You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
taktakpeops 87b2d8d00e feat(aws): setup with cognito + auth2_proxy + haproxy ing controller 4 years ago
k8s feat(aws): setup with cognito + auth2_proxy + haproxy ing controller 4 years ago
cloudformation.yaml feat(aws): setup with cognito + auth2_proxy + haproxy ing controller 4 years ago
jitsi-values.yaml feat(aws): setup with cognito + auth2_proxy + haproxy ing controller 4 years ago

AWS EKS Example

An example for creating an EKS cluster and deploying Jitsi in EKS.


Make sure that you Helm (v2+) and the AWS CLI installed on your machine. Clone this repository and go to jitsi-meet-examples/aws.

AWS offers a free tier that can be used for test purposes, more info here.

In this folder, you can find a CloudFormation template creating an EKS cluster and its VPC along with an EKS node group. A folder called k8s contains all the manifest to deploy for installing NGinx ingress, CertManager and ACME issuer.

Creating the cluster

First, go to your AWS Console in EC2 -> Key Pairs and create a new key called eks-dev-nodes. It will be used later for granting SSH access to the nodes.

To create the cluster, make sure that your AWS CLI is correctly setup and authenticated. In your terminal, run the following command:

aws cloudformation create-stack --stack-name eks-cluster --template-body="$(cat ./cloudformation.yaml)" --capabilities=CAPABILITY_IAM

After the stack got created, retrieve the credentials for updating your kubeconfig by running aws eks update-kubeconfig --name dev.

Setting up the cluster

Run helm init to install tiller in your cluster. In case you want to user a service account + a role binding, deploy at first k8s/rbac-config-helm.yaml (edit namespace name and service account manifest according to your need. Default is creating a helm namespace forcing to suffix all commands with --tiller-namespace=helm for executing the different commands).

Once it's done, deploy the ingress controller using the values specified in k8s/ingress-values.yaml by doing the following in your terminal:

kubectl create ns ingress
helm upgrade -f ./k8s/ingress-values.yaml ingress stable/nginx-ingress --namespace ingress -i --wait

After it completes, deploy CertManager in the cluster:

kubectl apply --validate=false -f
helm repo add jetstack 
helm repo update
helm upgrade cert-manager jetstack/cert-manager --namespace ingress --version v0.11.0 -i --wait
kubectl apply -f ./k8s/letsencrypt.yaml

Creating the DNS

For creating the DNS, I used which offers free .tk domain name.

For administrating the DNS, I decided to use Cloudflare with a free-account.

After creating your DNS, update the name servers to point to the Cloudflare ones. Once it's done, go to your AWS console in EC2 -> Load Balancers. Look for the ingress NLB and add its domain name as CNAME entry in Cloudflare. Create a new subdomain for Jitsi: add a new CNAME entry for your domain name in Cloudflare targetting the NLB URL. The NLB will take care of redirecting the traffic to the correct ingress controller.

Deploying Jitsi

Now that the cluster is setup, we can deploy Jitsi Meet in the cluster. Make sure that you edit the value of web.ingress.hosts[0].host to target the domain name created in the previous step.

Run the following command in your terminal:

kubectl create ns jitsi
helm upgrade jitsi ../../jitsi-meet -f ./jitsi-values.yaml --namespace jitsi -i --wait

Once the installation is complete, go back to the AWS console in EC2 -> Security Groups. Look for the security group prefixed with the name prefixed with eks-remoteAccess. Go to the inbound rules and add a custom rule for opening the port 30300 for UDP.

After it's done, launch a session and enjoy a call !

Cleaning the deployment

To clean up the deployment, delete the Cloudformation stack by running aws cloudformation delete-stack --stack-name jitsi.


In case you have questions, found an issue or simply want to improve the example, feel free to open an issue or a pull-requests. Both are welcome !