tobru
/
gitops-tbrnt
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Activity

convert jitsi deployment to kustomize
continuous-integration/drone/push Build is failing Details

This commit is contained in:
Tobias Brunner 2021-08-24 22:50:33 +02:00
parent 79075f3330
commit d4362d230c
7 changed files with 31 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
jitsi/010-deployment.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: jitsi
name: jitsi
namespace: jitsi
spec:
template:
metadata:
labels:
k8s-app: jitsi
spec:
containers:
- name: web
env:
- name: PUBLIC_URL
value: "https://meet.tobru.ch"
- name: prosody
env:
- name: PUBLIC_URL
value: "https://meet.tobru.ch"

0
jitsi/ingress.yaml → jitsi/041-ingress.yaml
View File

154
jitsi/deployment.yaml
View File

@ -1,154 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: jitsi
name: jitsi
namespace: jitsi
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
k8s-app: jitsi
template:
metadata:
labels:
k8s-app: jitsi
spec:
containers:
- name: jicofo
image: jitsi/jicofo:stable-6173
imagePullPolicy: IfNotPresent
env:
- name: XMPP_SERVER
value: localhost
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Zurich
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: PUBLIC_URL
value: https://meet.tobru.ch
- name: prosody
image: jitsi/prosody:stable-6173
imagePullPolicy: IfNotPresent
env:
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JVB_AUTH_USER
value: jvb
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Zurich
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: PUBLIC_URL
value: https://meet.tobru.ch
- name: web
image: jitsi/web:stable-6173
imagePullPolicy: IfNotPresent
env:
- name: XMPP_SERVER
value: localhost
- name: JICOFO_AUTH_USER
value: focus
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: XMPP_BOSH_URL_BASE
value: http://127.0.0.1:5280
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: TZ
value: Europe/Zurich
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: PUBLIC_URL
value: https://meet.tobru.ch
- name: jvb
image: jitsi/jvb:stable-6173
imagePullPolicy: IfNotPresent
env:
- name: XMPP_SERVER
value: localhost
- name: DOCKER_HOST_ADDRESS
value: localhost
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JVB_STUN_SERVERS
value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
- name: JICOFO_AUTH_USER
value: focus
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: JVB_AUTH_USER
value: jvb
- name: JVB_PORT
value: "30300"
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: TZ
value: Europe/Zurich
- name: PUBLIC_URL
value: https://meet.tobru.ch
serviceAccountName: jitsi

9
jitsi/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
namespace: jitsi
bases:
- https://github.com/jitsi-contrib/kubernetes/doc/kustomize
resources:
- 041-ingress.yaml
patchesStrategicMerge:
- 010-deployment.yaml

57
jitsi/rbac.yaml
View File

@ -1,57 +0,0 @@
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: jitsi-privileged
spec:
allowPrivilegeEscalation: true
fsGroup:
rule: RunAsAny
hostIPC: false
hostNetwork: true
hostPID: true
hostPorts:
- max: 65535
min: 0
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jitsi-privileged
namespace: jitsi
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
resourceNames:
- jitsi-privileged
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jitsi-privileged
namespace: jitsi
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jitsi-privileged
subjects:
- kind: ServiceAccount
name: jitsi

35
jitsi/service.yaml
View File

@ -1,35 +0,0 @@
apiVersion: v1
kind: Service
metadata:
labels:
service: jvb
name: jvb-udp
namespace: jitsi
spec:
type: NodePort
externalTrafficPolicy: Cluster
ports:
- port: 30300
protocol: UDP
targetPort: 30300
nodePort: 30300
selector:
k8s-app: jitsi
---
apiVersion: v1
kind: Service
metadata:
labels:
service: web
name: web
namespace: jitsi
spec:
ports:
- name: "http"
port: 80
targetPort: 80
- name: "https"
port: 443
targetPort: 443
selector:
k8s-app: jitsi

5
jitsi/serviceaccount.yaml
View File

@ -1,5 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: jitsi
namespace: jitsi