ungleich-k8s/apps/jitsi/templates/jitsi.yaml
2021-06-24 14:42:31 +02:00

267 lines
7.4 KiB
YAML

apiVersion: v1
kind: Service
metadata:
labels:
service: jvb
name: jvb-udp
spec:
ports:
- port: 30300
protocol: UDP
targetPort: 30300
selector:
k8s-app: jitsi
---
apiVersion: v1
kind: Service
metadata:
labels:
service: web
name: web
spec:
ports:
- name: "http"
port: 80
targetPort: 80
- name: "https"
port: 443
targetPort: 443
selector:
k8s-app: jitsi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: jitsi
name: jitsi
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
k8s-app: jitsi
template:
metadata:
labels:
k8s-app: jitsi
spec:
initContainers:
- name: wait-for-cert
image: busybox
command:
- sh
- -c
- until ls /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem; do sleep 5; done
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: copy-cert
image: busybox
command:
- cp
- /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem
- /etc/letsencrypt/cert.crt
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: copy-key
image: busybox
command:
- cp
- /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/privkey.pem
- /etc/letsencrypt/cert.key
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
volumes:
- name: etcletsencrypt
persistentVolumeClaim:
claimName: jitsi-letsencrypt-certs
containers:
- name: jicofo
image: jitsi/jicofo:stable-5870
imagePullPolicy: IfNotPresent
env:
- name: XMPP_SERVER
value: localhost
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: America/Los_Angeles
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: prosody
image: jitsi/prosody:stable-5870
imagePullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
value: https://web.default.svc.c2.k8s.ooo
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JVB_AUTH_USER
value: jvb
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: America/Los_Angeles
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: web
image: jitsi/web:stable-5870
imagePullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
value: https://web.default.svc.c2.k8s.ooo
- name: XMPP_SERVER
value: localhost
- name: JICOFO_AUTH_USER
value: focus
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: XMPP_BOSH_URL_BASE
value: http://127.0.0.1:5280
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: TZ
value: America/Los_Angeles
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
volumeMounts:
- name: etcletsencrypt
mountPath: "/config/keys"
- name: jvb
image: jitsi/jvb:stable-5870
imagePullPolicy: IfNotPresent
env:
- name: XMPP_SERVER
value: localhost
- name: DOCKER_HOST_ADDRESS
value: localhost
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JVB_STUN_SERVERS
value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
- name: JICOFO_AUTH_USER
value: focus
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: JVB_AUTH_USER
value: jvb
- name: JVB_PORT
value: "30300"
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: TZ
value: America/Los_Angeles
---
apiVersion: v1
kind: Secret
metadata:
name: jitsi-config
stringData:
JICOFO_COMPONENT_SECRET: Loithah7qu
JICOFO_AUTH_PASSWORD: Loithah7qu
JVB_AUTH_PASSWORD: Loithah7qu
---
apiVersion: batch/v1
kind: Job
metadata:
name: jitsi-getcert
spec:
template:
metadata:
labels:
k8s-app: jitsi
spec:
restartPolicy: Never
containers:
- name: certbot
image: ungleich/ungleich-certbot
ports:
- containerPort: 80
env:
- name: DOMAIN
value: web.default.svc.c2.k8s.ooo
- name: EMAIL
value: "technik@ungleich.ch"
# - name: STAGING
# value: "no"
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
volumes:
- name: etcletsencrypt
persistentVolumeClaim:
claimName: jitsi-letsencrypt-certs
backoffLimit: 3
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jitsi-letsencrypt-certs
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Mi
storageClassName: rook-cephfs