jitsi: upgrade container, add ssl

2021-06-24 13:25:28 +02:00 · 2021-06-24 13:25:28 +02:00 · c3b931e11f
commit c3b931e11f
parent a99fb50c59
1 changed files with 82 additions and 3 deletions
--- a/apps/jitsi/jitsi.yaml
+++ b/apps/jitsi/jitsi.yaml
@ -47,6 +47,38 @@ spec:
      labels:
        k8s-app: jitsi
    spec:
+      initContainers:
+        - name: wait-for-cert
+          image: busybox
+          command:
+            - sh
+            - -c
+            - until ls /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem; do sleep 5; done
+          volumeMounts:
+            - name: etcletsencrypt
+              mountPath: "/etc/letsencrypt"
+        - name: copy-cert
+          image: busybox
+          command:
+            - cp
+            - /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem
+            - /etc/letsencrypt/cert.crt
+          volumeMounts:
+            - name: etcletsencrypt
+              mountPath: "/etc/letsencrypt"
+        - name: copy-key
+          image: busybox
+          command:
+            - cp
+            - /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/privkey.pem
+            - /etc/letsencrypt/cert.key
+          volumeMounts:
+            - name: etcletsencrypt
+              mountPath: "/etc/letsencrypt"
+      volumes:
+        - name: etcletsencrypt
+          persistentVolumeClaim:
+            claimName: jitsi-letsencrypt-certs
      containers:
        - name: jicofo
          image: jitsi/jicofo:stable-5870
@ -83,7 +115,7 @@ spec:
          imagePullPolicy: IfNotPresent
          env:
            - name: PUBLIC_URL
-              value: web.default.svc.c2.k8s.ooo
+              value: https://web.default.svc.c2.k8s.ooo
            - name: XMPP_DOMAIN
              value: meet.jitsi
            - name: XMPP_AUTH_DOMAIN
@ -116,11 +148,11 @@ spec:
            - name: JVB_TCP_HARVESTER_DISABLED
              value: "true"
        - name: web
-          image: jitsi/web:stable-5870
+          image: jitsi/web:unstable-2021-06-23
          imagePullPolicy: IfNotPresent
          env:
            - name: PUBLIC_URL
-              value: web.default.svc.c2.k8s.ooo
+              value: https://web.default.svc.c2.k8s.ooo
            - name: XMPP_SERVER
              value: localhost
            - name: JICOFO_AUTH_USER
@ -139,6 +171,9 @@ spec:
              value: America/Los_Angeles
            - name: JVB_TCP_HARVESTER_DISABLED
              value: "true"
+          volumeMounts:
+            - name: etcletsencrypt
+              mountPath: "/config/keys"
        - name: jvb
          image: jitsi/jvb:stable-5870
          imagePullPolicy: IfNotPresent
@ -186,3 +221,47 @@ stringData:
  JICOFO_COMPONENT_SECRET: Loithah7qu
  JICOFO_AUTH_PASSWORD: Loithah7qu
  JVB_AUTH_PASSWORD: Loithah7qu
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: jitsi-getcert
+spec:
+  template:
+    metadata:
+      labels:
+        k8s-app: jitsi
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: certbot
+        image: ungleich/ungleich-certbot
+        ports:
+          - containerPort: 80
+        env:
+          - name: DOMAIN
+            value: web.default.svc.c2.k8s.ooo
+          - name: EMAIL
+            value: "technik@ungleich.ch"
+#          - name: STAGING
+#            value: "no"
+        volumeMounts:
+          - name: etcletsencrypt
+            mountPath: "/etc/letsencrypt"
+      volumes:
+        - name: etcletsencrypt
+          persistentVolumeClaim:
+            claimName: jitsi-letsencrypt-certs
+  backoffLimit: 3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jitsi-letsencrypt-certs
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 50Mi
+  storageClassName: rook-cephfs