add stun server

src/main/cljc/dda/c4k_jitsi/core.cljc

@@ -44,6 +44,7 @@
            (jitsi/etherpad-config resolved-config)
            (jitsi/excalidraw-config resolved-config)
            (jitsi/moderator-elector-config resolved-config)
+           (jitsi/coturn-config resolved-config)
            (ing/generate-ingress-and-cert (merge
                                            {:service-name "jitsi-meet-web"
                                             :service-port 80
@@ -76,5 +77,6 @@
         #(not (nil? %))
         (cm/concat-vec
          (jitsi/prosody-auth config auth)
+         (jitsi/coturn-auth config auth)
          (when (:contains? config :mon-cfg)
            (mon/generate-auth (:mon-cfg config) (:mon-auth auth))))))))

src/main/cljc/dda/c4k_jitsi/jitsi.cljc

@@ -3,6 +3,7 @@
    [clojure.spec.alpha :as s]
    #?(:clj [orchestra.core :refer [defn-spec]]
       :cljs [orchestra.core :refer-macros [defn-spec]])
+   [clojure.string :as st]
    [dda.c4k-common.yaml :as yaml]
    [dda.c4k-common.common :as cm]
    [dda.c4k-common.base64 :as b64]
@@ -98,7 +99,8 @@
   (let [{:keys [fqdn namespace]} config]
     [(-> 
       (load-and-adjust-namespace "jitsi/jvb-config-envs-cm.yaml" namespace)
-      (cm/replace-key-value :XMPP_SERVER (str "prosody." namespace ".svc.cluster.local")))
+      (cm/replace-key-value :XMPP_SERVER (str "prosody." namespace ".svc.cluster.local"))
+      (cm/replace-key-value :JVB_STUN_SERVERS (str "stun." fqdn ":443")))
      (load-and-adjust-namespace "jitsi/jvb-config-service.yaml" namespace)
      (->
       (load-and-adjust-namespace "jitsi/jvb-config-deployment.yaml" namespace)
@@ -161,3 +163,34 @@
   (let [{:keys [namespace]} config]
     [(load-and-adjust-namespace "jitsi/modelector-config-service.yaml" namespace)
      (load-and-adjust-namespace "jitsi/modelector-config-deployment.yaml" namespace)]))
+
+(defn-spec coturn-auth cp/map-or-seq?
+  [config config?
+   auth auth?]
+  (let [{:keys [namespace]} config
+        {:keys []} auth]
+    [(load-and-adjust-namespace "jitsi/coturn-auth-secret.yaml" namespace)]))
+  
+(defn-spec coturn-config cp/map-or-seq?
+  [config config?]
+  (let [{:keys [namespace fqdn]} config]
+    [(load-and-adjust-namespace "jitsi/coturn-config-default-cm.yaml" namespace)
+     (-> 
+      (load-and-adjust-namespace "jitsi/coturn-config-init-cm.yaml" namespace)
+      (cm/replace-key-value
+       :data
+       {:turnserver.conf
+        (st/join "\n" [(str "realm: stun." fqdn)
+                       "listening-ip: 0.0.0.0"
+                       "listening-port: 3478"
+                       "tls-listening-port: 5349"
+                       "min-port: 49152"
+                       "max-port: 65535"
+                       "log-file: stdout"
+                       "pidfile: \"/var/tmp/turnserver.pid\""
+                       "pkey: \"/tls/tls.key\""
+                       "cert: \"/tls/tls.crt\""
+                       "userdb: \"/var/db/turndb\""])}))
+     (load-and-adjust-namespace "jitsi/coturn-config-tcp-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/coturn-config-udp-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/coturn-config-deployment.yaml" namespace)]))

src/main/resources/jitsi/coturn-auth-secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: NAMESPACE
+  name: coturn-auth-secret
+  labels:
+    app.kubernetes.io/name: "coturn"
+data:
+  username: ""
+  password: ""

src/main/resources/jitsi/coturn-config-default-cm.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: NAMESPACE
+  name: coturn-extra-config
+  labels:
+    app.kubernetes.io/name: "coturn"
+data:
+  turnserver.conf: |
+      verbose

src/main/resources/jitsi/coturn-config-deployment.yaml

@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: NAMESPACE
+  name: coturn-coturn
+  labels:
+    app.kubernetes.io/name: "coturn"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: coturn
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: coturn
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: "coturn"
+          image: coturn/coturn:4.6.3
+          imagePullPolicy: IfNotPresent
+          args: ["-c", "/turnserver.conf"]
+          ports:
+            - name: turn-udp
+              containerPort: 3478
+              protocol: UDP
+            - name: turn-tcp
+              containerPort: 3478
+              protocol: TCP
+            - name: turn-tcp-tls
+              containerPort: 5349
+              protocol: TCP
+            - name: turn-udp-dtls
+              containerPort: 5349
+              protocol: UDP
+          volumeMounts:
+            - name: coturn-config
+              mountPath: "/turnserver.conf"
+              subPath: turnserver.conf
+              readOnly: true
+            - name: var-tmp
+              mountPath: /var/tmp
+            - name: sqllite
+              mountPath: /var/db
+          securityContext:
+            capabilities:
+              add:
+                - NET_BIND_SERVICE
+              drop:
+                - ALL
+            readOnlyRootFilesystem: false
+            allowPrivilegeEscalation: false
+      volumes:
+        - name: coturn-initial-config
+          configMap:
+            name: coturn-initial-config
+        - name: coturn-extra-config
+          configMap:
+            name: coturn-extra-config
+        - name: coturn-config
+          emptyDir: {}
+        - name: var-tmp
+          emptyDir: {}
+        - name: sqllite
+          emptyDir: {}

src/main/resources/jitsi/coturn-config-init-cm.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: NAMESPACE
+  name: coturn-initial-config
+  labels:
+    app.kubernetes.io/name: "coturn"
+data:
+  turnserver.conf: |-
+    realm: REPLACE_COTURN_FQDN
+    listening-ip: 0.0.0.0
+    listening-port: 3478
+    tls-listening-port: 5349
+    min-port: 49152
+    max-port: 65535
+    log-file: stdout
+    pidfile: "/var/tmp/turnserver.pid"
+    pkey: "/tls/tls.key"
+    cert: "/tls/tls.crt"
+    userdb: "/var/db/turndb"

src/main/resources/jitsi/coturn-config-tcp-service.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: NAMESPACE
+  name: coturn-turn-tcp
+  labels:
+    app.kubernetes.io/name: "coturn"
+  annotations:
+    metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
+    metallb.universe.tf/address-pool: public
+spec:
+  type: LoadBalancer
+  ports:
+    - name: turn-tcp
+      port: 3478
+      protocol: TCP
+      targetPort: 3478
+    - name: turn-tcp-tls
+      port: 5349
+      protocol: TCP
+      targetPort: 5349
+  selector:
+    app.kubernetes.io/name: coturn-coturn

src/main/resources/jitsi/coturn-config-udp-service.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: NAMESPACE
+  name: coturn-turn-udp
+  labels:
+    app.kubernetes.io/name: "coturn"
+  annotations:
+    metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
+    metallb.universe.tf/address-pool: public
+spec:
+  type: LoadBalancer
+  ports:
+    - name: turn-udp
+      port: 3478
+      protocol: UDP
+      targetPort: 3478
+    - name: turn-udp-dtls
+      port: 5349
+      protocol: UDP
+      targetPort: 5349
+  selector:
+    app.kubernetes.io/name: coturn-coturn

src/main/resources/jitsi/jvb-config-envs-cm.yaml

@@ -9,7 +9,7 @@ metadata:
 data:
   JVB_BREWERY_MUC: 'jvbbrewery'
   JVB_PORT: '10000'
-  JVB_STUN_SERVERS: 'meet-jit-si-turnrelay.jitsi.net:443'
+  JVB_STUN_SERVERS: REPLACE_ME
   JVB_TCP_HARVESTER_DISABLED: '1'
   XMPP_SERVER: REPLACE_ME
   COLIBRI_REST_ENABLED: 'true'

src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc

@@ -166,3 +166,28 @@
          (count (cut/restart-config
                  {:fqdn "xy.xy.xy"
                   :namespace "jitsi"})))))
+
+(deftest should-generate-coturn
+  (is (= 1
+         (count (cut/coturn-auth
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"}
+                 {:jvb-auth-password "jvb-auth"
+                  :jicofo-auth-password "jicofo-auth"
+                  :jicofo-component-secret "jicofo-comp"}))))
+   (is (= 5
+         (count (cut/coturn-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"}))))
+  (is (= {:apiVersion "v1",
+           :kind "ConfigMap",
+           :metadata
+           {:namespace "jitsi",
+            :name "coturn-initial-config",
+            :labels #:app.kubernetes.io{:name "coturn"}},
+           :data
+           {:turnserver.conf
+            "realm: stun.xy.xy.xy\nlistening-ip: 0.0.0.0\nlistening-port: 3478\ntls-listening-port: 5349\nmin-port: 49152\nmax-port: 65535\nlog-file: stdout\npidfile: \"/var/tmp/turnserver.pid\"\npkey: \"/tls/tls.key\"\ncert: \"/tls/tls.crt\"\nuserdb: \"/var/db/turndb\""}}
+         (second (cut/coturn-config
+                  {:fqdn "xy.xy.xy"
+                   :namespace "jitsi"})))))