apiVersion: v1 kind: Service metadata: labels: service: jvb name: jvb-udp spec: ports: - port: 30300 protocol: UDP targetPort: 30300 selector: k8s-app: jitsi --- apiVersion: v1 kind: Service metadata: labels: service: web name: web spec: ports: - name: "http" port: 80 targetPort: 80 - name: "https" port: 443 targetPort: 443 selector: k8s-app: jitsi --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: jitsi name: jitsi spec: replicas: 1 strategy: type: Recreate selector: matchLabels: k8s-app: jitsi template: metadata: labels: k8s-app: jitsi spec: initContainers: - name: wait-for-cert image: busybox command: - sh - -c - until ls /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem; do sleep 5; done volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" - name: copy-cert image: busybox command: - cp - /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem - /etc/letsencrypt/cert.crt volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" - name: copy-key image: busybox command: - cp - /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/privkey.pem - /etc/letsencrypt/cert.key volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" volumes: - name: etcletsencrypt persistentVolumeClaim: claimName: jitsi-letsencrypt-certs containers: - name: jicofo image: jitsi/jicofo:stable-5870 imagePullPolicy: IfNotPresent env: - name: XMPP_SERVER value: localhost - name: XMPP_DOMAIN value: meet.jitsi - name: XMPP_AUTH_DOMAIN value: auth.meet.jitsi - name: XMPP_MUC_DOMAIN value: muc.meet.jitsi - name: XMPP_INTERNAL_MUC_DOMAIN value: internal-muc.meet.jitsi - name: JICOFO_COMPONENT_SECRET valueFrom: secretKeyRef: name: jitsi-config key: JICOFO_COMPONENT_SECRET - name: JICOFO_AUTH_USER value: focus - name: JICOFO_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-config key: JICOFO_AUTH_PASSWORD - name: TZ value: America/Los_Angeles - name: JVB_BREWERY_MUC value: jvbbrewery - name: prosody image: jitsi/prosody:stable-5870 imagePullPolicy: IfNotPresent env: - name: PUBLIC_URL value: https://web.default.svc.c2.k8s.ooo - name: XMPP_DOMAIN value: meet.jitsi - name: XMPP_AUTH_DOMAIN value: auth.meet.jitsi - name: XMPP_MUC_DOMAIN value: muc.meet.jitsi - name: XMPP_INTERNAL_MUC_DOMAIN value: internal-muc.meet.jitsi - name: JICOFO_COMPONENT_SECRET valueFrom: secretKeyRef: name: jitsi-config key: JICOFO_COMPONENT_SECRET - name: JVB_AUTH_USER value: jvb - name: JVB_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-config key: JVB_AUTH_PASSWORD - name: JICOFO_AUTH_USER value: focus - name: JICOFO_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-config key: JICOFO_AUTH_PASSWORD - name: TZ value: America/Los_Angeles - name: JVB_TCP_HARVESTER_DISABLED value: "true" - name: web image: jitsi/web:stable-5870 imagePullPolicy: IfNotPresent env: - name: PUBLIC_URL value: https://web.default.svc.c2.k8s.ooo - name: XMPP_SERVER value: localhost - name: JICOFO_AUTH_USER value: focus - name: XMPP_DOMAIN value: meet.jitsi - name: XMPP_AUTH_DOMAIN value: auth.meet.jitsi - name: XMPP_INTERNAL_MUC_DOMAIN value: internal-muc.meet.jitsi - name: XMPP_BOSH_URL_BASE value: http://127.0.0.1:5280 - name: XMPP_MUC_DOMAIN value: muc.meet.jitsi - name: TZ value: America/Los_Angeles - name: JVB_TCP_HARVESTER_DISABLED value: "true" volumeMounts: - name: etcletsencrypt mountPath: "/config/keys" - name: jvb image: jitsi/jvb:stable-5870 imagePullPolicy: IfNotPresent env: - name: XMPP_SERVER value: localhost - name: DOCKER_HOST_ADDRESS value: localhost - name: XMPP_DOMAIN value: meet.jitsi - name: XMPP_AUTH_DOMAIN value: auth.meet.jitsi - name: XMPP_INTERNAL_MUC_DOMAIN value: internal-muc.meet.jitsi - name: JVB_STUN_SERVERS value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 - name: JICOFO_AUTH_USER value: focus - name: JVB_TCP_HARVESTER_DISABLED value: "true" - name: JVB_AUTH_USER value: jvb - name: JVB_PORT value: "30300" - name: JVB_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-config key: JVB_AUTH_PASSWORD - name: JICOFO_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-config key: JICOFO_AUTH_PASSWORD - name: JVB_BREWERY_MUC value: jvbbrewery - name: TZ value: America/Los_Angeles --- apiVersion: v1 kind: Secret metadata: name: jitsi-config stringData: JICOFO_COMPONENT_SECRET: Loithah7qu JICOFO_AUTH_PASSWORD: Loithah7qu JVB_AUTH_PASSWORD: Loithah7qu --- apiVersion: batch/v1 kind: Job metadata: name: jitsi-getcert spec: template: metadata: labels: k8s-app: jitsi spec: restartPolicy: Never containers: - name: certbot image: ungleich/ungleich-certbot ports: - containerPort: 80 env: - name: DOMAIN value: web.default.svc.c2.k8s.ooo - name: EMAIL value: "technik@ungleich.ch" # - name: STAGING # value: "no" volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" volumes: - name: etcletsencrypt persistentVolumeClaim: claimName: jitsi-letsencrypt-certs backoffLimit: 3 --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jitsi-letsencrypt-certs spec: accessModes: - ReadWriteMany resources: requests: storage: 50Mi storageClassName: rook-cephfs