From 8d9c0263c698dbcd1bc5f28d9de0261657cba722 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@tobru.ch>
Date: Sat, 21 Mar 2020 15:38:36 +0100
Subject: [PATCH] install jitsi

---
 _apps/jitsi.yaml      |  21 +++++++
 jitsi/deployment.yaml | 143 ++++++++++++++++++++++++++++++++++++++++++
 jitsi/ingress.yaml    |  20 ++++++
 jitsi/secret.yaml     |  18 ++++++
 jitsi/service.yaml    |  35 +++++++++++
 5 files changed, 237 insertions(+)
 create mode 100644 _apps/jitsi.yaml
 create mode 100644 jitsi/deployment.yaml
 create mode 100644 jitsi/ingress.yaml
 create mode 100644 jitsi/secret.yaml
 create mode 100644 jitsi/service.yaml

diff --git a/_apps/jitsi.yaml b/_apps/jitsi.yaml
new file mode 100644
index 0000000..f057b2d
--- /dev/null
+++ b/_apps/jitsi.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jitsi
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: jitsi
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: jitsi
+    repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
+    targetRevision: HEAD
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jitsi
diff --git a/jitsi/deployment.yaml b/jitsi/deployment.yaml
new file mode 100644
index 0000000..0610687
--- /dev/null
+++ b/jitsi/deployment.yaml
@@ -0,0 +1,143 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    k8s-app: jitsi
+  name: jitsi
+  namespace: jitsi
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      k8s-app: jitsi
+  template:
+    metadata:
+      labels:
+        k8s-app: jitsi
+    spec:
+      containers:
+        - name: jicofo
+          image: jitsi/jicofo
+          imagePullPolicy: Always
+          env:
+            - name: XMPP_SERVER
+              value: localhost
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: JICOFO_COMPONENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_COMPONENT_SECRET
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: JICOFO_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_AUTH_PASSWORD
+            - name: TZ
+              value: Europe/Zurich
+            - name: JVB_BREWERY_MUC
+              value: jvbbrewery
+        - name: prosody
+          image: jitsi/prosody
+          imagePullPolicy: Always
+          env:
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_MUC_DOMAIN
+              value: muc.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: JICOFO_COMPONENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_COMPONENT_SECRET
+            - name: JVB_AUTH_USER
+              value: jvb
+            - name: JVB_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JVB_AUTH_PASSWORD
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: JICOFO_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_AUTH_PASSWORD
+            - name: TZ
+              value: Europe/Zurich
+            - name: JVB_TCP_HARVESTER_DISABLED
+              value: "true"
+        - name: web
+          image: jitsi/web
+          imagePullPolicy: Always
+          env:
+            - name: XMPP_SERVER
+              value: localhost
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: XMPP_BOSH_URL_BASE
+              value: http://127.0.0.1:5280
+            - name: XMPP_MUC_DOMAIN
+              value: muc.meet.jitsi
+            - name: TZ
+              value: Europe/Zurich
+            - name: JVB_TCP_HARVESTER_DISABLED
+              value: "true"
+        - name: jvb
+          image: jitsi/jvb
+          imagePullPolicy: Always
+          env:
+            - name: XMPP_SERVER
+              value: localhost
+            - name: DOCKER_HOST_ADDRESS
+              value: 185.95.218.11
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: JVB_STUN_SERVERS
+              value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: JVB_TCP_HARVESTER_DISABLED
+              value: "true"
+            - name: JVB_AUTH_USER
+              value: jvb
+            - name: JVB_PORT
+              value: "30300"
+            - name: JVB_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JVB_AUTH_PASSWORD
+            - name: JICOFO_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_AUTH_PASSWORD
+            - name: JVB_BREWERY_MUC
+              value: jvbbrewery
+            - name: TZ
+              value: Europe/Zurich
diff --git a/jitsi/ingress.yaml b/jitsi/ingress.yaml
new file mode 100644
index 0000000..1634de7
--- /dev/null
+++ b/jitsi/ingress.yaml
@@ -0,0 +1,20 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    ingress.kubernetes.io/ssl-redirect: "true"
+  name: tobrumeet
+spec:
+  rules:
+  - host: meet.tobru.ch
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: web
+          servicePort: http
+  tls:
+  - hosts:
+    - meet.tobru.ch
+    secretName: meet-tobru-ch-cert
diff --git a/jitsi/secret.yaml b/jitsi/secret.yaml
new file mode 100644
index 0000000..228299a
--- /dev/null
+++ b/jitsi/secret.yaml
@@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: jitsi-config
+  namespace: jitsi
+spec:
+  encryptedData:
+    JICOFO_AUTH_PASSWORD: AgAdoT6S3nFHyrPHcLS+rwG96f9lLDQVLOhvKA4RpbRnPv6S3nFXgeScSa5u2pk/w2rNyAnGhexGNehdBXrgDGNTDpFSsjtA1T27AV39FQtKfhAG9Qbm3Y+3+xgxGEscfRJa1CfoUDwOk806eMj8ejhwUJD9syad1RocsLA1bJxS6TxGsusif+I5dN6lA8Tk/ZQs3AVfdgpYBFByruumn8+/HhGlUuLsBvCOJVFiVLMoS+HwHzvvTXM9RwBobHMF+uk9tgV2rq+tmr1YRQczhTPpJYTJUgd7vmC1Yoez5qHNqI1ZEWzq5P9PXfuHZvhrgtwnHtIpGyfCkE0xHRAZO9XFyndPte6yLi3AM58sY7p4EXjgyCmWMejD0pz+jGiRjeIiG7VJMqgf+eB4noTFT1pZgXCD4p8yFheg2vAGqAWHA8RwsT7q4A7m646Ej2mFfxjtFA1thIRZxPydS2mVdi73jBqoDaN5CACjEEEoC8NNmAEdXl955oaMcZZtfTF1TViMtZ+eVx4ThP9d6gYbNK4XEQVUOLlnoSV7pLbOwMAhhLvUcVINUoaXAO0CNIj5jbkzRfyWpt7HQKIocD/4pyUqIfbtb1xmxRqW5pBi8Ke9IDG6RqFAiwwm+JjuomYXzfX7BTYkwbCCgEHHxsTxW0w/jRPs++wTAthjP2sy3doRfXvfVCCSsY36xZQASkzUD4VAS+Scm16veWMjYthbghq0aRmfSQ1XKFjZrOAmLX7zIA==
+    JICOFO_COMPONENT_SECRET: AgAj0+StlJGodzUppyRWV836kMk2GJWBWDz90xq6evs9ZAbbJvc6iNyYMQoBeZL2mhmUKxcOjSNBDX3cGmEpKSEJ+oFrgmew6NB85w/EXzOoOE9tFQsSUACxNDLHbVTaDJ8aq2v4CtdzjONx5mV3+7wg6SqC6tIvrgV8P4RTQAUt59JAdRjGPyp1o3S9F7sbk5lDCShPjZUwB7CMIyQNbRtfMofYz0xjJ/KKIOHfZJk9DMAIQCahdU96X/9WukKx/KpVEyMzX+lQR3AsTUMDlxRSs34WBvbKeMKdXJNYnE/87GntB0sEsDvtmhzzVJzsDfg+5TXW+sK2Jk6iqPqCLzGQhgum+JLcHB8gCgUJa6d6RtF+7fD5sA4b4dy8WvjFk0ikb/M9ThIrlPD0//eMYM6KQ8TfifpAnTH82WQaiOpagFpPdEjH+KezIX578Jv1seGFnc3b3Idjn/Inwo1K2pZ8oP7n+yM0N16b4kYe5tgDlL2yYyh9QAWNqbj5HvXgIcrcM9fv92YnrV2QeKBvujUG5zjNiQnV+83GVGaNsDPox1V4u2JY7jagDbc9l2LPLQXCeOs34Rmhm+IpCOQI3EA/PVnjvQUKms6QkDtd0zlw3XdLUj2UmNJjr0c/iONHrmA4BANbCYBtNjeGXE07/0i0a4FjQ09VHtMaEOFr3xaqn0gtMA1Z4jFMHUNHw85uytf2Ldsy1BjSpLrTQWdwE12YZFMaIOj/7vKuoqV6KU7hJw==
+    JVB_AUTH_PASSWORD: AgA5Oep/d13xjR4s2neWZGZKsEl/zCXlCPqLDOH/pUYutIs2AeHKMznFmLa7OtovOlAT8QBtdZMw0WFgCEciwVVwFodQzv2oiX02PzftuKHHcJIye+rtU41vtUxFhWC9muUWy90fbr4LJsU5x+RpJVEezGEY9NaJJCDtGd23h+pikvyRJCRc/5lX9qAudNq4SnMyc//jBaFnV4mN05ZOK4WOgWH4u3TmS4zpudyiSnMX20pf0lqY3FSyEXHZdWO7D1vBbCFklZCDoUC50TNz9tmmfxwrc1omD3v06UE6ZNIPtzSONBGMDZrbc7grRHDuGMS6l2Kz9hoYw+gagMqpTZmUbOFQCnIkVZw4Gi3j0MtQ3rC8ejrueuXhd7psUgMXba3DQ3vSmQSbWxZHZj9Twva/R3A6hzbHt4QcYAoF82p3iY+PK4ip70HcA9JF+z7RNUjZ+A1gFtV2s+D7M0lQ+RpBuuOSd6JeHYN1V6bS9Wc3qj3kD8ekoEuDQASlMj7h2XOHITSX2DAXsnGFUylOH/XjiFYAitJBwhJJwNZya7o1UWE7yvZEMY5R6cxwUn3BfD2/6WSPaXKi+86SLCw3v4azoCO9uNQ9egoaKrrf1Wg6gOyQLxrrv7p0galIoaTIldMO4WqQNz+3KORCjAtcRzFh6qMuUjKHxJUUSX+gflmjk5ulxCp/lMGkMdo6LhFgphRsXL19+T4iP/vK/cw+U5BJQbeCZR+xqXTtEI/dq7tAsQ==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: jitsi-config
+      namespace: jitsi
+status: {}
+
diff --git a/jitsi/service.yaml b/jitsi/service.yaml
new file mode 100644
index 0000000..1a94bef
--- /dev/null
+++ b/jitsi/service.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    service: jvb
+  name: jvb-udp
+  namespace: jitsi
+spec:
+  type: NodePort
+  externalTrafficPolicy: Cluster
+  ports:
+  - port: 30300
+    protocol: UDP
+    targetPort: 30300
+    nodePort: 30300
+  selector:
+    k8s-app: jitsi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    service: web
+  name: web
+  namespace: jitsi
+spec:
+  ports:
+  - name: "http"
+    port: 80
+    targetPort: 80
+  - name: "https"
+    port: 443
+    targetPort: 443
+  selector:
+    k8s-app: jitsi