ungleich-public/ungleich-k8s
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

jitsi: upgrade container, add ssl

Browse source
This commit is contained in:
Nico Schottelius 2021-06-24 13:25:28 +02:00
parent a99fb50c59
commit c3b931e11f
1 changed files with 82 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
apps/jitsi/jitsi.yaml
View file

@ -47,6 +47,38 @@ spec:
labels: labels:
k8s-app: jitsi k8s-app: jitsi
spec: spec:
initContainers:
- name: wait-for-cert
image: busybox
command:
- sh
- -c
- until ls /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem; do sleep 5; done
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: copy-cert
image: busybox
command:
- cp
- /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem
- /etc/letsencrypt/cert.crt
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: copy-key
image: busybox
command:
- cp
- /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/privkey.pem
- /etc/letsencrypt/cert.key
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
volumes:
- name: etcletsencrypt
persistentVolumeClaim:
claimName: jitsi-letsencrypt-certs
containers: containers:
- name: jicofo - name: jicofo
image: jitsi/jicofo:stable-5870 image: jitsi/jicofo:stable-5870
@ -83,7 +115,7 @@ spec:
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
value: web.default.svc.c2.k8s.ooo value: https://web.default.svc.c2.k8s.ooo
- name: XMPP_DOMAIN - name: XMPP_DOMAIN
value: meet.jitsi value: meet.jitsi
- name: XMPP_AUTH_DOMAIN - name: XMPP_AUTH_DOMAIN
@ -116,11 +148,11 @@ spec:
- name: JVB_TCP_HARVESTER_DISABLED - name: JVB_TCP_HARVESTER_DISABLED
value: "true" value: "true"
- name: web - name: web
image: jitsi/web:stable-5870 image: jitsi/web:unstable-2021-06-23
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
value: web.default.svc.c2.k8s.ooo value: https://web.default.svc.c2.k8s.ooo
- name: XMPP_SERVER - name: XMPP_SERVER
value: localhost value: localhost
- name: JICOFO_AUTH_USER - name: JICOFO_AUTH_USER
@ -139,6 +171,9 @@ spec:
value: America/Los_Angeles value: America/Los_Angeles
- name: JVB_TCP_HARVESTER_DISABLED - name: JVB_TCP_HARVESTER_DISABLED
value: "true" value: "true"
volumeMounts:
- name: etcletsencrypt
mountPath: "/config/keys"
- name: jvb - name: jvb
image: jitsi/jvb:stable-5870 image: jitsi/jvb:stable-5870
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
@ -186,3 +221,47 @@ stringData:
JICOFO_COMPONENT_SECRET: Loithah7qu JICOFO_COMPONENT_SECRET: Loithah7qu
JICOFO_AUTH_PASSWORD: Loithah7qu JICOFO_AUTH_PASSWORD: Loithah7qu
JVB_AUTH_PASSWORD: Loithah7qu JVB_AUTH_PASSWORD: Loithah7qu
---
apiVersion: batch/v1
kind: Job
metadata:
name: jitsi-getcert
spec:
template:
metadata:
labels:
k8s-app: jitsi
spec:
restartPolicy: Never
containers:
- name: certbot
image: ungleich/ungleich-certbot
ports:
- containerPort: 80
env:
- name: DOMAIN
value: web.default.svc.c2.k8s.ooo
- name: EMAIL
value: "technik@ungleich.ch"
# - name: STAGING
# value: "no"
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
volumes:
- name: etcletsencrypt
persistentVolumeClaim:
claimName: jitsi-letsencrypt-certs
backoffLimit: 3
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jitsi-letsencrypt-certs
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Mi
storageClassName: rook-cephfs