jitsi-meet-helm/jitsi-meet/templates/prosody-statefulset.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ include "jitsi-meet.name-prosody" . }}
  labels:
{{ include "jitsi-meet.labels" . | indent 4 }}
spec:
  serviceName: {{ include "jitsi-meet.name-prosody" . }}
  replicas: {{ .Values.prosody.replicaCount }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "jitsi-meet.name-prosody" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ include "jitsi-meet.name-prosody" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "jitsi-meet.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ include "jitsi-meet.name-prosody" . }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.prosody.image.repository }}:{{ .Values.prosody.image.tag }}"
          imagePullPolicy: {{ .Values.prosody.image.pullPolicy }}
          env:
            {{ if .Values.jicofo.userAuth.enabled }}
            - name: JICOFO_AUTH_USER
              value: "{{ .Values.jicofo.userAuth.name }}"
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "jitsi-meet.name-jicofo-config" . }}
                  key: JICOFO_AUTH_PASSWORD
            {{ end }}
            {{ if .Values.jicofo.componentSecret }}
            - name: JICOFO_COMPONENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ include "jitsi-meet.name-jicofo-config" . }}
                  key: JICOFO_COMPONENT_SECRET
            {{ end }}
            {{- if .Values.jvb.userAuth.enabled }}
            - name: JVB_AUTH_USER
              value: {{ .Values.jvb.userAuth.name }}
            - name: JVB_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ template "jitsi-meet.name-jvb-config" . }}
                  key: JVB_AUTH_PASSWORD
            {{- end }}
            {{- if .Values.prosody.auth.enabled }}
            - name: ENABLE_AUTH
              value: "1"
            - name: ENABLE_GUESTS
              value: {{ .Values.prosody.auth.guest | quote }}
            - name: AUTH_TYPE
              value: {{ .Values.prosody.auth.type | quote }}
            {{- end }}
            {{- range .Values.prosody.environment }}
            - name: {{ .name | quote }}
              value: {{ .value | quote }}
            {{- end }}
            {{- range .Values.common.environment }}
            - name: {{ .name | quote }}
              value: {{ .value | quote }}
            {{- end }}
          ports:
            - containerPort: 5222
              protocol: TCP
              name: c2s1
            - containerPort: 5269
              protocol: TCP
              name: c2s2
            - containerPort: 5280
              protocol: TCP
              name: web
            - containerPort: 5347
              protocol: TCP
              name: xmpp
          # lifecycle:
          #   postStart:
          #     exec:
          #       command:
          #         - /bin/bash
          #         - -c
          #         - cat /var/app/prosody.cfg.lua | base64 -d > /defaults/prosody.cfg.lua
          #         - cat /var/app/jitsi-meet.cfg.lua | base64 -d > /defaults/conf.d/jitsi-meet.cfg.lua
          #         # {{ if .Values.prosody.auth.enabled }}
          #         # - prosodyctl --config /config/prosody.cfg.lua register me $XMPP_DOMAIN $JVB_AUTH_PASSWORD;
          #         # {{ end }}
          resources:
            {{- toYaml .Values.prosody.resources | nindent 12 }}
          volumeMounts:
            - name: config-prosody
              mountPath: "/var/app"
        - name: {{ include "jitsi-meet.name-jicofo" . }}
          image: "{{ .Values.jicofo.image.repository }}:{{ .Values.jicofo.image.tag }}"
          imagePullPolicy: {{ .Values.jicofo.image.pullPolicy }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          env:
            {{ if .Values.jicofo.userAuth.enabled }}
            - name: JICOFO_AUTH_USER
              value: {{ .Values.jicofo.userAuth.name }}
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "jitsi-meet.name-jicofo-config" . }}
                  key: JICOFO_AUTH_PASSWORD
            {{ end }}
            {{ if .Values.jicofo.componentSecret }}
            - name: JICOFO_COMPONENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ include "jitsi-meet.name-jicofo-config" . }}
                  key: JICOFO_COMPONENT_SECRET
            {{ end }}
            - name: XMPP_SERVER
              value: "localhost"
            {{- if .Values.prosody.auth.enabled }}
            - name: ENABLE_AUTH
              value: "1"
            {{- end }}
            {{- range .Values.jicofo.environment }}
            - name: {{ .name | quote }}
              value: {{ .value | quote }}
            {{- end }}
            {{- range .Values.common.environment }}
            - name: {{ .name | quote }}
              value: {{ .value | quote }}
            {{- end }}
          resources:
            {{- toYaml .Values.jicofo.resources | nindent 12 }}
          # lifecycle:
          #   postStart:
          #     exec:
          #       command:
          #         - /bin/bash
          #         - -c
          #         - cp /var/app/sip-communicator.properties /defaults/sip-communicator.properties
          volumeMounts:
            - name: config-jicofo
              mountPath: "/var/app"
        {{ if .Values.prosody.recorder }}
        - name: {{ include "jitsi-meet.name-jibri" . }}
          image: "{{ .Values.jibri.image.repository }}:{{ .Values.jibri.image.tag }}"
          imagePullPolicy: {{ .Values.jibri.image.pullPolicy }}
          securityContext:
            # required to record sound
            privileged: true
            capabilities:
              add:
                - SYS_RESOURCE
                - NET_BIND_SERVICE
            {{- with .Values.jibri.podSecurityContext }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
          env:
            - name: XMPP_SERVER
              value: localhost
            {{- range .Values.jibri.environment }}
            - name: {{ .name | quote }}
              value: {{ .value | quote }}
            {{- end }}
            {{- range .Values.common.environment }}
            - name: {{ .name | quote }}
              value: {{ .value | quote }}
            {{- end }}
          volumeMounts:
            - mountPath: /dev/shm
              name: shm
            - mountPath: /dev/snd
              name: dev-snd
        {{ end }}
      volumes:
        - name: config-jicofo
          configMap:
            name: {{ template "jitsi-meet.name-jicofo-config" . }}-cm
        - name: config-prosody
          configMap:
            name: {{ template "jitsi-meet.name-prosody" . }}-config-cm
        {{ if .Values.prosody.recorder }}
        - name: shm
          hostPath:
            path: /dev/shm
        - name: dev-snd
          hostPath:
            path: /dev/snd
        {{ end }}
      {{- with .Values.prosody.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.prosody.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.prosody.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}