diff --git a/jitsi/010-deployment.yaml b/jitsi/010-deployment.yaml new file mode 100644 index 0000000..897cf9f --- /dev/null +++ b/jitsi/010-deployment.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi + namespace: jitsi +spec: + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: web + env: + - name: PUBLIC_URL + value: "https://meet.tobru.ch" + - name: prosody + env: + - name: PUBLIC_URL + value: "https://meet.tobru.ch" diff --git a/jitsi/ingress.yaml b/jitsi/041-ingress.yaml similarity index 100% rename from jitsi/ingress.yaml rename to jitsi/041-ingress.yaml diff --git a/jitsi/deployment.yaml b/jitsi/deployment.yaml deleted file mode 100644 index 50b5a65..0000000 --- a/jitsi/deployment.yaml +++ /dev/null @@ -1,154 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - k8s-app: jitsi - name: jitsi - namespace: jitsi -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - k8s-app: jitsi - template: - metadata: - labels: - k8s-app: jitsi - spec: - containers: - - name: jicofo - image: jitsi/jicofo:stable-6173 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_SERVER - value: localhost - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_MUC_DOMAIN - value: muc.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: JICOFO_COMPONENT_SECRET - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_COMPONENT_SECRET - - name: JICOFO_AUTH_USER - value: focus - - name: JICOFO_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_AUTH_PASSWORD - - name: TZ - value: Europe/Zurich - - name: JVB_BREWERY_MUC - value: jvbbrewery - - name: PUBLIC_URL - value: https://meet.tobru.ch - - name: prosody - image: jitsi/prosody:stable-6173 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_MUC_DOMAIN - value: muc.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: JICOFO_COMPONENT_SECRET - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_COMPONENT_SECRET - - name: JVB_AUTH_USER - value: jvb - - name: JVB_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JVB_AUTH_PASSWORD - - name: JICOFO_AUTH_USER - value: focus - - name: JICOFO_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_AUTH_PASSWORD - - name: TZ - value: Europe/Zurich - - name: JVB_TCP_HARVESTER_DISABLED - value: "true" - - name: PUBLIC_URL - value: https://meet.tobru.ch - - name: web - image: jitsi/web:stable-6173 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_SERVER - value: localhost - - name: JICOFO_AUTH_USER - value: focus - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: XMPP_BOSH_URL_BASE - value: http://127.0.0.1:5280 - - name: XMPP_MUC_DOMAIN - value: muc.meet.jitsi - - name: TZ - value: Europe/Zurich - - name: JVB_TCP_HARVESTER_DISABLED - value: "true" - - name: PUBLIC_URL - value: https://meet.tobru.ch - - name: jvb - image: jitsi/jvb:stable-6173 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_SERVER - value: localhost - - name: DOCKER_HOST_ADDRESS - value: localhost - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: JVB_STUN_SERVERS - value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 - - name: JICOFO_AUTH_USER - value: focus - - name: JVB_TCP_HARVESTER_DISABLED - value: "true" - - name: JVB_AUTH_USER - value: jvb - - name: JVB_PORT - value: "30300" - - name: JVB_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JVB_AUTH_PASSWORD - - name: JICOFO_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_AUTH_PASSWORD - - name: JVB_BREWERY_MUC - value: jvbbrewery - - name: TZ - value: Europe/Zurich - - name: PUBLIC_URL - value: https://meet.tobru.ch - serviceAccountName: jitsi diff --git a/jitsi/kustomization.yaml b/jitsi/kustomization.yaml new file mode 100644 index 0000000..7c3181a --- /dev/null +++ b/jitsi/kustomization.yaml @@ -0,0 +1,9 @@ +namespace: jitsi +bases: +- https://github.com/jitsi-contrib/kubernetes/doc/kustomize + +resources: +- 041-ingress.yaml + +patchesStrategicMerge: +- 010-deployment.yaml diff --git a/jitsi/rbac.yaml b/jitsi/rbac.yaml deleted file mode 100644 index e25723b..0000000 --- a/jitsi/rbac.yaml +++ /dev/null @@ -1,57 +0,0 @@ ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: jitsi-privileged -spec: - allowPrivilegeEscalation: true - fsGroup: - rule: RunAsAny - hostIPC: false - hostNetwork: true - hostPID: true - hostPorts: - - max: 65535 - min: 0 - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - downwardAPI - - emptyDir - - persistentVolumeClaim - - projected - - secret ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: jitsi-privileged - namespace: jitsi -rules: -- apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - jitsi-privileged - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: jitsi-privileged - namespace: jitsi -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: jitsi-privileged -subjects: -- kind: ServiceAccount - name: jitsi diff --git a/jitsi/service.yaml b/jitsi/service.yaml deleted file mode 100644 index 1a94bef..0000000 --- a/jitsi/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - service: jvb - name: jvb-udp - namespace: jitsi -spec: - type: NodePort - externalTrafficPolicy: Cluster - ports: - - port: 30300 - protocol: UDP - targetPort: 30300 - nodePort: 30300 - selector: - k8s-app: jitsi ---- -apiVersion: v1 -kind: Service -metadata: - labels: - service: web - name: web - namespace: jitsi -spec: - ports: - - name: "http" - port: 80 - targetPort: 80 - - name: "https" - port: 443 - targetPort: 443 - selector: - k8s-app: jitsi diff --git a/jitsi/serviceaccount.yaml b/jitsi/serviceaccount.yaml deleted file mode 100644 index 8eb39b3..0000000 --- a/jitsi/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: jitsi - namespace: jitsi