../../jitsi-meet -f ./jitsi-values.yaml --namespace jitsi -i --wait +``` + +Once the installation is complete, go back to the AWS console in EC2 -> Security Groups. Look for the security group prefixed with the name prefixed with `eks-remoteAccess`. Go to the `inbound rules` and add a custom rule for opening the port 30300 for UDP. + +After it's done, launch a session and enjoy a call ! + +### Cleaning the deployment + +To clean up the deployment, delete the Cloudformation stack by running `aws cloudformation delete-stack --stack-name jitsi`. + +## Contributing + +In case you have questions, found an issue or simply want to improve the example, feel free to open an issue or a pull-requests. Both are welcome !