From c3b931e11fa739ce0cdea7c5fa83ce9f5f7657ab Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 24 Jun 2021 13:25:28 +0200 Subject: [PATCH] jitsi: upgrade container, add ssl --- apps/jitsi/jitsi.yaml | 85 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 82 insertions(+), 3 deletions(-) diff --git a/apps/jitsi/jitsi.yaml b/apps/jitsi/jitsi.yaml index 61db1d4..da61264 100644 --- a/apps/jitsi/jitsi.yaml +++ b/apps/jitsi/jitsi.yaml @@ -47,6 +47,38 @@ spec: labels: k8s-app: jitsi spec: + initContainers: + - name: wait-for-cert + image: busybox + command: + - sh + - -c + - until ls /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem; do sleep 5; done + volumeMounts: + - name: etcletsencrypt + mountPath: "/etc/letsencrypt" + - name: copy-cert + image: busybox + command: + - cp + - /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem + - /etc/letsencrypt/cert.crt + volumeMounts: + - name: etcletsencrypt + mountPath: "/etc/letsencrypt" + - name: copy-key + image: busybox + command: + - cp + - /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/privkey.pem + - /etc/letsencrypt/cert.key + volumeMounts: + - name: etcletsencrypt + mountPath: "/etc/letsencrypt" + volumes: + - name: etcletsencrypt + persistentVolumeClaim: + claimName: jitsi-letsencrypt-certs containers: - name: jicofo image: jitsi/jicofo:stable-5870 @@ -83,7 +115,7 @@ spec: imagePullPolicy: IfNotPresent env: - name: PUBLIC_URL - value: web.default.svc.c2.k8s.ooo + value: https://web.default.svc.c2.k8s.ooo - name: XMPP_DOMAIN value: meet.jitsi - name: XMPP_AUTH_DOMAIN @@ -116,11 +148,11 @@ spec: - name: JVB_TCP_HARVESTER_DISABLED value: "true" - name: web - image: jitsi/web:stable-5870 + image: jitsi/web:unstable-2021-06-23 imagePullPolicy: IfNotPresent env: - name: PUBLIC_URL - value: web.default.svc.c2.k8s.ooo + value: https://web.default.svc.c2.k8s.ooo - name: XMPP_SERVER value: localhost - name: JICOFO_AUTH_USER @@ -139,6 +171,9 @@ spec: value: America/Los_Angeles - name: JVB_TCP_HARVESTER_DISABLED value: "true" + volumeMounts: + - name: etcletsencrypt + mountPath: "/config/keys" - name: jvb image: jitsi/jvb:stable-5870 imagePullPolicy: IfNotPresent @@ -186,3 +221,47 @@ stringData: JICOFO_COMPONENT_SECRET: Loithah7qu JICOFO_AUTH_PASSWORD: Loithah7qu JVB_AUTH_PASSWORD: Loithah7qu +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: jitsi-getcert +spec: + template: + metadata: + labels: + k8s-app: jitsi + spec: + restartPolicy: Never + containers: + - name: certbot + image: ungleich/ungleich-certbot + ports: + - containerPort: 80 + env: + - name: DOMAIN + value: web.default.svc.c2.k8s.ooo + - name: EMAIL + value: "technik@ungleich.ch" +# - name: STAGING +# value: "no" + volumeMounts: + - name: etcletsencrypt + mountPath: "/etc/letsencrypt" + volumes: + - name: etcletsencrypt + persistentVolumeClaim: + claimName: jitsi-letsencrypt-certs + backoffLimit: 3 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jitsi-letsencrypt-certs +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 50Mi + storageClassName: rook-cephfs