267 lines
7.4 KiB
YAML
267 lines
7.4 KiB
YAML
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
service: jvb
|
|
name: jvb-udp
|
|
spec:
|
|
ports:
|
|
- port: 30300
|
|
protocol: UDP
|
|
targetPort: 30300
|
|
selector:
|
|
k8s-app: jitsi
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
service: web
|
|
name: web
|
|
spec:
|
|
ports:
|
|
- name: "http"
|
|
port: 80
|
|
targetPort: 80
|
|
- name: "https"
|
|
port: 443
|
|
targetPort: 443
|
|
selector:
|
|
k8s-app: jitsi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
k8s-app: jitsi
|
|
name: jitsi
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: jitsi
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: jitsi
|
|
spec:
|
|
initContainers:
|
|
- name: wait-for-cert
|
|
image: busybox
|
|
command:
|
|
- sh
|
|
- -c
|
|
- until ls /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem; do sleep 5; done
|
|
volumeMounts:
|
|
- name: etcletsencrypt
|
|
mountPath: "/etc/letsencrypt"
|
|
- name: copy-cert
|
|
image: busybox
|
|
command:
|
|
- cp
|
|
- /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/fullchain.pem
|
|
- /etc/letsencrypt/cert.crt
|
|
volumeMounts:
|
|
- name: etcletsencrypt
|
|
mountPath: "/etc/letsencrypt"
|
|
- name: copy-key
|
|
image: busybox
|
|
command:
|
|
- cp
|
|
- /etc/letsencrypt/live/web.default.svc.c2.k8s.ooo/privkey.pem
|
|
- /etc/letsencrypt/cert.key
|
|
volumeMounts:
|
|
- name: etcletsencrypt
|
|
mountPath: "/etc/letsencrypt"
|
|
volumes:
|
|
- name: etcletsencrypt
|
|
persistentVolumeClaim:
|
|
claimName: jitsi-letsencrypt-certs
|
|
containers:
|
|
- name: jicofo
|
|
image: jitsi/jicofo:stable-5870
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: XMPP_SERVER
|
|
value: localhost
|
|
- name: XMPP_DOMAIN
|
|
value: meet.jitsi
|
|
- name: XMPP_AUTH_DOMAIN
|
|
value: auth.meet.jitsi
|
|
- name: XMPP_MUC_DOMAIN
|
|
value: muc.meet.jitsi
|
|
- name: XMPP_INTERNAL_MUC_DOMAIN
|
|
value: internal-muc.meet.jitsi
|
|
- name: JICOFO_COMPONENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jitsi-config
|
|
key: JICOFO_COMPONENT_SECRET
|
|
- name: JICOFO_AUTH_USER
|
|
value: focus
|
|
- name: JICOFO_AUTH_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jitsi-config
|
|
key: JICOFO_AUTH_PASSWORD
|
|
- name: TZ
|
|
value: America/Los_Angeles
|
|
- name: JVB_BREWERY_MUC
|
|
value: jvbbrewery
|
|
- name: prosody
|
|
image: jitsi/prosody:stable-5870
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: PUBLIC_URL
|
|
value: https://web.default.svc.c2.k8s.ooo
|
|
- name: XMPP_DOMAIN
|
|
value: meet.jitsi
|
|
- name: XMPP_AUTH_DOMAIN
|
|
value: auth.meet.jitsi
|
|
- name: XMPP_MUC_DOMAIN
|
|
value: muc.meet.jitsi
|
|
- name: XMPP_INTERNAL_MUC_DOMAIN
|
|
value: internal-muc.meet.jitsi
|
|
- name: JICOFO_COMPONENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jitsi-config
|
|
key: JICOFO_COMPONENT_SECRET
|
|
- name: JVB_AUTH_USER
|
|
value: jvb
|
|
- name: JVB_AUTH_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jitsi-config
|
|
key: JVB_AUTH_PASSWORD
|
|
- name: JICOFO_AUTH_USER
|
|
value: focus
|
|
- name: JICOFO_AUTH_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jitsi-config
|
|
key: JICOFO_AUTH_PASSWORD
|
|
- name: TZ
|
|
value: America/Los_Angeles
|
|
- name: JVB_TCP_HARVESTER_DISABLED
|
|
value: "true"
|
|
- name: web
|
|
image: jitsi/web:stable-5870
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: PUBLIC_URL
|
|
value: https://web.default.svc.c2.k8s.ooo
|
|
- name: XMPP_SERVER
|
|
value: localhost
|
|
- name: JICOFO_AUTH_USER
|
|
value: focus
|
|
- name: XMPP_DOMAIN
|
|
value: meet.jitsi
|
|
- name: XMPP_AUTH_DOMAIN
|
|
value: auth.meet.jitsi
|
|
- name: XMPP_INTERNAL_MUC_DOMAIN
|
|
value: internal-muc.meet.jitsi
|
|
- name: XMPP_BOSH_URL_BASE
|
|
value: http://127.0.0.1:5280
|
|
- name: XMPP_MUC_DOMAIN
|
|
value: muc.meet.jitsi
|
|
- name: TZ
|
|
value: America/Los_Angeles
|
|
- name: JVB_TCP_HARVESTER_DISABLED
|
|
value: "true"
|
|
volumeMounts:
|
|
- name: etcletsencrypt
|
|
mountPath: "/config/keys"
|
|
- name: jvb
|
|
image: jitsi/jvb:stable-5870
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: XMPP_SERVER
|
|
value: localhost
|
|
- name: DOCKER_HOST_ADDRESS
|
|
value: localhost
|
|
- name: XMPP_DOMAIN
|
|
value: meet.jitsi
|
|
- name: XMPP_AUTH_DOMAIN
|
|
value: auth.meet.jitsi
|
|
- name: XMPP_INTERNAL_MUC_DOMAIN
|
|
value: internal-muc.meet.jitsi
|
|
- name: JVB_STUN_SERVERS
|
|
value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
|
|
- name: JICOFO_AUTH_USER
|
|
value: focus
|
|
- name: JVB_TCP_HARVESTER_DISABLED
|
|
value: "true"
|
|
- name: JVB_AUTH_USER
|
|
value: jvb
|
|
- name: JVB_PORT
|
|
value: "30300"
|
|
- name: JVB_AUTH_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jitsi-config
|
|
key: JVB_AUTH_PASSWORD
|
|
- name: JICOFO_AUTH_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jitsi-config
|
|
key: JICOFO_AUTH_PASSWORD
|
|
- name: JVB_BREWERY_MUC
|
|
value: jvbbrewery
|
|
- name: TZ
|
|
value: America/Los_Angeles
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: jitsi-config
|
|
stringData:
|
|
JICOFO_COMPONENT_SECRET: Loithah7qu
|
|
JICOFO_AUTH_PASSWORD: Loithah7qu
|
|
JVB_AUTH_PASSWORD: Loithah7qu
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: jitsi-getcert
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: jitsi
|
|
spec:
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: certbot
|
|
image: ungleich/ungleich-certbot
|
|
ports:
|
|
- containerPort: 80
|
|
env:
|
|
- name: DOMAIN
|
|
value: web.default.svc.c2.k8s.ooo
|
|
- name: EMAIL
|
|
value: "technik@ungleich.ch"
|
|
# - name: STAGING
|
|
# value: "no"
|
|
volumeMounts:
|
|
- name: etcletsencrypt
|
|
mountPath: "/etc/letsencrypt"
|
|
volumes:
|
|
- name: etcletsencrypt
|
|
persistentVolumeClaim:
|
|
claimName: jitsi-letsencrypt-certs
|
|
backoffLimit: 3
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: jitsi-letsencrypt-certs
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 50Mi
|
|
storageClassName: rook-cephfs
|