slim down required files to working example

This commit is contained in:
bom 2022-02-09 15:28:48 +01:00
parent 000e135021
commit 6d54389047
19 changed files with 226 additions and 277 deletions

View file

@ -12,24 +12,18 @@
(def config? (s/keys :req-un [::jitsi/fqdn]
:opt-un [::jitsi/issuer ::jitsi/ingress-type]))
(def auth? (s/keys :req-un []))
(def auth? (s/keys :req-un [::jitsi/jvb-auth-password ::jitsi/jicofo-auth-password ::jitsi/jicofo-component-secret]))
(defn k8s-objects [config]
(map (fn [x] (yaml/to-string x))
[(jitsi/generate-jicofo-deployment config)
(jitsi/generate-jicofo-pvc)
(jitsi/generate-jvb-deployment config)
(jitsi/generate-jvb-pvc)
[(jitsi/generate-ingress config)
(jitsi/generate-secret config)
(jitsi/generate-jicofo-deployment)
(jitsi/generate-jvb-deployment)
(jitsi/generate-jvb-service)
(jitsi/generate-networkpolicy)
(jitsi/generate-prosody-deployment config)
(jitsi/generate-prosody-pvc-config)
(jitsi/generate-prosody-pvc-plugins)
(jitsi/generate-prosody-service)
(jitsi/generate-web-deployment config)
(jitsi/generate-web-pvc-config)
(jitsi/generate-web-pvc-crontabs)
(jitsi/generate-web-pvc-transcripts)]))
(jitsi/generate-prosody-deployment)
(jitsi/generate-web-deployment)
(jitsi/generate-web-service)]))
(defn-spec generate any?
[my-config config?

View file

@ -8,72 +8,51 @@
(s/def ::fqdn pred/fqdn-string?)
(s/def ::issuer pred/letsencrypt-issuer?)
(s/def ::jvb-auth-password pred/bash-env-string?)
(s/def ::jicofo-auth-password pred/bash-env-string?)
(s/def ::jicofo-component-secret pred/bash-env-string?)
#?(:cljs
(defmethod yaml/load-resource :jitsi [resource-name]
(case resource-name
"jitsi/ingress.yaml" (rc/inline "jitsi/ingress.yaml")
"jitsi/jicofo-deployment.yaml" (rc/inline "jitsi/jicofo-deployment.yaml")
"jitsi/jicofo-pvc.yaml" (rc/inline "jitsi/jicofo-pvc.yaml")
"jitsi/jvb-deployment.yaml" (rc/inline "jitsi/jvb-deployment.yaml")
"jitsi/jvb-pvc.yaml" (rc/inline "jitsi/jvb-pvc.yaml")
"jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml")
"jitsi/networkpolicy.yaml" (rc/inline "jitsi/networkpolicy.yaml")
"jitsi/prosody-deployment.yaml" (rc/inline "jitsi/prosody-deployment.yaml")
"jitsi/prosody-pvc-config.yaml" (rc/inline "jitsi/prosody-pvc-config.yaml")
"jitsi/prosody-pvc-plugins.yaml" (rc/inline "jitsi/prosody-pvc-plugins.yaml")
"jitsi/prosody-service.yaml" (rc/inline "jitsi/prosody-service.yaml")
"jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml")
"jitsi/web-deployment.yaml" (rc/inline "jitsi/web-deployment.yaml")
"jitsi/web-pvc-config.yaml" (rc/inline "jitsi/web-pvc-config.yaml")
"jitsi/web-pvc-crontabs.yaml" (rc/inline "jitsi/web-pvc-crontabs.yaml")
"jitsi/web-pvc-transcripts.yaml" (rc/inline "jitsi/web-pvc-transcripts.yaml")
"jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn generate-jicofo-deployment [config]
(defn generate-ingress [config]
(->
; TODO: Update fqdn from config
(yaml/from-string (yaml/load-resource "jitsi/ingress.yaml"))))
(defn generate-secret [config]
(->
; TODO: Update secrets from auth
(yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))))
(defn generate-jicofo-deployment []
(->
(yaml/from-string (yaml/load-resource "jitsi/jicofo-deployment.yaml"))))
(defn generate-jicofo-pvc []
(yaml/from-string (yaml/load-resource "jitsi/jicofo-pvc.yaml")))
(defn generate-jvb-deployment [config]
(defn generate-jvb-deployment []
(->
(yaml/from-string (yaml/load-resource "jitsi/jvb-deployment.yaml"))))
(defn generate-jvb-pvc []
(yaml/from-string (yaml/load-resource "jitsi/jvb-pvc.yaml")))
(defn generate-jvb-service []
(yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml")))
(defn generate-networkpolicy []
(yaml/from-string (yaml/load-resource "jitsi/networkpolicy.yaml")))
(defn generate-prosody-deployment [config]
(defn generate-prosody-deployment []
(->
(yaml/from-string (yaml/load-resource "jitsi/prosody-deployment.yaml"))))
(defn generate-prosody-pvc-config []
(yaml/from-string (yaml/load-resource "jitsi/prosody-pvc-config.yaml")))
(defn generate-prosody-pvc-plugins []
(yaml/from-string (yaml/load-resource "jitsi/prosody-pvc-plugins.yaml")))
(defn generate-prosody-service []
(yaml/from-string (yaml/load-resource "jitsi/prosody-service.yaml")))
(defn generate-web-deployment [config]
(defn generate-web-deployment []
(->
(yaml/from-string (yaml/load-resource "jitsi/web-deployment.yaml"))))
(defn generate-web-pvc-config []
(yaml/from-string (yaml/load-resource "jitsi/web-pvc-config.yaml")))
(defn generate-web-pvc-crontabs []
(yaml/from-string (yaml/load-resource "jitsi/web-pvc-crontabs.yaml")))
(defn generate-web-pvc-transcripts []
(yaml/from-string (yaml/load-resource "jitsi/web-pvc-transcripts.yaml")))
(defn generate-web-service []
(yaml/from-string (yaml/load-resource "jitsi/web-service.yaml")))

View file

@ -0,0 +1,22 @@
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: jitsi
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
spec:
tls:
- hosts:
- fqdn
secretName: tls-jitsi
rules:
- host: fqdn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 80

View file

@ -1,30 +1,46 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: jicofo
labels:
app: jitsi
name: jitsi
spec:
selector:
matchLabels:
app: jicofo
strategy:
type: Recreate
selector:
matchLabels:
app: jitsi
template:
metadata:
labels:
app: jicofo
jitsi-network/meet.jitsi: "true"
app: jitsi
spec:
containers:
- env:
- name: SENTRY_DSN
value: '"0"'
image: jitsi/jicofo:stable-6865
- name: jicofo
image: jitsi/jicofo:stable-6826
imagePullPolicy: IfNotPresent
name: jicofo
volumeMounts:
- mountPath: /config
name: jicofo-claim-config
volumes:
- name: jicofo-claim-config
persistentVolumeClaim:
claimName: jicofo-claim-config
env:
- name: XMPP_SERVER
value: localhost
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Berlin

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jicofo-claim-config
labels:
app: jicofo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,41 +1,54 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: jvb
labels:
app: jitsi
name: jitsi
spec:
selector:
matchLabels:
app: jvb
strategy:
type: Recreate
selector:
matchLabels:
app: jitsi
template:
metadata:
labels:
app: jvb
jitsi-network/meet.jitsi: "true"
service: jvb-service
app: jitsi
spec:
containers:
- env:
- name: JVB_PORT
value: "10000"
- name: JVB_TCP_MAPPED_PORT
value: "4443"
- name: JVB_TCP_PORT
value: "4443"
- name: SENTRY_DSN
value: '"0"'
image: jitsi/jvb:stable-6865
- name: jvb
image: jitsi/jvb:stable-6826
imagePullPolicy: IfNotPresent
name: jvb
ports:
- containerPort: 10000
protocol: UDP
- containerPort: 4443
volumeMounts:
- mountPath: /config
name: jvb-claim-config
volumes:
- name: jvb-claim-config
persistentVolumeClaim:
claimName: jvb-claim-config
env:
- name: XMPP_SERVER
value: localhost
- name: DOCKER_HOST_ADDRESS
value: localhost
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JVB_STUN_SERVERS
value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
- name: JICOFO_AUTH_USER
value: focus
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: JVB_AUTH_USER
value: jvb
- name: JVB_PORT
value: "30300"
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Berlin

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jvb-claim-config
labels:
app: jvb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,11 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: jvb-service
labels:
service: jvb
name: jvb-udp
spec:
type: NodePort
externalTrafficPolicy: Cluster
ports:
- port: 10000
- port: 30300
protocol: UDP
- port: 4443
targetPort: 30300
nodePort: 30300
selector:
app: jvb
app: jitsi

View file

@ -1,13 +0,0 @@
apiVersion: extensions/v1beta1
kind: NetworkPolicy
metadata:
name: meet.jitsi
spec:
ingress:
- from:
- podSelector:
matchLabels:
jitsi-network/meet.jitsi: "true"
podSelector:
matchLabels:
jitsi-network/meet.jitsi: "true"

View file

@ -1,37 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: prosody
labels:
app: jitsi
name: jitsi
spec:
selector:
matchLabels:
app: prosody
strategy:
type: Recreate
selector:
matchLabels:
app: jitsi
template:
metadata:
labels:
app: prosody
jitsi-network/meet.jitsi: "true"
service: prosody-service
app: jitsi
spec:
containers:
- image: jitsi/prosody:stable-6865
- name: prosody
image: jitsi/prosody:stable-6826
imagePullPolicy: IfNotPresent
name: prosody
ports:
- containerPort: 5222
- containerPort: 5347
- containerPort: 5280
volumeMounts:
- mountPath: /config
name: prosody-claim-config
- mountPath: /prosody-plugins-custom
name: prosody-claim-plugins
volumes:
- name: prosody-claim-config
persistentVolumeClaim:
claimName: prosody-claim-config
- name: prosody-claim-plugins
persistentVolumeClaim:
claimName: prosody-claim-plugins
env:
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JVB_AUTH_USER
value: jvb
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Berlin
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prosody-claim-config
labels:
app: prosody
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prosody-claim-plugins
labels:
app: prosody
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,11 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: prosody-service
spec:
ports:
- port: 5222
- port: 5347
- port: 5280
selector:
app: prosody

View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: jitsi-config
type: Opaque
data:
JVB_AUTH_PASSWORD: "jvb-auth"
JICOFO_AUTH_PASSWORD: "jicofo-auth"
JICOFO_COMPONENT_SECRET: "comp-sec"

View file

@ -1,41 +1,40 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: jitsi-web
labels:
app: jitsi
name: jitsi
spec:
selector:
matchLabels:
app: jitsi-web
strategy:
type: Recreate
selector:
matchLabels:
app: jitsi
template:
metadata:
labels:
app: jitsi
jitsi-network/meet.jitsi: "true"
service: jitsi-web-service
spec:
containers:
- image: jitsi/web:stable-6865
- name: web
image: jitsi/web:stable-6826
imagePullPolicy: IfNotPresent
name: jitsi-web
ports:
- containerPort: 80
- containerPort: 443
volumeMounts:
- mountPath: /config
name: web-claim-config
- mountPath: /var/spool/cron/crontabs
name: web-claim-crontabs
- mountPath: /usr/share/jitsi-meet/transcripts
name: web-claim-transcripts
volumes:
- name: web-claim-config
persistentVolumeClaim:
claimName: web-claim-config
- name: web-claim-crontabs
persistentVolumeClaim:
claimName: web-claim-crontabs
- name: web-claim-transcripts
persistentVolumeClaim:
claimName: web-claim-transcripts
env:
- name: XMPP_SERVER
value: localhost
- name: JICOFO_AUTH_USER
value: focus
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: XMPP_BOSH_URL_BASE
value: http://127.0.0.1:5280
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: TZ
value: Europe/Berlin
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: web-claim-config
labels:
app: jitsi
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: web-claim-crontabs
labels:
app: jitsi
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: web-claim-transcripts
labels:
app: jitsi
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View file

@ -1,12 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: jitsi-web-service
labels:
service: web
name: web
spec:
selector:
app: jitsi-web
ports:
- port: 8000
- port: 8443
- name: "http"
port: 80
targetPort: 80
- name: "https"
port: 443
targetPort: 443
selector:
service: jitsi-web-service
app: jitsi