slim down required files to working example

This commit is contained in:
bom 2022-02-09 15:28:48 +01:00
parent 000e135021
commit 6d54389047
19 changed files with 226 additions and 277 deletions

View file

@ -12,24 +12,18 @@
(def config? (s/keys :req-un [::jitsi/fqdn] (def config? (s/keys :req-un [::jitsi/fqdn]
:opt-un [::jitsi/issuer ::jitsi/ingress-type])) :opt-un [::jitsi/issuer ::jitsi/ingress-type]))
(def auth? (s/keys :req-un [])) (def auth? (s/keys :req-un [::jitsi/jvb-auth-password ::jitsi/jicofo-auth-password ::jitsi/jicofo-component-secret]))
(defn k8s-objects [config] (defn k8s-objects [config]
(map (fn [x] (yaml/to-string x)) (map (fn [x] (yaml/to-string x))
[(jitsi/generate-jicofo-deployment config) [(jitsi/generate-ingress config)
(jitsi/generate-jicofo-pvc) (jitsi/generate-secret config)
(jitsi/generate-jvb-deployment config) (jitsi/generate-jicofo-deployment)
(jitsi/generate-jvb-pvc) (jitsi/generate-jvb-deployment)
(jitsi/generate-jvb-service) (jitsi/generate-jvb-service)
(jitsi/generate-networkpolicy) (jitsi/generate-prosody-deployment)
(jitsi/generate-prosody-deployment config) (jitsi/generate-web-deployment)
(jitsi/generate-prosody-pvc-config) (jitsi/generate-web-service)]))
(jitsi/generate-prosody-pvc-plugins)
(jitsi/generate-prosody-service)
(jitsi/generate-web-deployment config)
(jitsi/generate-web-pvc-config)
(jitsi/generate-web-pvc-crontabs)
(jitsi/generate-web-pvc-transcripts)]))
(defn-spec generate any? (defn-spec generate any?
[my-config config? [my-config config?

View file

@ -8,72 +8,51 @@
(s/def ::fqdn pred/fqdn-string?) (s/def ::fqdn pred/fqdn-string?)
(s/def ::issuer pred/letsencrypt-issuer?) (s/def ::issuer pred/letsencrypt-issuer?)
(s/def ::jvb-auth-password pred/bash-env-string?)
(s/def ::jicofo-auth-password pred/bash-env-string?)
(s/def ::jicofo-component-secret pred/bash-env-string?)
#?(:cljs #?(:cljs
(defmethod yaml/load-resource :jitsi [resource-name] (defmethod yaml/load-resource :jitsi [resource-name]
(case resource-name (case resource-name
"jitsi/ingress.yaml" (rc/inline "jitsi/ingress.yaml")
"jitsi/jicofo-deployment.yaml" (rc/inline "jitsi/jicofo-deployment.yaml") "jitsi/jicofo-deployment.yaml" (rc/inline "jitsi/jicofo-deployment.yaml")
"jitsi/jicofo-pvc.yaml" (rc/inline "jitsi/jicofo-pvc.yaml")
"jitsi/jvb-deployment.yaml" (rc/inline "jitsi/jvb-deployment.yaml") "jitsi/jvb-deployment.yaml" (rc/inline "jitsi/jvb-deployment.yaml")
"jitsi/jvb-pvc.yaml" (rc/inline "jitsi/jvb-pvc.yaml")
"jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml") "jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml")
"jitsi/networkpolicy.yaml" (rc/inline "jitsi/networkpolicy.yaml")
"jitsi/prosody-deployment.yaml" (rc/inline "jitsi/prosody-deployment.yaml") "jitsi/prosody-deployment.yaml" (rc/inline "jitsi/prosody-deployment.yaml")
"jitsi/prosody-pvc-config.yaml" (rc/inline "jitsi/prosody-pvc-config.yaml") "jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml")
"jitsi/prosody-pvc-plugins.yaml" (rc/inline "jitsi/prosody-pvc-plugins.yaml")
"jitsi/prosody-service.yaml" (rc/inline "jitsi/prosody-service.yaml")
"jitsi/web-deployment.yaml" (rc/inline "jitsi/web-deployment.yaml") "jitsi/web-deployment.yaml" (rc/inline "jitsi/web-deployment.yaml")
"jitsi/web-pvc-config.yaml" (rc/inline "jitsi/web-pvc-config.yaml")
"jitsi/web-pvc-crontabs.yaml" (rc/inline "jitsi/web-pvc-crontabs.yaml")
"jitsi/web-pvc-transcripts.yaml" (rc/inline "jitsi/web-pvc-transcripts.yaml")
"jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml") "jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml")
(throw (js/Error. "Undefined Resource!"))))) (throw (js/Error. "Undefined Resource!")))))
(defn generate-jicofo-deployment [config] (defn generate-ingress [config]
(->
; TODO: Update fqdn from config
(yaml/from-string (yaml/load-resource "jitsi/ingress.yaml"))))
(defn generate-secret [config]
(->
; TODO: Update secrets from auth
(yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))))
(defn generate-jicofo-deployment []
(-> (->
(yaml/from-string (yaml/load-resource "jitsi/jicofo-deployment.yaml")))) (yaml/from-string (yaml/load-resource "jitsi/jicofo-deployment.yaml"))))
(defn generate-jicofo-pvc [] (defn generate-jvb-deployment []
(yaml/from-string (yaml/load-resource "jitsi/jicofo-pvc.yaml")))
(defn generate-jvb-deployment [config]
(-> (->
(yaml/from-string (yaml/load-resource "jitsi/jvb-deployment.yaml")))) (yaml/from-string (yaml/load-resource "jitsi/jvb-deployment.yaml"))))
(defn generate-jvb-pvc []
(yaml/from-string (yaml/load-resource "jitsi/jvb-pvc.yaml")))
(defn generate-jvb-service [] (defn generate-jvb-service []
(yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml"))) (yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml")))
(defn generate-networkpolicy [] (defn generate-prosody-deployment []
(yaml/from-string (yaml/load-resource "jitsi/networkpolicy.yaml")))
(defn generate-prosody-deployment [config]
(-> (->
(yaml/from-string (yaml/load-resource "jitsi/prosody-deployment.yaml")))) (yaml/from-string (yaml/load-resource "jitsi/prosody-deployment.yaml"))))
(defn generate-prosody-pvc-config [] (defn generate-web-deployment []
(yaml/from-string (yaml/load-resource "jitsi/prosody-pvc-config.yaml")))
(defn generate-prosody-pvc-plugins []
(yaml/from-string (yaml/load-resource "jitsi/prosody-pvc-plugins.yaml")))
(defn generate-prosody-service []
(yaml/from-string (yaml/load-resource "jitsi/prosody-service.yaml")))
(defn generate-web-deployment [config]
(-> (->
(yaml/from-string (yaml/load-resource "jitsi/web-deployment.yaml")))) (yaml/from-string (yaml/load-resource "jitsi/web-deployment.yaml"))))
(defn generate-web-pvc-config []
(yaml/from-string (yaml/load-resource "jitsi/web-pvc-config.yaml")))
(defn generate-web-pvc-crontabs []
(yaml/from-string (yaml/load-resource "jitsi/web-pvc-crontabs.yaml")))
(defn generate-web-pvc-transcripts []
(yaml/from-string (yaml/load-resource "jitsi/web-pvc-transcripts.yaml")))
(defn generate-web-service [] (defn generate-web-service []
(yaml/from-string (yaml/load-resource "jitsi/web-service.yaml"))) (yaml/from-string (yaml/load-resource "jitsi/web-service.yaml")))

View file

@ -0,0 +1,22 @@
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: jitsi
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
spec:
tls:
- hosts:
- fqdn
secretName: tls-jitsi
rules:
- host: fqdn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 80

View file

@ -1,30 +1,46 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: jicofo labels:
app: jitsi
name: jitsi
spec: spec:
selector:
matchLabels:
app: jicofo
strategy: strategy:
type: Recreate type: Recreate
selector:
matchLabels:
app: jitsi
template: template:
metadata: metadata:
labels: labels:
app: jicofo app: jitsi
jitsi-network/meet.jitsi: "true"
spec: spec:
containers: containers:
- env: - name: jicofo
- name: SENTRY_DSN image: jitsi/jicofo:stable-6826
value: '"0"'
image: jitsi/jicofo:stable-6865
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: jicofo env:
volumeMounts: - name: XMPP_SERVER
- mountPath: /config value: localhost
name: jicofo-claim-config - name: XMPP_DOMAIN
volumes: value: meet.jitsi
- name: jicofo-claim-config - name: XMPP_AUTH_DOMAIN
persistentVolumeClaim: value: auth.meet.jitsi
claimName: jicofo-claim-config - name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Berlin

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jicofo-claim-config
labels:
app: jicofo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,41 +1,54 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: jvb labels:
app: jitsi
name: jitsi
spec: spec:
selector:
matchLabels:
app: jvb
strategy: strategy:
type: Recreate type: Recreate
selector:
matchLabels:
app: jitsi
template: template:
metadata: metadata:
labels: labels:
app: jvb app: jitsi
jitsi-network/meet.jitsi: "true"
service: jvb-service
spec: spec:
containers: containers:
- env: - name: jvb
- name: JVB_PORT image: jitsi/jvb:stable-6826
value: "10000"
- name: JVB_TCP_MAPPED_PORT
value: "4443"
- name: JVB_TCP_PORT
value: "4443"
- name: SENTRY_DSN
value: '"0"'
image: jitsi/jvb:stable-6865
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: jvb env:
ports: - name: XMPP_SERVER
- containerPort: 10000 value: localhost
protocol: UDP - name: DOCKER_HOST_ADDRESS
- containerPort: 4443 value: localhost
volumeMounts: - name: XMPP_DOMAIN
- mountPath: /config value: meet.jitsi
name: jvb-claim-config - name: XMPP_AUTH_DOMAIN
volumes: value: auth.meet.jitsi
- name: jvb-claim-config - name: XMPP_INTERNAL_MUC_DOMAIN
persistentVolumeClaim: value: internal-muc.meet.jitsi
claimName: jvb-claim-config - name: JVB_STUN_SERVERS
value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
- name: JICOFO_AUTH_USER
value: focus
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: JVB_AUTH_USER
value: jvb
- name: JVB_PORT
value: "30300"
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Berlin

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jvb-claim-config
labels:
app: jvb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,11 +1,16 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: jvb-service labels:
service: jvb
name: jvb-udp
spec: spec:
type: NodePort
externalTrafficPolicy: Cluster
ports: ports:
- port: 10000 - port: 30300
protocol: UDP protocol: UDP
- port: 4443 targetPort: 30300
nodePort: 30300
selector: selector:
app: jvb app: jitsi

View file

@ -1,13 +0,0 @@
apiVersion: extensions/v1beta1
kind: NetworkPolicy
metadata:
name: meet.jitsi
spec:
ingress:
- from:
- podSelector:
matchLabels:
jitsi-network/meet.jitsi: "true"
podSelector:
matchLabels:
jitsi-network/meet.jitsi: "true"

View file

@ -1,37 +1,53 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: prosody labels:
app: jitsi
name: jitsi
spec: spec:
selector:
matchLabels:
app: prosody
strategy: strategy:
type: Recreate type: Recreate
selector:
matchLabels:
app: jitsi
template: template:
metadata: metadata:
labels: labels:
app: prosody app: jitsi
jitsi-network/meet.jitsi: "true"
service: prosody-service
spec: spec:
containers: containers:
- image: jitsi/prosody:stable-6865 - name: prosody
image: jitsi/prosody:stable-6826
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: prosody env:
ports: - name: XMPP_DOMAIN
- containerPort: 5222 value: meet.jitsi
- containerPort: 5347 - name: XMPP_AUTH_DOMAIN
- containerPort: 5280 value: auth.meet.jitsi
volumeMounts: - name: XMPP_MUC_DOMAIN
- mountPath: /config value: muc.meet.jitsi
name: prosody-claim-config - name: XMPP_INTERNAL_MUC_DOMAIN
- mountPath: /prosody-plugins-custom value: internal-muc.meet.jitsi
name: prosody-claim-plugins - name: JICOFO_COMPONENT_SECRET
volumes: valueFrom:
- name: prosody-claim-config secretKeyRef:
persistentVolumeClaim: name: jitsi-config
claimName: prosody-claim-config key: JICOFO_COMPONENT_SECRET
- name: prosody-claim-plugins - name: JVB_AUTH_USER
persistentVolumeClaim: value: jvb
claimName: prosody-claim-plugins - name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Berlin
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prosody-claim-config
labels:
app: prosody
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prosody-claim-plugins
labels:
app: prosody
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,11 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: prosody-service
spec:
ports:
- port: 5222
- port: 5347
- port: 5280
selector:
app: prosody

View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: jitsi-config
type: Opaque
data:
JVB_AUTH_PASSWORD: "jvb-auth"
JICOFO_AUTH_PASSWORD: "jicofo-auth"
JICOFO_COMPONENT_SECRET: "comp-sec"

View file

@ -1,41 +1,40 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: jitsi-web labels:
app: jitsi
name: jitsi
spec: spec:
selector:
matchLabels:
app: jitsi-web
strategy: strategy:
type: Recreate type: Recreate
selector:
matchLabels:
app: jitsi
template: template:
metadata: metadata:
labels: labels:
app: jitsi app: jitsi
jitsi-network/meet.jitsi: "true"
service: jitsi-web-service
spec: spec:
containers: containers:
- image: jitsi/web:stable-6865 - name: web
image: jitsi/web:stable-6826
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: jitsi-web env:
ports: - name: XMPP_SERVER
- containerPort: 80 value: localhost
- containerPort: 443 - name: JICOFO_AUTH_USER
volumeMounts: value: focus
- mountPath: /config - name: XMPP_DOMAIN
name: web-claim-config value: meet.jitsi
- mountPath: /var/spool/cron/crontabs - name: XMPP_AUTH_DOMAIN
name: web-claim-crontabs value: auth.meet.jitsi
- mountPath: /usr/share/jitsi-meet/transcripts - name: XMPP_INTERNAL_MUC_DOMAIN
name: web-claim-transcripts value: internal-muc.meet.jitsi
volumes: - name: XMPP_BOSH_URL_BASE
- name: web-claim-config value: http://127.0.0.1:5280
persistentVolumeClaim: - name: XMPP_MUC_DOMAIN
claimName: web-claim-config value: muc.meet.jitsi
- name: web-claim-crontabs - name: TZ
persistentVolumeClaim: value: Europe/Berlin
claimName: web-claim-crontabs - name: JVB_TCP_HARVESTER_DISABLED
- name: web-claim-transcripts value: "true"
persistentVolumeClaim:
claimName: web-claim-transcripts

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: web-claim-config
labels:
app: jitsi
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: web-claim-crontabs
labels:
app: jitsi
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: web-claim-transcripts
labels:
app: jitsi
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,12 +1,16 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: jitsi-web-service labels:
service: web
name: web
spec: spec:
selector:
app: jitsi-web
ports: ports:
- port: 8000 - name: "http"
- port: 8443 port: 80
targetPort: 80
- name: "https"
port: 443
targetPort: 443
selector: selector:
service: jitsi-web-service app: jitsi