Merge pull request 'major-refactoring-to-adjust-to-helm-community' (#5) from major-refactoring-to-adjust-to-helm-community into main

Reviewed-on: #5
2025-02-20 15:50:50 +00:00 · 2025-02-20 15:50:50 +00:00 · c049909204
commit c049909204
parent ae53a2977f 80ad4b720d
72 changed files with 1501 additions and 6638 deletions
--- a/.gitignore
+++ b/.gitignore
@ -28,3 +28,5 @@ auth.edn
 config.edn
 out.yaml
 .eastwood
+tmp/
+.envrc
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -116,9 +116,9 @@ release-to-forgejo:
  script:
    - pyb publish_artifacts

-jitsi-web-image-publish:
+jitsi-excalidraw-image-publish:
  <<: *img
  <<: *tag_only
  stage: image
  script:
-    - cd infrastructure/web && pyb image publish
+    - cd infrastructure/excalidraw && pyb image publish
--- a/build.py
+++ b/build.py
@ -23,8 +23,7 @@ def initialize(project):
        "release_primary_build_file": "project.clj",
        "release_secondary_build_files": [
            "package.json",
-            "infrastructure/web/build.py",
-            "infrastructure/excalidraw-backend/build.py",
+            "infrastructure/excalidraw/build.py",
        ],
        "release_artifact_server_url": "https://repo.prod.meissa.de",
        "release_organisation": "meissa",
@ -165,12 +164,12 @@ def lint(project):
@task
 def inst(project):
    package_uberjar(project)
-    package_native(project)
    run(
        f"sudo install -m=755 target/uberjar/{project.name}-standalone.jar /usr/local/bin/{project.name}-standalone.jar",
        shell=True,
        check=True,
    )
+    package_native(project)
    run(
        f"sudo install -m=755 target/graalvm/{project.name} /usr/local/bin/{project.name}",
        shell=True,
--- a/infrastructure/excalidraw-backend/build.py
+++ b/infrastructure/excalidraw-backend/build.py
@ -1,57 +0,0 @@
-from os import environ
-from datetime import datetime
-from pybuilder.core import task, init
-from ddadevops import *
-
-name = "c4k-jitsi"
-MODULE = "excalidraw-backend"
-PROJECT_ROOT_PATH = "../.."
-version = "2.2.1-dev"
-
-
-@init
-def initialize(project):
-    image_tag = version
-    if "dev" in image_tag:
-        image_tag += datetime.now().strftime("%Y-%m-%d-%H-%M-%S")
-
-    input = {
-        "name": name,
-        "module": MODULE,
-        "stage": "notused",
-        "project_root_path": PROJECT_ROOT_PATH,
-        "build_types": ["IMAGE"],
-        "mixin_types": [],
-        "image_naming": "NAME_AND_MODULE",
-        "image_tag": f"{image_tag}",
-    }
-
-    project.build_depends_on("ddadevops>=4.7.0")
-
-    build = DevopsImageBuild(project, input)
-    build.initialize_build_dir()
-
-
-@task
-def image(project):
-    build = get_devops_build(project)
-    build.image()
-
-
-@task
-def drun(project):
-    build = get_devops_build(project)
-    build.drun()
-
-
-@task
-def test(project):
-    build = get_devops_build(project)
-    build.test()
-
-
-@task
-def publish(project):
-    build = get_devops_build(project)
-    build.dockerhub_login()
-    build.dockerhub_publish()
--- a/infrastructure/excalidraw-backend/image/resources/package-lock.json
+++ b/infrastructure/excalidraw-backend/image/resources/package-lock.json
--- a/infrastructure/excalidraw/build.py
+++ b/infrastructure/excalidraw/build.py
@ -4,7 +4,7 @@ from pybuilder.core import task, init
 from ddadevops import *

 name = "c4k-jitsi"
-MODULE = "web"
+MODULE = "excalidraw"
 PROJECT_ROOT_PATH = "../.."
 version = "2.2.1-dev"

--- a/infrastructure/excalidraw-backend/image/Dockerfile
+++ b/infrastructure/excalidraw-backend/image/Dockerfile
--- a/infrastructure/excalidraw-backend/image/resources/install.sh
+++ b/infrastructure/excalidraw-backend/image/resources/install.sh
--- a/infrastructure/excalidraw-backend/image/resources/package.json
+++ b/infrastructure/excalidraw-backend/image/resources/package.json
--- a/infrastructure/excalidraw-backend/image/resources/src/.eslintrc.js
+++ b/infrastructure/excalidraw-backend/image/resources/src/.eslintrc.js
--- a/infrastructure/excalidraw-backend/image/resources/src/index.ts
+++ b/infrastructure/excalidraw-backend/image/resources/src/index.ts
--- a/infrastructure/excalidraw-backend/image/resources/tsconfig.json
+++ b/infrastructure/excalidraw-backend/image/resources/tsconfig.json
--- a/infrastructure/web/image/Dockerfile
+++ b/infrastructure/web/image/Dockerfile
@ -1,6 +0,0 @@
-# IMPORTANT: In case of base image update, "./resources/settings-config.js" also has to be updated manually!
-FROM jitsi/web:stable-9646
-
-# Prepare Configuration
-ADD resources /tmp
-RUN /tmp/install.sh
--- a/infrastructure/web/image/resources/install-debug.sh
+++ b/infrastructure/web/image/resources/install-debug.sh
@ -1,3 +0,0 @@
-#!/bin/bash
-
-apt update && apt -qqy install vim bash-completion less
--- a/infrastructure/web/image/resources/install.sh
+++ b/infrastructure/web/image/resources/install.sh
@ -1,17 +0,0 @@
-#!/bin/bash
-
-set -exo pipefail
-
-function main() {
-    {
-        upgradeSystem
-    } > /dev/null
-
-    install -m 0700 /tmp/install-debug.sh /usr/local/bin/
-    install -m 0644 /tmp/settings-config.js /defaults/settings-config.js
-
-    cleanupDocker
-}
-
-source /tmp/install_functions_debian.sh
-DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes main
--- a/infrastructure/web/image/resources/settings-config.js
+++ b/infrastructure/web/image/resources/settings-config.js
@ -1,570 +0,0 @@
-//https://github.com/jitsi/docker-jitsi-meet/blob/master/web/rootfs/defaults/settings-config.js
-
-{{ $DEPLOYMENTINFO_USERREGION := .Env.DEPLOYMENTINFO_USERREGION | default "" -}}
-{{ $ENABLE_AUDIO_PROCESSING := .Env.ENABLE_AUDIO_PROCESSING | default "true" | toBool -}}
-{{ $ENABLE_BREAKOUT_ROOMS := .Env.ENABLE_BREAKOUT_ROOMS | default "true" | toBool -}}
-{{ $ENABLE_CALENDAR := .Env.ENABLE_CALENDAR | default "false" | toBool -}}
-{{ $ENABLE_FILE_RECORDING_SHARING := .Env.ENABLE_FILE_RECORDING_SHARING | default "false" | toBool -}}
-{{ $ENABLE_NO_AUDIO_DETECTION := .Env.ENABLE_NO_AUDIO_DETECTION | default "true" | toBool -}}
-{{ $ENABLE_P2P := .Env.ENABLE_P2P | default "true" | toBool -}}
-{{ $ENABLE_PREJOIN_PAGE := .Env.ENABLE_PREJOIN_PAGE | default "true" | toBool -}}
-{{ $ENABLE_WELCOME_PAGE := .Env.ENABLE_WELCOME_PAGE | default "true" | toBool -}}
-{{ $ENABLE_CLOSE_PAGE := .Env.ENABLE_CLOSE_PAGE | default "false" | toBool -}}
-{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "false" | toBool -}}
-{{ $ENABLE_SERVICE_RECORDING := .Env.ENABLE_SERVICE_RECORDING | default ($ENABLE_RECORDING | printf "%t") | toBool -}}
-{{ $ENABLE_LIVESTREAMING := .Env.ENABLE_LIVESTREAMING | default "false" | toBool -}}
-{{ $ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK := .Env.ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK | default "https://policies.google.com/privacy" -}}
-{{ $ENABLE_LIVESTREAMING_HELP_LINK := .Env.ENABLE_LIVESTREAMING_HELP_LINK | default "https://jitsi.org/live" -}}
-{{ $ENABLE_LIVESTREAMING_TERMS_LINK := .Env.ENABLE_LIVESTREAMING_TERMS_LINK | default "https://www.youtube.com/t/terms" -}}
-{{ $ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING := .Env.ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING | default "^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}" -}}
-{{ $ENABLE_REMB := .Env.ENABLE_REMB | default "true" | toBool -}}
-{{ $ENABLE_REQUIRE_DISPLAY_NAME := .Env.ENABLE_REQUIRE_DISPLAY_NAME | default "false" | toBool -}}
-{{ $ENABLE_SIMULCAST := .Env.ENABLE_SIMULCAST | default "true" | toBool -}}
-{{ $ENABLE_STEREO := .Env.ENABLE_STEREO | default "false" | toBool -}}
-{{ $ENABLE_OPUS_RED := .Env.ENABLE_OPUS_RED | default "false" | toBool -}}
-{{ $ENABLE_TALK_WHILE_MUTED := .Env.ENABLE_TALK_WHILE_MUTED | default "false" | toBool -}}
-{{ $ENABLE_TCC := .Env.ENABLE_TCC | default "true" | toBool -}}
-{{ $ENABLE_TRANSCRIPTIONS := .Env.ENABLE_TRANSCRIPTIONS | default "false" | toBool -}}
-{{ $TRANSLATION_LANGUAGES := .Env.TRANSLATION_LANGUAGES | default "[]" -}}
-{{ $TRANSLATION_LANGUAGES_HEAD := .Env.TRANSLATION_LANGUAGES_HEAD | default "['en']" -}}
-{{ $USE_APP_LANGUAGE := .Env.USE_APP_LANGUAGE | default "true" | toBool -}}
-{{ $PREFERRED_LANGUAGE := .Env.PREFERRED_LANGUAGE | default "en-US" -}}
-{{ $DISABLE_START_FOR_ALL := .Env.DISABLE_START_FOR_ALL | default "false" | toBool -}}
-{{ $AUTO_CAPTION_ON_RECORD := .Env.AUTO_CAPTION_ON_RECORD | default "false" | toBool -}}
-{{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }}
-{{ $HIDE_PREJOIN_DISPLAY_NAME := .Env.HIDE_PREJOIN_DISPLAY_NAME | default "false" | toBool -}}
-{{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}}
-{{ $RESOLUTION := .Env.RESOLUTION | default "720" -}}
-{{ $RESOLUTION_MIN := .Env.RESOLUTION_MIN | default "180" -}}
-{{ $RESOLUTION_WIDTH := .Env.RESOLUTION_WIDTH | default "1280" -}}
-{{ $RESOLUTION_WIDTH_MIN := .Env.RESOLUTION_WIDTH_MIN | default "320" -}}
-{{ $START_AUDIO_ONLY := .Env.START_AUDIO_ONLY | default "false" | toBool -}}
-{{ $START_AUDIO_MUTED := .Env.START_AUDIO_MUTED | default 10 -}}
-{{ $START_WITH_AUDIO_MUTED := .Env.START_WITH_AUDIO_MUTED | default "false" | toBool -}}
-{{ $START_SILENT := .Env.START_SILENT | default "false" | toBool -}}
-{{ $DISABLE_AUDIO_LEVELS := .Env.DISABLE_AUDIO_LEVELS | default "false" | toBool -}}
-{{ $ENABLE_NOISY_MIC_DETECTION := .Env.ENABLE_NOISY_MIC_DETECTION | default "true" | toBool -}}
-{{ $START_VIDEO_MUTED := .Env.START_VIDEO_MUTED | default 10 -}}
-{{ $START_WITH_VIDEO_MUTED := .Env.START_WITH_VIDEO_MUTED | default "false" | toBool -}}
-{{ $DESKTOP_SHARING_FRAMERATE_AUTO := .Env.DESKTOP_SHARING_FRAMERATE_AUTO | default "true" | toBool -}}
-{{ $DESKTOP_SHARING_FRAMERATE_MIN := .Env.DESKTOP_SHARING_FRAMERATE_MIN | default 5 -}}
-{{ $DESKTOP_SHARING_FRAMERATE_MAX := .Env.DESKTOP_SHARING_FRAMERATE_MAX | default 5 -}}
-{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
-{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}}
-{{ $DISABLE_DEEP_LINKING  := .Env.DISABLE_DEEP_LINKING | default "false" | toBool -}}
-{{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}}
-{{ $DISABLE_REACTIONS := .Env.DISABLE_REACTIONS | default "false" | toBool -}}
-{{ $DISABLE_REMOTE_VIDEO_MENU := .Env.DISABLE_REMOTE_VIDEO_MENU | default "false" | toBool -}}
-{{ $DISABLE_PRIVATE_CHAT:= .Env.DISABLE_PRIVATE_CHAT | default "false" | toBool -}}
-{{ $DISABLE_KICKOUT := .Env.DISABLE_KICKOUT | default "false" | toBool -}}
-{{ $DISABLE_GRANT_MODERATOR := .Env.DISABLE_GRANT_MODERATOR | default "false" | toBool -}}
-{{ $ENABLE_E2EPING := .Env.ENABLE_E2EPING | default "false" | toBool -}}
-{{ $DISABLE_LOCAL_RECORDING := .Env.DISABLE_LOCAL_RECORDING | default "false" | toBool -}}
-{{ $ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT := .Env.ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT | default "false" | toBool -}}
-{{ $ENABLE_LOCAL_RECORDING_SELF_START := .Env.ENABLE_LOCAL_RECORDING_SELF_START | default "false" | toBool -}}
-{{ $DISABLE_PROFILE := .Env.DISABLE_PROFILE | default "false" | toBool -}}
-{{ $ROOM_PASSWORD_DIGITS := .Env.ROOM_PASSWORD_DIGITS | default "false" -}}
-{{ $WHITEBOARD_COLLAB_SERVER_PUBLIC_URL := .Env.WHITEBOARD_COLLAB_SERVER_PUBLIC_URL | default "" -}}
-{{ $WHITEBOARD_ENABLED := .Env.WHITEBOARD_ENABLED | default "false" | toBool -}}
-{{ $TESTING_AV1_SUPPORT := .Env.TESTING_AV1_SUPPORT | default "false" | toBool -}}
-
-// Video configuration.
-//
-
-config.resolution = {{ $RESOLUTION }};
-config.constraints = {
-    video: {
-        height: { ideal: {{ $RESOLUTION }}, max: {{ $RESOLUTION }}, min: {{ $RESOLUTION_MIN }} },
-        width: { ideal: {{ $RESOLUTION_WIDTH }}, max: {{ $RESOLUTION_WIDTH }}, min: {{ $RESOLUTION_WIDTH_MIN }}},
-    }
-};
-
-{{ if not $ENABLE_SIMULCAST -}}
-config.disableSimulcast = true;
-{{ end -}}
-config.startVideoMuted = {{ $START_VIDEO_MUTED }};
-config.startWithVideoMuted = {{ $START_WITH_VIDEO_MUTED }};
-
-config.flags = {
-    sourceNameSignaling: true,
-    sendMultipleVideoStreams: true,
-    receiveMultipleVideoStreams: true
-};
-
-// ScreenShare Configuration.
-//
-
-{{ if not $DESKTOP_SHARING_FRAMERATE_AUTO -}}
-config.desktopSharingFrameRate = {
-    min: {{ $DESKTOP_SHARING_FRAMERATE_MIN }},
-    max: {{ $DESKTOP_SHARING_FRAMERATE_MAX }}
-};
-{{ end -}}
-
-// Audio configuration.
-//
-
-config.enableNoAudioDetection = {{ $ENABLE_NO_AUDIO_DETECTION }};
-config.enableTalkWhileMuted = {{ $ENABLE_TALK_WHILE_MUTED }};
-config.disableAP = {{ not $ENABLE_AUDIO_PROCESSING }};
-
-config.audioQuality = {
-    stereo: {{ $ENABLE_STEREO }}
-};
-
-{{ if .Env.AUDIO_QUALITY_OPUS_BITRATE -}}
-config.audioQuality.opusMaxAverageBitrate = '{{ .Env.AUDIO_QUALITY_OPUS_BITRATE }}';
-{{ end -}}
-
-config.startAudioOnly = {{ $START_AUDIO_ONLY }};
-config.startAudioMuted = {{ $START_AUDIO_MUTED }};
-config.startWithAudioMuted = {{ $START_WITH_AUDIO_MUTED }};
-config.startSilent = {{ $START_SILENT }};
-config.enableOpusRed = {{ $ENABLE_OPUS_RED }};
-config.disableAudioLevels = {{ $DISABLE_AUDIO_LEVELS }};
-config.enableNoisyMicDetection = {{ $ENABLE_NOISY_MIC_DETECTION }};
-
-
-// Peer-to-Peer options.
-//
-
-config.p2p = {
-    enabled: {{ $ENABLE_P2P }}
-};
-
-
-// Breakout Rooms
-//
-
-config.hideAddRoomButton = {{ $ENABLE_BREAKOUT_ROOMS | not }};
-
-
-// Etherpad
-//
-
-{{ if .Env.ETHERPAD_PUBLIC_URL -}}
-config.etherpad_base = '{{ .Env.ETHERPAD_PUBLIC_URL }}';
-{{ else if .Env.ETHERPAD_URL_BASE -}}
-config.etherpad_base = '{{ $PUBLIC_URL }}/etherpad/p/';
-{{ end -}}
-
-
-// Recording.
-//
-
-{{ if $ENABLE_RECORDING  -}}
-
-config.hiddenDomain = '{{ $XMPP_RECORDER_DOMAIN }}';
-
-config.recordingService = {
-    // Whether to enable file recording or not using the "service" defined by the finalizer in Jibri
-    enabled: {{ $ENABLE_SERVICE_RECORDING }},
-
-    // Whether to show the possibility to share file recording with other people
-    // (e.g. meeting participants), based on the actual implementation
-    // on the backend.
-    sharingEnabled: {{ $ENABLE_FILE_RECORDING_SHARING }}
-};
-
-// Live streaming configuration.
-config.liveStreaming = {
-    enabled: {{ $ENABLE_LIVESTREAMING }},
-    dataPrivacyLink: '{{ $ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK }}',
-    helpLink: '{{ $ENABLE_LIVESTREAMING_HELP_LINK }}',
-    termsLink: '{{ $ENABLE_LIVESTREAMING_TERMS_LINK }}',
-    validatorRegExpString: '{{ $ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING }}'
-};
-
-
-{{ if .Env.DROPBOX_APPKEY -}}
-// Enable the dropbox integration.
-config.dropbox = {
-    appKey: '{{ .Env.DROPBOX_APPKEY }}'
-};
-
-{{ if .Env.DROPBOX_REDIRECT_URI -}}
-// A URL to redirect the user to, after authenticating
-// by default uses:
-// 'https://jitsi-meet.example.com/static/oauth.html'
-config.dropbox.redirectURI = '{{ .Env.DROPBOX_REDIRECT_URI }}';
-{{ end -}}
-{{ end -}}
-
-{{ end -}}
-
-// Local recording configuration.
-config.localRecording = {
-    disable: {{ $DISABLE_LOCAL_RECORDING }},
-    notifyAllParticipants: {{ $ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT }},
-    disableSelfRecording: {{ $ENABLE_LOCAL_RECORDING_SELF_START }}
-};
-
-
-// Analytics.
-//
-
-config.analytics = {};
-
-{{ if .Env.AMPLITUDE_ID -}}
-// The Amplitude APP Key:
-config.analytics.amplitudeAPPKey = '{{ .Env.AMPLITUDE_ID }}';
-{{ end -}}
-
-{{ if .Env.GOOGLE_ANALYTICS_ID -}}
-// The Google Analytics Tracking ID:
-config.analytics.googleAnalyticsTrackingId = '{{ .Env.GOOGLE_ANALYTICS_ID }}';
-{{ end -}}
-
-{{ if .Env.MATOMO_ENDPOINT -}}
-// Matomo endpoint:
-config.analytics.matomoEndpoint = '{{ .Env.MATOMO_ENDPOINT }}';
-{{ end -}}
-
-{{ if .Env.MATOMO_SITE_ID -}}
-// Matomo site ID:
-config.analytics.matomoSiteID = '{{ .Env.MATOMO_SITE_ID }}';
-{{ end -}}
-
-{{ if .Env.ANALYTICS_SCRIPT_URLS -}}
-// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
-config.analytics.scriptURLs = [ '{{ join "','" (splitList "," .Env.ANALYTICS_SCRIPT_URLS) }}' ];
-{{ end -}}
-
-{{ if .Env.ANALYTICS_WHITELISTED_EVENTS -}}
-config.analytics.whiteListedEvents = [ '{{ join "','" (splitList "," .Env.ANALYTICS_WHITELISTED_EVENTS) }}' ];
-{{ end -}}
-
-
-// Dial in/out services.
-//
-
-{{ if $ENABLE_JAAS_COMPONENTS }}
-config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';
-config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';
-{{ else }}
-{{ if .Env.CONFCODE_URL -}}
-config.dialInConfCodeUrl = '{{ .Env.CONFCODE_URL }}';
-{{ end -}}
-{{ if .Env.DIALIN_NUMBERS_URL -}}
-config.dialInNumbersUrl = '{{ .Env.DIALIN_NUMBERS_URL }}';
-{{ end -}}
-{{ end -}}
-
-{{ if .Env.DIALOUT_AUTH_URL -}}
-config.dialOutAuthUrl = '{{ .Env.DIALOUT_AUTH_URL }}';
-{{ end -}}
-
-{{ if .Env.DIALOUT_CODES_URL -}}
-config.dialOutCodesUrl = '{{ .Env.DIALOUT_CODES_URL }}';
-{{ end -}}
-
-
-// Calendar service integration.
-//
-
-config.enableCalendarIntegration = {{ $ENABLE_CALENDAR }};
-
-{{ if .Env.GOOGLE_API_APP_CLIENT_ID -}}
-config.googleApiApplicationClientID = '{{ .Env.GOOGLE_API_APP_CLIENT_ID }}';
-{{ end -}}
-
-{{ if .Env.MICROSOFT_API_APP_CLIENT_ID -}}
-config.microsoftApiApplicationClientID = '{{ .Env.MICROSOFT_API_APP_CLIENT_ID }}';
-{{ end -}}
-
-
-// Invitation service.
-//
-
-{{ if .Env.INVITE_SERVICE_URL -}}
-config.inviteServiceUrl = '{{ .Env.INVITE_SERVICE_URL }}';
-{{ end -}}
-
-{{ if .Env.PEOPLE_SEARCH_URL -}}
-config.peopleSearchUrl = '{{ .Env.PEOPLE_SEARCH_URL }}';
-config.peopleSearchQueryTypes = ['user','conferenceRooms'];
-{{ end -}}
-
-
-// Miscellaneous.
-//
-
-// Prejoin page.
-config.prejoinConfig = {
-    enabled: {{ $ENABLE_PREJOIN_PAGE }},
-
-    // Hides the participant name editing field in the prejoin screen.
-    hideDisplayName: {{ $HIDE_PREJOIN_DISPLAY_NAME }}
-};
-
-// List of buttons to hide from the extra join options dropdown on prejoin screen.
-{{ if .Env.HIDE_PREJOIN_EXTRA_BUTTONS -}}
-config.prejoinConfig.hideExtraJoinButtons = [ '{{ join "','" (splitList "," .Env.HIDE_PREJOIN_EXTRA_BUTTONS) }}' ];
-{{ end -}}
-
-// Welcome page.
-config.welcomePage = {
-    disabled: {{ not $ENABLE_WELCOME_PAGE }}
-};
-
-// Close page.
-config.enableClosePage = {{ $ENABLE_CLOSE_PAGE }};
-
-// Default language.
-{{ if .Env.DEFAULT_LANGUAGE -}}
-config.defaultLanguage = '{{ .Env.DEFAULT_LANGUAGE }}';
-{{ end -}}
-
-// Require users to always specify a display name.
-config.requireDisplayName = {{ $ENABLE_REQUIRE_DISPLAY_NAME }};
-
-// Chrome extension banner.
-{{ if .Env.CHROME_EXTENSION_BANNER_JSON -}}
-config.chromeExtensionBanner = {{ .Env.CHROME_EXTENSION_BANNER_JSON }};
-{{ end -}}
-
-// Disables profile and the edit of all fields from the profile settings (display name and email)
-config.disableProfile = {{ $DISABLE_PROFILE }};
-
-// Room password (false for anything, number for max digits)
-{{ if $ENABLE_JAAS_COMPONENTS -}}
-config.roomPasswordNumberOfDigits = 10;
-{{ else -}}
-config.roomPasswordNumberOfDigits = {{ $ROOM_PASSWORD_DIGITS }};
-{{ end -}}
-
-// Advanced.
-//
-
-{{ if not $ENABLE_REMB -}}
-config.enableRemb = false;
-{{ end -}}
-{{ if not $ENABLE_TCC -}}
-config.enableTcc = false;
-{{ end -}}
-
-
-// Transcriptions (subtitles and buttons can be configured in interface_config)
-config.transcription = {
-    enabled: {{ $ENABLE_TRANSCRIPTIONS }},
-    translationLanguages: {{ $TRANSLATION_LANGUAGES }},
-    translationLanguagesHead: {{ $TRANSLATION_LANGUAGES_HEAD }},
-    useAppLanguage: {{ $USE_APP_LANGUAGE }},
-    preferredLanguage: '{{ $PREFERRED_LANGUAGE }}',
-    disableStartForAll: {{ $DISABLE_START_FOR_ALL }},
-    autoCaptionOnRecord: {{ $AUTO_CAPTION_ON_RECORD }},
-};
-
-// Dynamic branding
-{{ if .Env.DYNAMIC_BRANDING_URL -}}
-// External API url used to receive branding specific information.
-config.dynamicBrandingUrl = '{{ .Env.DYNAMIC_BRANDING_URL }}';
-{{ else if .Env.BRANDING_DATA_URL  -}}
-config.brandingDataUrl = '{{ .Env.BRANDING_DATA_URL }}';
-{{ end -}}
-
-{{ if .Env.TOKEN_AUTH_URL -}}
-// Authenticate using external service
-config.tokenAuthUrl = '{{ .Env.TOKEN_AUTH_URL }}';
-{{ end -}}
-
-
-// Deployment information.
-//
-
-config.deploymentInfo = {};
-
-{{ if .Env.DEPLOYMENTINFO_ENVIRONMENT -}}
-config.deploymentInfo.environment = '{{ .Env.DEPLOYMENTINFO_ENVIRONMENT }}';
-{{ end -}}
-
-{{ if .Env.DEPLOYMENTINFO_SHARD -}}
-config.deploymentInfo.shard = '{{ .Env.DEPLOYMENTINFO_SHARD }}';
-{{ end -}}
-
-{{ if .Env.DEPLOYMENTINFO_ENVIRONMENT_TYPE -}}
-config.deploymentInfo.envType = '{{ .Env.DEPLOYMENTINFO_ENVIRONMENT_TYPE }}';
-{{ end -}}
-
-{{ if .Env.DEPLOYMENTINFO_REGION -}}
-config.deploymentInfo.region = '{{ .Env.DEPLOYMENTINFO_REGION }}';
-{{ end -}}
-
-{{ if $DEPLOYMENTINFO_USERREGION -}}
-config.deploymentInfo.userRegion = '{{ $DEPLOYMENTINFO_USERREGION }}';
-{{ end -}}
-
-// Deep Linking
-config.disableDeepLinking = {{ $DISABLE_DEEP_LINKING }};
-
-// P2P preferred codec
-{{ if .Env.P2P_PREFERRED_CODEC -}}
-config.p2p.preferredCodec = '{{ .Env.P2P_PREFERRED_CODEC }}';
-{{ end -}}
-
-// Video quality settings.
-//
-
-config.videoQuality = {};
-{{ if .Env.VIDEOQUALITY_PREFERRED_CODEC -}}
-config.videoQuality.preferredCodec = '{{ .Env.VIDEOQUALITY_PREFERRED_CODEC }}';
-{{ end -}}
-
-config.videoQuality.av1 = {};
-
-{{ if .Env.VIDEOQUALITY_BITRATE_AV1_LOW }}
-config.videoQuality.av1.low = {{ .Env.VIDEOQUALITY_BITRATE_AV1_LOW }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_AV1_STANDARD }}
-config.videoQuality.av1.standard = {{ .Env.VIDEOQUALITY_BITRATE_AV1_STANDARD }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_AV1_HIGH }}
-config.videoQuality.av1.high = {{ .Env.VIDEOQUALITY_BITRATE_AV1_HIGH }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_AV1_FULL }}
-config.videoQuality.av1.fullHd = {{ .Env.VIDEOQUALITY_BITRATE_AV1_FULL }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_AV1_ULTRA }}
-config.videoQuality.av1.ultraHd = {{ .Env.VIDEOQUALITY_BITRATE_AV1_ULTRA }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_AV1_SS_HIGH }}
-config.videoQuality.av1.ssHigh = {{ .Env.VIDEOQUALITY_BITRATE_AV1_SS_HIGH }};
-{{ end -}}
-
-config.videoQuality.h264 = {};
-
-{{ if .Env.VIDEOQUALITY_BITRATE_H264_LOW }}
-config.videoQuality.h264.low = {{ .Env.VIDEOQUALITY_BITRATE_H264_LOW }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_H264_STANDARD }}
-config.videoQuality.h264.standard = {{ .Env.VIDEOQUALITY_BITRATE_H264_STANDARD }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_H264_HIGH }}
-config.videoQuality.h264.high = {{ .Env.VIDEOQUALITY_BITRATE_H264_HIGH }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_H264_FULL }}
-config.videoQuality.h264.fullHd = {{ .Env.VIDEOQUALITY_BITRATE_H264_FULL }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_H264_ULTRA }}
-config.videoQuality.h264.ultraHd = {{ .Env.VIDEOQUALITY_BITRATE_H264_ULTRA }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_H264_SS_HIGH }}
-config.videoQuality.h264.ssHigh = {{ .Env.VIDEOQUALITY_BITRATE_H264_SS_HIGH }};
-{{ end -}}
-
-config.videoQuality.vp8 = {};
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP8_LOW }}
-config.videoQuality.vp8.low = {{ .Env.VIDEOQUALITY_BITRATE_VP8_LOW }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP8_STANDARD }}
-config.videoQuality.vp8.standard = {{ .Env.VIDEOQUALITY_BITRATE_VP8_STANDARD }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP8_HIGH }}
-config.videoQuality.vp8.high = {{ .Env.VIDEOQUALITY_BITRATE_VP8_HIGH }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP8_FULL }}
-config.videoQuality.vp8.fullHd = {{ .Env.VIDEOQUALITY_BITRATE_VP8_FULL }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP8_ULTRA }}
-config.videoQuality.vp8.ultraHd = {{ .Env.VIDEOQUALITY_BITRATE_VP8_ULTRA }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP8_SS_HIGH }}
-config.videoQuality.vp8.ssHigh = {{ .Env.VIDEOQUALITY_BITRATE_VP8_SS_HIGH }};
-{{ end -}}
-
-config.videoQuality.vp9 = {};
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP9_LOW }}
-config.videoQuality.vp9.low = {{ .Env.VIDEOQUALITY_BITRATE_VP9_LOW }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP9_STANDARD }}
-config.videoQuality.vp9.standard = {{ .Env.VIDEOQUALITY_BITRATE_VP9_STANDARD }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP9_HIGH }}
-config.videoQuality.vp9.high = {{ .Env.VIDEOQUALITY_BITRATE_VP9_HIGH }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP9_FULL }}
-config.videoQuality.vp9.fullHd = {{ .Env.VIDEOQUALITY_BITRATE_VP9_FULL }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP9_ULTRA }}
-config.videoQuality.vp9.ultraHd = {{ .Env.VIDEOQUALITY_BITRATE_VP9_ULTRA }};
-{{ end -}}
-
-{{ if .Env.VIDEOQUALITY_BITRATE_VP9_SS_HIGH }}
-config.videoQuality.vp9.ssHigh = {{ .Env.VIDEOQUALITY_BITRATE_VP9_SS_HIGH }};
-{{ end -}}
-
- // Reactions
-config.disableReactions = {{ $DISABLE_REACTIONS }};
-
-// Polls
-config.disablePolls = {{ $DISABLE_POLLS }};
-
-// Configure toolbar buttons
-{{ if .Env.TOOLBAR_BUTTONS -}}
-config.toolbarButtons = [ '{{ join "','" (splitList "," .Env.TOOLBAR_BUTTONS) }}' ];
-{{ end -}}
-
-// Hides the buttons at pre-join screen
-{{ if .Env.HIDE_PREMEETING_BUTTONS -}}
-config.hiddenPremeetingButtons = [ '{{ join "','" (splitList "," .Env.HIDE_PREMEETING_BUTTONS) }}' ];
-{{ end -}}
-
-// Configure remote participant video menu
-config.remoteVideoMenu = {
-    disabled: {{ $DISABLE_REMOTE_VIDEO_MENU }},
-    disableKick: {{ $DISABLE_KICKOUT }},
-    disableGrantModerator: {{ $DISABLE_GRANT_MODERATOR }},
-    disablePrivateChat: {{ $DISABLE_PRIVATE_CHAT }}
-};
-
-// Configure e2eping
-config.e2eping = {
-    enabled: {{ $ENABLE_E2EPING }}
-};
-
-{{ if .Env.E2EPING_NUM_REQUESTS -}}
-config.e2eping.numRequests = {{ .Env.E2EPING_NUM_REQUESTS }};
-{{ end -}}
-{{ if .Env.E2EPING_MAX_CONFERENCE_SIZE -}}
-config.e2eping.maxConferenceSize = {{ .Env.E2EPING_MAX_CONFERENCE_SIZE }};
-{{ end -}}
-{{ if .Env.E2EPING_MAX_MESSAGE_PER_SECOND -}}
-config.e2eping.maxMessagePerSecond = {{ .Env.E2EPING_MAX_MESSAGE_PER_SECOND }};
-{{ end }}
-
-// Settings for the Excalidraw whiteboard integration.
-config.whiteboard = {
-    enabled: {{ $WHITEBOARD_ENABLED }},
-    collabServerBaseUrl: '{{ $WHITEBOARD_COLLAB_SERVER_PUBLIC_URL }}'
-};
-
-// Testing
-config.testing = {
-    enableAv1Support: {{ $TESTING_AV1_SUPPORT }}
-};
-
-// CUSTOM ADJUSTMENTS
-config.disableThirdPartyRequests = true;
-config.channelLastN = 8;
-config.enableLayerSuspension = true;
--- a/src/main/cljc/dda/c4k_jitsi/core.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/core.cljc
@ -5,12 +5,14 @@
      :cljs [orchestra.core :refer-macros [defn-spec]])
   [dda.c4k-common.common :as cm]
   [dda.c4k-common.predicate :as cp]
+   [dda.c4k-common.ingress :as ing]
   [dda.c4k-common.monitoring :as mon]
   [dda.c4k-common.yaml :as yaml]
   [dda.c4k-jitsi.jitsi :as jitsi]
   [dda.c4k-common.namespace :as ns]))

-(def config-defaults {:issuer "staging", :namespace "jitsi"})
+(def config-defaults {:issuer "staging", 
+                      :namespace "jitsi"})

 (s/def ::mon-cfg ::mon/mon-cfg)
 (s/def ::mon-auth ::mon/mon-auth)
@ -26,34 +28,54 @@

 (defn-spec config-objects cp/map-or-seq?
  [config config?]
-  (map yaml/to-string
-       (filter
-        #(not (nil? %))
-        (cm/concat-vec
-         (ns/generate config)
-         [(jitsi/generate-jvb-service config)
-          (jitsi/generate-web-service config)
-          (jitsi/generate-etherpad-service config)
-          (jitsi/generate-excalidraw-backend-service config)
-          (jitsi/generate-modelector-service config)
-          (jitsi/generate-deployment config)
-          (jitsi/generate-excalidraw-deployment config)
-          (jitsi/generate-modelector-deployment config)]
-         (jitsi/generate-ingress-web config)
-         (jitsi/generate-ingress-etherpad config)
-         (jitsi/generate-ingress-excalidraw-backend config)
-         (jitsi/generate-ingress-modelector config)
-         (when (:contains? config :mon-cfg)
-           (mon/generate-config))))))
+  (let [resolved-config (merge config-defaults config)]
+    (map yaml/to-string
+         (filter
+          #(not (nil? %))
+          (cm/concat-vec
+           (ns/generate resolved-config)
+           (jitsi/prosody-config resolved-config)
+           (jitsi/jitsi-config resolved-config)
+           (jitsi/jicofo-config resolved-config)
+           (jitsi/web-config resolved-config)
+           (jitsi/jvb-config resolved-config)
+           ;(jitsi/jibri-config resolved-config)
+           (jitsi/restart-config resolved-config)
+           (jitsi/etherpad-config resolved-config)
+           (jitsi/excalidraw-config resolved-config)
+           (jitsi/moderator-elector-config resolved-config)
+           (jitsi/coturn-config resolved-config)
+           (ing/generate-ingress-and-cert (merge
+                                           {:service-name "jitsi-meet-web"
+                                            :service-port 80
+                                            :fqdns [(:fqdn resolved-config)]}
+                                           resolved-config))
+           (ing/generate-ingress-and-cert (merge
+                                           {:service-name "etherpad"
+                                            :service-port 9001
+                                            :fqdns [(str "etherpad." (:fqdn resolved-config))]}
+                                           resolved-config))
+            (ing/generate-ingress-and-cert (merge
+                                            {:service-name "excalidraw"
+                                             :service-port 3002
+                                             :fqdns [(str "excalidraw." (:fqdn resolved-config))]}
+                                            resolved-config))
+           (ing/generate-ingress-and-cert (merge
+                                           {:service-name "moderator-elector"
+                                            :service-port 80
+                                            :fqdns [(str "moderator-elector." (:fqdn resolved-config))]}
+                                           resolved-config))
+           (when (:contains? resolved-config :mon-cfg)
+             (mon/generate-config)))))))

 (defn-spec auth-objects cp/map-or-seq?
  [config config?
   auth auth?]
+  (let [resolved-config (merge config-defaults config)]
  (map yaml/to-string
       (filter
        #(not (nil? %))
        (cm/concat-vec
-         [(jitsi/generate-secret-jitsi config auth)]
+         (jitsi/prosody-auth config auth)
         (when (:contains? config :mon-cfg)
-           (mon/generate-auth (:mon-cfg config) (:mon-auth auth)))))))
-
+           (mon/generate-auth (:mon-cfg config) (:mon-auth auth))))))))
--- a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
@ -3,9 +3,9 @@
   [clojure.spec.alpha :as s]
   #?(:clj [orchestra.core :refer [defn-spec]]
      :cljs [orchestra.core :refer-macros [defn-spec]])
+   [clojure.string :as st]
   [dda.c4k-common.yaml :as yaml]
   [dda.c4k-common.common :as cm]
-   [dda.c4k-common.ingress :as ing]
   [dda.c4k-common.base64 :as b64]
   [dda.c4k-common.predicate :as cp]
   #?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
@ -28,112 +28,162 @@
   (defmethod yaml/load-resource :jitsi [resource-name]
     (get (inline-resources "jitsi") resource-name)))

-(defn-spec generate-ingress-web cp/map-or-seq?
-  [config config?]
-  (ing/generate-ingress-and-cert
-   (merge
-    {:service-name "web"
-     :service-port 80
-     :fqdns [(:fqdn config)]}
-    config)))
+(defn- load-and-adjust-namespace
+  [file namespace]
+  (->
+   (yaml/load-as-edn file)
+   (cm/replace-all-matching "NAMESPACE" namespace)))

-(defn-spec generate-ingress-etherpad cp/map-or-seq?
+(defn-spec prosody-config cp/map-or-seq?
  [config config?]
-  (ing/generate-ingress-and-cert
-   (merge
-    {:service-name "etherpad"
-     :service-port 9001
-     :fqdns [(str "etherpad." (:fqdn config))]}
-    config)))
+  (let [{:keys [fqdn namespace]} config]
+    [(load-and-adjust-namespace "jitsi/prosody-config-serviceaccount.yaml" namespace)
+     (->
+      (load-and-adjust-namespace "jitsi/prosody-config-common-cm.yaml" namespace)
+      (cm/replace-all-matching "JITSI_FQDN" fqdn))
+     (load-and-adjust-namespace "jitsi/prosody-config-default-cm.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-envs-cm.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-init-cm.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-stateful-set.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-test-deployment.yaml" namespace)]))

-(defn-spec generate-ingress-excalidraw-backend cp/map-or-seq?
-  [config config?]
-  (ing/generate-ingress-and-cert
-   (merge
-    {:service-name "excalidraw-backend"
-     :service-port 3002
-     :fqdns [(str "excalidraw-backend." (:fqdn config))]}
-    config)))
-
-(defn-spec generate-ingress-modelector cp/map-or-seq?
-  [config config?]
-  (ing/generate-ingress-and-cert
-   (merge
-    {:service-name "modelector"
-     :service-port 80
-     :fqdns [(str "modelector." (:fqdn config))]}
-    config)))
-
-(defn-spec generate-secret-jitsi cp/map-or-seq?
+(defn-spec prosody-auth cp/map-or-seq?
  [config config?
   auth auth?]
  (let [{:keys [namespace]} config
        {:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
-    (->
-     (yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))
-     (cm/replace-all-matching "NAMESPACE" namespace)
-     (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password))
-     (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
-     (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))))
+  [(load-and-adjust-namespace "jitsi/prosody-auth-secret.yaml" namespace)
+   (load-and-adjust-namespace "jitsi/prosody-auth-jibri-secret.yaml" namespace)
+   (->
+    (load-and-adjust-namespace "jitsi/prosody-auth-jicofo-secret.yaml" namespace)
+    (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
+    (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))
+   (load-and-adjust-namespace "jitsi/prosody-auth-jigasi-secret.yaml" namespace)
+   (-> 
+    (load-and-adjust-namespace "jitsi/prosody-auth-jvb-secret.yaml" namespace)
+    (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password)))]))

-(defn-spec generate-jvb-service cp/map-or-seq? 
-  [config config?]
-  (let [{:keys [namespace]} config]
-    (->
-     (yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml"))
-     (cm/replace-all-matching "NAMESPACE" namespace))))
-
-(defn-spec generate-web-service cp/map-or-seq?
-  [config config?]
-  (let [{:keys [namespace]} config]
-    (->
-     (yaml/load-as-edn "jitsi/web-service.yaml")
-     (cm/replace-all-matching "NAMESPACE" namespace))))
-
-(defn-spec generate-etherpad-service cp/map-or-seq?
-  [config config?]
-  (let [{:keys [namespace]} config]
-    (->
-     (yaml/load-as-edn "jitsi/etherpad-service.yaml")
-     (cm/replace-all-matching "NAMESPACE" namespace))))
-
-(defn-spec generate-excalidraw-backend-service cp/map-or-seq?
-  [config config?]
-  (let [{:keys [namespace]} config]
-    (->
-     (yaml/load-as-edn "jitsi/excalidraw-backend-service.yaml")
-     (cm/replace-all-matching "NAMESPACE" namespace))))
-
-(defn-spec generate-modelector-service cp/map-or-seq?
-  [config config?]
-  (let [{:keys [namespace]} config]
-    (->
-     (yaml/load-as-edn "jitsi/modelector-service.yaml")
-     (cm/replace-all-matching "NAMESPACE" namespace))))
-
-(defn-spec generate-deployment cp/map-or-seq?
+(defn-spec jitsi-config cp/map-or-seq?
  [config config?]
  (let [{:keys [fqdn namespace]} config]
-    (->
-     (yaml/load-as-edn "jitsi/deployment.yaml")
-     (cm/replace-all-matching "REPLACE_JITSI_FQDN" fqdn)
-     (cm/replace-all-matching "NAMESPACE" namespace)
-     (cm/replace-all-matching "REPLACE_ETHERPAD_URL"
-                              (str "https://etherpad." fqdn "/p/"))
-     
-     (cm/replace-all-matching "REPLACE_EXCALIDRAW_BACKEND_URL"
-                              (str "https://excalidraw-backend." fqdn)))))
+    [(load-and-adjust-namespace "jitsi/jitsi-config-serviceaccount.yaml" namespace)]))

-(defn-spec generate-excalidraw-deployment cp/map-or-seq?
+(defn-spec jicofo-config cp/map-or-seq?
+  [config config?]
+  (let [{:keys [namespace]} config]
+    [(load-and-adjust-namespace "jitsi/jicofo-config-defaults-cm.yaml" namespace)
+     (->
+      (load-and-adjust-namespace "jitsi/jicofo-config-envs-cm.yaml" namespace)
+      (cm/replace-key-value :XMPP_SERVER (str "prosody." namespace ".svc.cluster.local")))
+     (load-and-adjust-namespace "jitsi/jicofo-config-init-cm.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/jicofo-config-deployment.yaml" namespace)]))
+
+(defn-spec web-config cp/map-or-seq?
  [config config?]
  (let [{:keys [fqdn namespace]} config]
-    (->
-     (yaml/load-as-edn "jitsi/excalidraw-deployment.yaml")
-     (cm/replace-all-matching "NAMESPACE" namespace))))
+    [(load-and-adjust-namespace "jitsi/web-config-conffiles-cm.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/web-config-init-cm.yaml" namespace)
+     (-> 
+      (load-and-adjust-namespace "jitsi/web-config-envs-cm.yaml" namespace)
+      (cm/replace-key-value :XMPP_BOSH_URL_BASE (str "http://prosody." namespace ".svc.cluster.local:5280"))
+      (cm/replace-key-value :ETHERPAD_PUBLIC_URL (str "https://etherpad." fqdn "/p/"))
+      (cm/replace-key-value :WHITEBOARD_COLLAB_SERVER_PUBLIC_URL (str "https://excalidraw." fqdn))
+      )
+     (load-and-adjust-namespace "jitsi/web-config-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/web-config-deployment.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/web-config-test-deployment.yaml" namespace)]))

-(defn-spec generate-modelector-deployment cp/map-or-seq?
+(defn-spec jvb-config cp/map-or-seq?
  [config config?]
  (let [{:keys [fqdn namespace]} config]
-    (->
-     (yaml/load-as-edn "jitsi/modelector-deployment.yaml")
-     (cm/replace-all-matching "NAMESPACE" namespace))))
+    [(-> 
+      (load-and-adjust-namespace "jitsi/jvb-config-envs-cm.yaml" namespace)
+      (cm/replace-key-value :XMPP_SERVER (str "prosody." namespace ".svc.cluster.local"))
+      (cm/replace-key-value :JVB_STUN_SERVERS (str "stun." fqdn ":443")))
+     (load-and-adjust-namespace "jitsi/jvb-config-service.yaml" namespace)
+     (->
+      (load-and-adjust-namespace "jitsi/jvb-config-deployment.yaml" namespace)
+      (cm/replace-all-matching "REPLACE_JITSI_FQDN" fqdn)
+      )]))
+
+(defn-spec jibri-config cp/map-or-seq?
+  [config config?]
+  (let [{:keys [fqdn namespace]} config]
+    [(load-and-adjust-namespace "jitsi/jitsi-config-serviceaccount.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/jibri-config-default-cm.yaml" namespace)
+     (->
+      (load-and-adjust-namespace "jitsi/jibri-config-envs.yaml" namespace)
+      (cm/replace-key-value :XMPP_SERVER (str "prosody." namespace ".svc.cluster.local")))
+     (load-and-adjust-namespace "jitsi/jibri-config-init-cm.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/jibri-config-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/jibri-config-deployment.yaml" namespace)]))
+
+(defn-spec restart-config cp/map-or-seq?
+  [config config?]
+  (let [{:keys [namespace]} config]
+    [(load-and-adjust-namespace "jitsi/restart-config-serviceaccount.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/restart-config-rolebinding.yaml" namespace)
+     (->
+      (load-and-adjust-namespace "jitsi/restart-config-authorization.yaml" namespace)
+      (cm/replace-key-value :resourceNames ["etherpad", "excalidraw"]))
+     (->
+      (load-and-adjust-namespace "jitsi/restart-config-cron.yaml" namespace)
+      (cm/replace-all-matching "CRON_NAME" "restart-etherpad")
+      (cm/replace-key-value :schedule "0 2 * * *")
+      (cm/replace-key-value 
+       :command 
+       ["bash"
+        "-c"
+        "kubectl rollout restart deployment/etherpad && kubectl rollout status deployment/etherpad"]))
+     (->
+      (load-and-adjust-namespace "jitsi/restart-config-cron.yaml" namespace)
+      (cm/replace-all-matching "CRON_NAME" "restart-excalidraw")
+      (cm/replace-key-value :schedule "0 1 * * *")
+      (cm/replace-key-value
+       :command
+       ["bash"
+        "-c"
+        "kubectl rollout restart deployment/excalidraw && kubectl rollout status deployment/excalidraw"]))]))
+
+(defn-spec etherpad-config cp/map-or-seq?
+  [config config?]
+  (let [{:keys [namespace]} config]
+    [(load-and-adjust-namespace "jitsi/etherpad-config-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/etherpad-config-deployment.yaml" namespace)]))
+
+(defn-spec excalidraw-config cp/map-or-seq?
+  [config config?]
+  (let [{:keys [namespace]} config]
+    [(load-and-adjust-namespace "jitsi/excalidraw-config-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/excalidraw-config-deployment.yaml" namespace)]))
+
+(defn-spec moderator-elector-config cp/map-or-seq?
+  [config config?]
+  (let [{:keys [namespace]} config]
+    [(load-and-adjust-namespace "jitsi/modelector-config-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/modelector-config-deployment.yaml" namespace)]))
+  
+(defn-spec coturn-config cp/map-or-seq?
+  [config config?]
+  (let [{:keys [namespace fqdn]} config]
+    [(load-and-adjust-namespace "jitsi/coturn-config-extra-cm.yaml" namespace)
+     (-> 
+      (load-and-adjust-namespace "jitsi/coturn-config-init-cm.yaml" namespace)
+      (cm/replace-key-value
+       :data
+       {:turnserver.conf
+        (st/join "\n" [(str "realm: stun." fqdn)
+                       "listening-ip: 0.0.0.0"
+                       "listening-port: 3478"
+                       "tls-listening-port: 5349"
+                       "min-port: 49152"
+                       "max-port: 65535"
+                       "log-file: stdout"
+                       "pidfile: \"/var/tmp/turnserver.pid\""
+                       "pkey: \"/tls/tls.key\""
+                       "cert: \"/tls/tls.crt\""
+                       "userdb: \"/var/db/turndb\""])}))
+     (load-and-adjust-namespace "jitsi/coturn-config-tcp-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/coturn-config-udp-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/coturn-config-deployment.yaml" namespace)]))
--- a/src/main/resources/jitsi/coturn-config-deployment.yaml
+++ b/src/main/resources/jitsi/coturn-config-deployment.yaml
@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: NAMESPACE
+  name: coturn-coturn
+  labels:
+    app.kubernetes.io/name: "coturn"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: coturn
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: coturn
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: "coturn"
+          image: coturn/coturn:4.6.3
+          imagePullPolicy: IfNotPresent
+          args: ["-c", "/turnserver.conf"]
+          ports:
+            - name: turn-udp
+              containerPort: 3478
+              protocol: UDP
+            - name: turn-tcp
+              containerPort: 3478
+              protocol: TCP
+            - name: turn-tcp-tls
+              containerPort: 5349
+              protocol: TCP
+            - name: turn-udp-dtls
+              containerPort: 5349
+              protocol: UDP
+          volumeMounts:
+            - name: coturn-config
+              mountPath: "/turnserver.conf"
+              subPath: turnserver.conf
+              readOnly: true
+            - name: var-tmp
+              mountPath: /var/tmp
+            - name: sqllite
+              mountPath: /var/db
+          securityContext:
+            capabilities:
+              add:
+                - NET_BIND_SERVICE
+              drop:
+                - ALL
+            readOnlyRootFilesystem: false
+            allowPrivilegeEscalation: false
+      volumes:
+        - name: coturn-initial-config
+          configMap:
+            name: coturn-initial-config
+        - name: coturn-extra-config
+          configMap:
+            name: coturn-extra-config
+        - name: coturn-config
+          emptyDir: {}
+        - name: var-tmp
+          emptyDir: {}
+        - name: sqllite
+          emptyDir: {}
--- a/src/main/resources/jitsi/coturn-config-extra-cm.yaml
+++ b/src/main/resources/jitsi/coturn-config-extra-cm.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: NAMESPACE
+  name: coturn-extra-config
+  labels:
+    app.kubernetes.io/name: "coturn"
+data:
+  turnserver.conf: |
+      verbose
--- a/src/main/resources/jitsi/coturn-config-init-cm.yaml
+++ b/src/main/resources/jitsi/coturn-config-init-cm.yaml
@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: NAMESPACE
+  name: coturn-initial-config
+  labels:
+    app.kubernetes.io/name: "coturn"
+data:
+  turnserver.conf: |-
+    realm: REPLACE_COTURN_FQDN
+    listening-ip: 0.0.0.0
+    listening-port: 3478
+    tls-listening-port: 5349
+    min-port: 49152
+    max-port: 65535
+    log-file: stdout
+    pidfile: "/var/tmp/turnserver.pid"
+    pkey: "/tls/tls.key"
+    cert: "/tls/tls.crt"
+    userdb: "/var/db/turndb"
--- a/src/main/resources/jitsi/coturn-config-tcp-service.yaml
+++ b/src/main/resources/jitsi/coturn-config-tcp-service.yaml
@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: NAMESPACE
+  name: coturn-turn-tcp
+  labels:
+    app.kubernetes.io/name: "coturn"
+  annotations:
+    metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
+    metallb.universe.tf/address-pool: public
+spec:
+  type: LoadBalancer
+  ports:
+    - name: turn-tcp
+      port: 3478
+      protocol: TCP
+      targetPort: 3478
+    - name: turn-tcp-tls
+      port: 5349
+      protocol: TCP
+      targetPort: 5349
+  selector:
+    app.kubernetes.io/name: coturn-coturn
--- a/src/main/resources/jitsi/coturn-config-udp-service.yaml
+++ b/src/main/resources/jitsi/coturn-config-udp-service.yaml
@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: NAMESPACE
+  name: coturn-turn-udp
+  labels:
+    app.kubernetes.io/name: "coturn"
+  annotations:
+    metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
+    metallb.universe.tf/address-pool: public
+spec:
+  type: LoadBalancer
+  ports:
+    - name: turn-udp
+      port: 3478
+      protocol: UDP
+      targetPort: 3478
+    - name: turn-udp-dtls
+      port: 5349
+      protocol: UDP
+      targetPort: 5349
+  selector:
+    app.kubernetes.io/name: coturn-coturn
--- a/src/main/resources/jitsi/deployment.yaml
+++ b/src/main/resources/jitsi/deployment.yaml
@ -1,155 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: jitsi
-  name: jitsi
-  namespace: NAMESPACE
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: jitsi
-  template:
-    metadata:
-      labels:
-        app: jitsi
-    spec:
-      containers:
-        - name: jicofo
-          image: jitsi/jicofo:stable-9646
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: XMPP_SERVER
-              value: localhost
-            - name: JICOFO_COMPONENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_COMPONENT_SECRET
-            - name: JICOFO_AUTH_USER
-              value: focus
-            - name: JICOFO_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_AUTH_PASSWORD
-            - name: TZ
-              value: Europe/Berlin
-        - name: prosody
-          image: jitsi/prosody:stable-9646
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: PUBLIC_URL
-              value: REPLACE_JITSI_FQDN
-            - name: XMPP_SERVER
-              value: localhost
-            - name: JICOFO_COMPONENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_COMPONENT_SECRET
-            - name: JVB_AUTH_USER
-              value: jvb
-            - name: JVB_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JVB_AUTH_PASSWORD
-            - name: JICOFO_AUTH_USER
-              value: focus
-            - name: JICOFO_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_AUTH_PASSWORD
-            - name: TZ
-              value: Europe/Berlin
-            - name: JVB_TCP_HARVESTER_DISABLED
-              value: "true"
-        - name: web
-          image: domaindrivenarchitecture/c4k-jitsi-web
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: PUBLIC_URL
-              value: REPLACE_JITSI_FQDN
-            - name: XMPP_SERVER
-              value: localhost
-            - name: XMPP_BOSH_URL_BASE
-              value: http://127.0.0.1:5280
-            - name: JICOFO_AUTH_USER
-              value: focus
-            - name: TZ
-              value: Europe/Berlin
-            - name: JVB_TCP_HARVESTER_DISABLED
-              value: "true"
-            - name: DEFAULT_LANGUAGE
-              value: "de"
-            - name: RESOLUTION
-              value: "480"
-            - name: RESOLUTION_MIN
-              value: "240"
-            - name: RESOLUTION_WIDTH
-              value: "853"
-            - name: RESOLUTION_WIDTH_MIN
-              value: "427"
-            - name: DISABLE_AUDIO_LEVELS
-              value: "true"
-            - name: ETHERPAD_PUBLIC_URL
-              value: REPLACE_ETHERPAD_URL
-            - name: WHITEBOARD_ENABLED
-              value: "true"
-            - name: WHITEBOARD_COLLAB_SERVER_PUBLIC_URL
-              value: REPLACE_EXCALIDRAW_BACKEND_URL
-            - name: COLIBRI_WEBSOCKET_REGEX
-              value: "127.0.0.1"
-        - name: jvb
-          image: jitsi/jvb:stable-9646
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: PUBLIC_URL
-              value: REPLACE_JITSI_FQDN
-            - name: XMPP_SERVER
-              value: localhost
-            - name: DOCKER_HOST_ADDRESS
-              value: REPLACE_JITSI_FQDN
-            - name: JICOFO_AUTH_USER
-              value: focus
-            - name: JVB_TCP_HARVESTER_DISABLED
-              value: "true"
-            - name: JVB_AUTH_USER
-              value: jvb
-            - name: JVB_PORT
-              value: "30300"
-            - name: JVB_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JVB_AUTH_PASSWORD
-            - name: JICOFO_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_AUTH_PASSWORD
-            - name: TZ
-              value: Europe/Berlin
-        - name: etherpad
-          image: etherpad/etherpad:2
-          env:
-            - name: XMPP_SERVER
-              value: localhost
-            - name: JICOFO_COMPONENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_COMPONENT_SECRET
-            - name: JICOFO_AUTH_USER
-              value: focus
-            - name: JICOFO_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_AUTH_PASSWORD
-            - name: TZ
-              value: Europe/Berlin
--- a/src/main/resources/jitsi/etherpad-config-deployment.yaml
+++ b/src/main/resources/jitsi/etherpad-config-deployment.yaml
@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: etherpad
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: etherpad
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: etherpad
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: etherpad
+    spec:
+      containers:
+        - name: etherpad
+          image: etherpad/etherpad:2
--- a/src/main/resources/jitsi/etherpad-config-service.yaml
+++ b/src/main/resources/jitsi/etherpad-config-service.yaml
@ -1,14 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
-  labels:
-    service: etherpad
  name: etherpad
  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: etherpad
 spec:
  ports:
  - name: etherpad
    port: 9001
    targetPort: 9001
  selector:
-    app: jitsi
+    app.kubernetes.io/name: etherpad
--- a/src/main/resources/jitsi/excalidraw-config-deployment.yaml
+++ b/src/main/resources/jitsi/excalidraw-config-deployment.yaml
@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: excalidraw
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: excalidraw
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: excalidraw
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: excalidraw
+    spec:
+      containers:
+        - name: excalidraw
+          image: domaindrivenarchitecture/c4k-jitsi-excalidraw
--- a/src/main/resources/jitsi/excalidraw-backend-service.yaml
+++ b/src/main/resources/jitsi/excalidraw-backend-service.yaml
@ -1,14 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
-  labels:
-    service: excalidraw-backend
-  name: excalidraw-backend
+  name: excalidraw
  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: excalidraw  
 spec:
  ports:
-  - name: excalidraw-backend
+  - name: excalidraw
    port: 3002
    targetPort: 80
  selector:
-    app: excalidraw-backend
+    app.kubernetes.io/name: excalidraw 
--- a/src/main/resources/jitsi/excalidraw-deployment.yaml
+++ b/src/main/resources/jitsi/excalidraw-deployment.yaml
@ -1,21 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: excalidraw-backend
-  name: excalidraw-backend
-  namespace: NAMESPACE
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: excalidraw-backend
-  template:
-    metadata:
-      labels:
-        app: excalidraw-backend
-    spec:
-      containers:
-        - name: excalidraw-backend
-          image: domaindrivenarchitecture/c4k-jitsi-excalidraw-backend
--- a/src/main/resources/jitsi/jibri-config-default-cm.yaml
+++ b/src/main/resources/jitsi/jibri-config-default-cm.yaml
@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jitsi-meet-jibri-defaults
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jibri
+data:
+  jibri.conf: |
+    # Using jibri /default/jibri.conf from container image
+    
+  logging.properties: |
+    # Using jibri /default/logging.properties from container image
+    
+  autoscaler-sidecar.config: |
+    # Using jibri /default/autoscaler-sidecar.config from container image
+    
+  xorg-video-dummy.conf: |
+    # Using jibri /default/xorg-video-dummy.conf from container image
--- a/src/main/resources/jitsi/jibri-config-deployment.yaml
+++ b/src/main/resources/jitsi/jibri-config-deployment.yaml
@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jitsi-meet-jibri
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jibri
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: jitsi-meet
+      app.kubernetes.io/component: jibri
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: jitsi-meet
+        app.kubernetes.io/component: jibri
+    spec:
+      serviceAccountName: jitsi-meet
+      containers:
+      - name: jitsi-meet
+        securityContext:
+          capabilities:
+            add: ["SYS_ADMIN"]
+        image: "jitsi/jibri:stable-10008"
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: http-internal
+          containerPort: 3333
+        - name: http-api
+          containerPort: 2222
+        livenessProbe:
+          exec:
+            command:
+            - /bin/bash
+            - -c
+            - curl -sq localhost:2222/jibri/api/v1.0/health | jq '"\(.status.health.healthStatus)
+              \(.status.busyStatus)"' | grep -qP 'HEALTHY (IDLE|BUSY)'
+          failureThreshold: 2
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        readinessProbe:
+          exec:
+            command:
+            - /bin/bash
+            - -c
+            - curl -sq localhost:2222/jibri/api/v1.0/health | jq '"\(.status.health.healthStatus)
+              \(.status.busyStatus)"' | grep -qP 'HEALTHY (IDLE|BUSY)'
+          failureThreshold: 2
+          initialDelaySeconds: 5
+          periodSeconds: 5
+
+        envFrom:
+        - secretRef:
+            name: prosody-jibri
+        - configMapRef:
+            name: prosody-common
+        - configMapRef:
+            name: jitsi-meet-jibri
+
+        resources:
+            {}
+
+        volumeMounts:
+        - name: config
+          mountPath: /config
+        - name: jibri-data
+          mountPath: /data
+
+      volumes:
+      - name: config
+        emptyDir: {}
+      - name: custom-cont-inits
+        configMap:
+          defaultMode: 493
+          name: jitsi-meet-jibri-cont-inits
+          items:
+            - key: 10-config
+              path: 10-config
+      - name: custom-defaults
+        configMap:
+          name: jitsi-meet-jibri-defaults
+          items:
+            - key: jibri.conf
+              path: jibri.conf
+            - key: logging.properties
+              path: logging.properties
+            - key: autoscaler-sidecar.config
+              path: autoscaler-sidecar.config
+            - key: xorg-video-dummy.conf
+              path: xorg-video-dummy.conf
+      - name: jibri-data
+        emptyDir: {}
--- a/src/main/resources/jitsi/jibri-config-envs.yaml
+++ b/src/main/resources/jitsi/jibri-config-envs.yaml
@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jitsi-meet-jibri
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jibri
+data:
+  XMPP_SERVER: 'prosody.NAMESPACE.svc.cluster.local'
+  JIBRI_BREWERY_MUC: 'jibribrewery'
+  JIBRI_RECORDING_DIR: '/data/recordings'
+  JIBRI_FINALIZE_RECORDING_SCRIPT_PATH: "/config/finalize.sh"
+  JIBRI_STRIP_DOMAIN_JID: muc
+  DISPLAY: ":0"
+  JIBRI_SINGLE_USE_MODE: "true"
--- a/src/main/resources/jitsi/jibri-config-init-cm.yaml
+++ b/src/main/resources/jitsi/jibri-config-init-cm.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jitsi-meet-jibri-cont-inits
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jibri
+data:
+  10-config: |
+    # Using jibri /etc/cont-init.d/10-config from container image
--- a/src/main/resources/jitsi/jibri-config-service.yaml
+++ b/src/main/resources/jitsi/jibri-config-service.yaml
@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: jitsi-meet-jibri
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jibri
+spec:
+  type: ClusterIP
+  ports:
+  - name: http-internal
+    port: 3333
+    targetPort: 3333
+    protocol: TCP
+  - name: http-api
+    port: 2222
+    targetPort: 2222
+    protocol: TCP
+  selector:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jibri
--- a/src/main/resources/jitsi/jicofo-config-defaults-cm.yaml
+++ b/src/main/resources/jitsi/jicofo-config-defaults-cm.yaml
@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jitsi-meet-jicofo-defaults
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jicofo
+data:
+  jicofo.conf: |
+    # Using jicofo /default/jicofo.conf from container image
+    
+  logging.properties: |
+    # Using jicofo /default/logging.properties from container image
--- a/src/main/resources/jitsi/jicofo-config-deployment.yaml
+++ b/src/main/resources/jitsi/jicofo-config-deployment.yaml
@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jitsi-meet-jicofo
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jicofo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: jitsi-meet
+      app.kubernetes.io/component: jicofo
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: jitsi-meet
+        app.kubernetes.io/component: jicofo
+    spec:
+      serviceAccountName: jitsi-meet
+      securityContext:
+        {}
+      volumes:
+      - name: config
+        emptyDir: {}
+      - name: custom-cont-inits
+        configMap:
+          defaultMode: 493
+          name: jitsi-meet-jicofo-cont-inits
+          items:
+            - key: 10-config
+              path: 10-config
+      - name: custom-defaults
+        configMap:
+          name: jitsi-meet-jicofo-defaults
+          items:
+            - key: jicofo.conf
+              path: jicofo.conf
+            - key: logging.properties
+              path: logging.properties
+      containers:
+        - name: jitsi-meet
+          securityContext:
+            {}
+          image: "jitsi/jicofo:stable-10008"
+          imagePullPolicy: IfNotPresent
+          envFrom:
+          - secretRef:
+              name: prosody-jicofo
+          - configMapRef:
+              name: prosody-common
+          - configMapRef:
+              name: jitsi-meet-jicofo
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: 8888
+          readinessProbe:
+            tcpSocket:
+              port: 8888
+          resources:
+            {}
+          volumeMounts:
+          # to support readOnlyRootFilesystem
+          - name: config
+            mountPath: /config
--- a/src/main/resources/jitsi/jicofo-config-envs-cm.yaml
+++ b/src/main/resources/jitsi/jicofo-config-envs-cm.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jitsi-meet-jicofo
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jicofo
+data:
+  JVB_BREWERY_MUC: 'jvbbrewery'
+  XMPP_SERVER: 'prosody.NAMESPACE.svc.cluster.local'
+  JIBRI_BREWERY_MUC: 'jibribrewery'
+  JIBRI_PENDING_TIMEOUT: '90'
--- a/src/main/resources/jitsi/jicofo-config-init-cm.yaml
+++ b/src/main/resources/jitsi/jicofo-config-init-cm.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jitsi-meet-jicofo-cont-inits
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jicofo
+data:
+  10-config: |
+    # Using jicofo /etc/cont-init.d/10-config from container image
--- a/src/main/resources/jitsi/jitsi-config-serviceaccount.yaml
+++ b/src/main/resources/jitsi/jitsi-config-serviceaccount.yaml
@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: jitsi-meet
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
--- a/src/main/resources/jitsi/jvb-config-deployment.yaml
+++ b/src/main/resources/jitsi/jvb-config-deployment.yaml
@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: NAMESPACE
+  name: jitsi-meet-jvb
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jvb
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: jitsi-meet
+      app.kubernetes.io/component: jvb
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: jitsi-meet
+        app.kubernetes.io/component: jvb
+    spec:
+      serviceAccountName: jitsi-meet
+      securityContext:
+        {}
+      containers:
+        - name: jitsi-meet
+          securityContext:
+            {}
+          image: "jitsi/jvb:stable-10008"
+          imagePullPolicy: IfNotPresent
+          envFrom:
+          - secretRef:
+              name: prosody-jvb
+          - configMapRef:
+              name: prosody-common
+          - configMapRef:
+              name: jitsi-meet-jvb
+          env:
+          - name: DOCKER_HOST_ADDRESS
+            value: REPLACE_JITSI_FQDN
+          - name: JVB_ADVERTISE_IPS
+            value: REPLACE_JITSI_FQDN
+          - name: JVB_WS_SERVER_ID
+            valueFrom:
+              fieldRef:
+                fieldPath: status.podIP
+          ports:
+            - name: rtp-udp
+              containerPort: 10000
+              protocol: UDP
+            - name: colibri-ws-tcp
+              containerPort: 9090
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /about/health
+              port: 8080
+          readinessProbe:
+            httpGet:
+              path: /about/health
+              port: 8080
+          resources:
+            {}
--- a/src/main/resources/jitsi/jvb-config-envs-cm.yaml
+++ b/src/main/resources/jitsi/jvb-config-envs-cm.yaml
@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: NAMESPACE
+  name: jitsi-meet-jvb
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jvb
+data:
+  JVB_BREWERY_MUC: 'jvbbrewery'
+  JVB_PORT: '10000'
+  JVB_STUN_SERVERS: REPLACE_ME
+  JVB_TCP_HARVESTER_DISABLED: '1'
+  XMPP_SERVER: REPLACE_ME
+  COLIBRI_REST_ENABLED: 'true'
--- a/src/main/resources/jitsi/jvb-config-service.yaml
+++ b/src/main/resources/jitsi/jvb-config-service.yaml
@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: NAMESPACE
+  name: jitsi-meet-jvb
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jvb
+  annotations:
+    metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
+    metallb.universe.tf/address-pool: public
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 10000
+      protocol: UDP
+      name: rtp-udp
+  externalTrafficPolicy: Cluster
+  selector:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jvb
--- a/src/main/resources/jitsi/jvb-service.yaml
+++ b/src/main/resources/jitsi/jvb-service.yaml
@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    service: jvb
-  annotations:
-    metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
-    metallb.universe.tf/address-pool: public
-  name: jvb-udp
-  namespace: NAMESPACE
-spec:
-  type: LoadBalancer
-  ports:
-  - port: 30300
-    protocol: UDP
-    targetPort: 30300
-    nodePort: 30300
-  selector:
-    app: jitsi
--- a/src/main/resources/jitsi/modelector-config-deployment.yaml
+++ b/src/main/resources/jitsi/modelector-config-deployment.yaml
@ -1,24 +1,22 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  labels:
-    app: modelector
-  name: modelector
+  name: moderator-elector
  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: moderator-elector
 spec:
  replicas: 1
-  strategy:
-    type: Recreate
  selector:
    matchLabels:
-      app: modelector
+      app.kubernetes.io/name: moderator-elector
  template:
    metadata:
      labels:
-        app: modelector
+        app.kubernetes.io/name: moderator-elector
    spec:
      containers:
-        - name: modelector
+        - name: moderator-elector
          image: domaindrivenarchitecture/moderator-election-vaadin_fullstack
          imagePullPolicy: IfNotPresent
          env:
--- a/src/main/resources/jitsi/modelector-config-service.yaml
+++ b/src/main/resources/jitsi/modelector-config-service.yaml
@ -1,14 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
-  labels:
-    service: modelector
-  name: modelector
+  name: moderator-elector
  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: moderator-elector
 spec:
  ports:
    - name: "http"
      port: 80
      targetPort: 8080
  selector:
-    app: modelector
+    app.kubernetes.io/name: moderator-elector
--- a/src/main/resources/jitsi/prosody-auth-jibri-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-jibri-secret.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prosody-jibri
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jibri
+type: Opaque
+data:
--- a/src/main/resources/jitsi/prosody-auth-jicofo-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-jicofo-secret.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prosody-jicofo
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jicofo
+type: Opaque
+data:
+  JICOFO_AUTH_USER: 'Zm9jdXM='
+  JICOFO_AUTH_PASSWORD: REPLACE_ME
+  JICOFO_COMPONENT_SECRET: REPLACE_ME
--- a/src/main/resources/jitsi/prosody-auth-jigasi-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-jigasi-secret.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prosody-jigasi
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jigasi
+type: Opaque
+data:
--- a/src/main/resources/jitsi/prosody-auth-jvb-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-jvb-secret.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prosody-jvb
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jvb
+type: Opaque
+data:
+  JVB_AUTH_USER: 'anZi'
+  JVB_AUTH_PASSWORD: REPLACE_ME
--- a/src/main/resources/jitsi/prosody-auth-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-secret.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prosody
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
+type: Opaque
+data:
--- a/src/main/resources/jitsi/prosody-config-common-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-common-cm.yaml
@ -0,0 +1,25 @@
+# Source: jitsi-meet/templates/common-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prosody-common
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: prosody
+data:
+  ENABLE_AUTH: "0"
+  ENABLE_GUESTS: "1"
+  PUBLIC_URL: JITSI_FQDN
+  XMPP_DOMAIN: meet.jitsi
+  XMPP_MUC_DOMAIN: muc.meet.jitsi
+  XMPP_AUTH_DOMAIN: auth.meet.jitsi
+  XMPP_GUEST_DOMAIN: guest.meet.jitsi
+  XMPP_RECORDER_DOMAIN: recorder.meet.jitsi
+  XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+  ENABLE_COLIBRI_WEBSOCKET: 'true'
+  ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX: '1'
+  ENABLE_XMPP_WEBSOCKET: 'true'
+  ENABLE_RECORDING: "true"
+  ENABLE_FILE_RECORDING_SERVICE_SHARING: "true"
+  TZ: 'Europe/Berlin'
--- a/src/main/resources/jitsi/prosody-config-default-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-default-cm.yaml
@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prosody-defaults
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
+data:
+  prosody.cfg.lua: |
+    # Using prosody /default/prosody.cfg.lua from container image
+    
+  saslauthd.conf: |
+    # Using prosody /default/saslauthd.conf from container image
+    
+  jitsi-meet.cfg.lua: |
+    # Using prosody /default/conf.d/jitsi-meet.cfg.lua from container image
--- a/src/main/resources/jitsi/prosody-config-envs-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-envs-cm.yaml
@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prosody
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
+data:
--- a/src/main/resources/jitsi/prosody-config-init-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-init-cm.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prosody-cont-inits
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
+data:
+  10-config: |
+    # Using prosody /etc/cont-init.d/10-config from container image
--- a/src/main/resources/jitsi/prosody-config-service.yaml
+++ b/src/main/resources/jitsi/prosody-config-service.yaml
@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prosody
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5280
+      protocol: TCP
+      name: tcp-bosh-insecure
+    - port: 5281
+      protocol: TCP
+      name: tcp-bosh-secure
+    - port: 5347
+      protocol: TCP
+      name: tcp-xmpp-component
+    - port: 5222
+      protocol: TCP
+      name: tcp-xmpp-c2
+    - port: 5269
+      protocol: TCP
+      name: tcp-xmpp-s2
+  selector:
+    app.kubernetes.io/name: prosody
--- a/src/main/resources/jitsi/prosody-config-serviceaccount.yaml
+++ b/src/main/resources/jitsi/prosody-config-serviceaccount.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prosody
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
--- a/src/main/resources/jitsi/prosody-config-stateful-set.yaml
+++ b/src/main/resources/jitsi/prosody-config-stateful-set.yaml
@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: prosody
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
+spec:
+  serviceName: "prosody"
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: prosody
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: prosody
+    spec:
+      serviceAccountName: prosody
+      securityContext:
+        {}
+      containers:
+        - name: prosody
+          securityContext:
+            {}
+          image: "jitsi/prosody:stable-10008"
+          imagePullPolicy: IfNotPresent
+          envFrom:
+          - configMapRef:
+              name: prosody
+          - secretRef:
+              name: prosody
+          - secretRef:
+              name: 'prosody-jibri'
+          - secretRef:
+              name: 'prosody-jicofo'
+          - secretRef:
+              name: 'prosody-jigasi'
+          - secretRef:
+              name: 'prosody-jvb'
+          - configMapRef:
+              name: 'prosody-common'
+          ports:
+            - name: xmpp-c2s
+              containerPort: 5222
+              protocol: TCP
+            - name: xmpp-s2s
+              containerPort: 5269
+              protocol: TCP
+            - name: xmpp-component
+              containerPort: 5347
+              protocol: TCP
+            - name: bosh-insecure
+              containerPort: 5280
+              protocol: TCP
+            - name: bosh-secure
+              containerPort: 5281
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /http-bind
+              port: bosh-insecure
+          readinessProbe:
+            httpGet:
+              path: /http-bind
+              port: bosh-insecure
+          resources:
+            {}
+          volumeMounts:
+          - name: config
+            mountPath: /config
+          - name: prosody-data
+            mountPath: /config/data
+      volumes:
+      - name: config
+        emptyDir: {}
+      - name: custom-cont-inits
+        configMap:
+          defaultMode: 493
+          name: prosody-cont-inits
+          items:
+            - key: 10-config
+              path: 10-config
+      - name: custom-defaults
+        configMap:
+          name: prosody-defaults
+          items:
+            - key: prosody.cfg.lua
+              path: prosody.cfg.lua
+            - key: saslauthd.conf
+              path: saslauthd.conf
+            - key: jitsi-meet.cfg.lua
+              path: jitsi-meet.cfg.lua
+      - name: prosody-data
+        persistentVolumeClaim:
+          claimName: prosody-data
+  volumeClaimTemplates:
+  - metadata:
+      name: prosody-data
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      volumeMode: Filesystem
+      resources:
+        requests:
+          storage: 3G
--- a/src/main/resources/jitsi/prosody-config-test-deployment.yaml
+++ b/src/main/resources/jitsi/prosody-config-test-deployment.yaml
@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "prosody-test-connection"
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: "prosody-test-connection"
+    app.kubernetes.io/component: prosody
+spec:
+  replicas: 0
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "prosody-test-connection"
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: "prosody-test-connection"
+    spec:
+      containers:
+        - name: wget
+          image: busybox
+          command: ['wget']
+          args: ['prosody:5280/http-bind']
--- a/src/main/resources/jitsi/restart-config-authorization.yaml
+++ b/src/main/resources/jitsi/restart-config-authorization.yaml
@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: deployment-restart
+  namespace: NAMESPACE
+rules:
+  - apiGroups: ["apps", "extensions"]
+    resources: ["deployments"]
+    resourceNames: REPLACE_ME
+    verbs: ["get", "patch", "list", "watch"] # "list" and "watch" are only needed
+                                             # if you want to use `rollout status
--- a/src/main/resources/jitsi/restart-config-cron.yaml
+++ b/src/main/resources/jitsi/restart-config-cron.yaml
@ -0,0 +1,20 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: CRON_NAME
+  namespace: NAMESPACE
+spec:
+  concurrencyPolicy: Forbid
+  schedule: SCHEDULE_REPLACE_ME
+  jobTemplate:
+    spec:
+      backoffLimit: 2
+      activeDeadlineSeconds: 600
+      template:
+        spec:
+          serviceAccountName: deployment-restart
+          restartPolicy: Never
+          containers:
+            - name: kubectl
+              image: bitnami/kubectl
+              command: COMMAND_REPLACE_ME
--- a/src/main/resources/jitsi/restart-config-rolebinding.yaml
+++ b/src/main/resources/jitsi/restart-config-rolebinding.yaml
@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: deployment-restart
+  namespace: NAMESPACE
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: deployment-restart
+subjects:
+  - kind: ServiceAccount
+    name: deployment-restart
+    namespace: NAMESPACE
--- a/src/main/resources/jitsi/restart-config-serviceaccount.yaml
+++ b/src/main/resources/jitsi/restart-config-serviceaccount.yaml
@ -0,0 +1,5 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: deployment-restart
+  namespace: NAMESPACE
--- a/src/main/resources/jitsi/secret.yaml
+++ b/src/main/resources/jitsi/secret.yaml
@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: jitsi-config
-  namespace: NAMESPACE
-type: Opaque
-data:
-  JVB_AUTH_PASSWORD: "jvb-auth"
-  JICOFO_AUTH_PASSWORD: "jicofo-auth"
-  JICOFO_COMPONENT_SECRET: "comp-sec"
--- a/src/main/resources/jitsi/web-config-conffiles-cm.yaml
+++ b/src/main/resources/jitsi/web-config-conffiles-cm.yaml
@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jitsi-meet-web-conffiles
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: web
+data:
+  custom-config.js: |
+  # Not providing /config/custom-config.js
+  
+  custom-interface_config.js: |
+  # Not providing /config/custom-interface_config.js
+  
+  default: |
+  # Using web /defaults/default from container image
+  
+  ffdhe2048.txt: |
+  # Using web /defaults/ffdhe2048.txt from container image
+  
+  interface_config.js: |
+  # Using web /defaults/interface_config.js from container image
+  
+  meet.conf: |
+  # Using web /defaults/meet.conf from container image
+  
+  nginx.conf: |
+  # Using web /defaults/nginx.conf from container image
+  
+  settings-config.js: |
+  # Using web /defaults/settings-config.js from container image
+  
+  ssl.conf: |
+  # Using web /defaults/ssl.conf from container image
+  
+  system-config.js: |
+  # Using web /defaults/system-config.js from container image
--- a/src/main/resources/jitsi/web-config-deployment.yaml
+++ b/src/main/resources/jitsi/web-config-deployment.yaml
@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: NAMESPACE
+  name: jitsi-meet-web
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: web
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: jitsi-meet
+      app.kubernetes.io/component: web
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: jitsi-meet
+        app.kubernetes.io/component: web
+    spec:
+      serviceAccountName: jitsi-meet
+      securityContext:
+        {}
+      containers:
+        - name: jitsi-meet
+          securityContext:
+            {}
+          image: jitsi/web:stable-10008
+          imagePullPolicy: IfNotPresent
+          envFrom:
+          - configMapRef:
+              name: jitsi-meet-web
+          - configMapRef:
+              name: prosody-common
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+            - name: https
+              containerPort: 443
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 80
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 80
+          resources:
+            {}
+          volumeMounts:
+          - name: config
+            mountPath: /config
+      volumes:
+      - name: config
+        emptyDir: {}
+      - name: custom-init
+        configMap:
+          defaultMode: 493
+          name: jitsi-meet-web-init
+          items:
+            - key: 10-config
+              path: 10-config
+      - name: custom-conffiles
+        configMap:
+          name: jitsi-meet-web-conffiles
+          items:
+            - key: custom-config.js
+              path: custom-config.js
+            - key: custom-interface_config.js
+              path: custom-interface_config.js
+            - key: default
+              path: default
+            - key: ffdhe2048.txt
+              path: ffdhe2048.txt
+            - key: interface_config.js
+              path: interface_config.js
+            - key: meet.conf
+              path: meet.conf
+            - key: nginx.conf
+              path: nginx.conf
+            - key: settings-config.js
+              path: settings-config.js
+            - key: ssl.conf
+              path: ssl.conf
+            - key: system-config.js
+              path: system-config.js
--- a/src/main/resources/jitsi/web-config-envs-cm.yaml
+++ b/src/main/resources/jitsi/web-config-envs-cm.yaml
@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: NAMESPACE
+  name: jitsi-meet-web
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: web
+data:
+  DISABLE_HTTPS: "1"
+  ENABLE_HTTP_REDIRECT: "0"
+  JICOFO_AUTH_USER: focus
+  XMPP_BOSH_URL_BASE: REPLACE_ME
+  DEFAULT_LANGUAGE: de
+  RESOLUTION: "480"
+  RESOLUTION_MIN: "240"
+  RESOLUTION_WIDTH: "853"
+  RESOLUTION_WIDTH_MIN: "427"
+  ETHERPAD_PUBLIC_URL: REPLACE_ME
+  WHITEBOARD_COLLAB_SERVER_PUBLIC_URL: REPLACE_ME
--- a/src/main/resources/jitsi/web-config-init-cm.yaml
+++ b/src/main/resources/jitsi/web-config-init-cm.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: NAMESPACE
+  name: jitsi-meet-web-init
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: web
+data:
+  10-config: |
+  # Using web /etc/cont-init.d/10-config from container image
--- a/src/main/resources/jitsi/web-config-service.yaml
+++ b/src/main/resources/jitsi/web-config-service.yaml
@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: NAMESPACE
+  name: jitsi-meet-web
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: web
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: web
--- a/src/main/resources/jitsi/web-config-test-deployment.yaml
+++ b/src/main/resources/jitsi/web-config-test-deployment.yaml
@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "jitsi-meet-web-test-connection"
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: web
+spec:
+  replicas: 0
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "jitsi-meet-web-test-connection"
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: "jitsi-meet-web-test-connection"
+    spec:
+      containers:
+        - name: wget
+          image: busybox
+          command: ['wget']
+          args: ['jitsi-meet-web:80']
--- a/src/main/resources/jitsi/web-service.yaml
+++ b/src/main/resources/jitsi/web-service.yaml
@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    service: web
-  name: web
-  namespace: NAMESPACE
-spec:
-  ports:
-  - name: "http"
-    port: 80
-    targetPort: 80
-  - name: "https"
-    port: 443
-    targetPort: 443
-  selector:
-    app: jitsi
--- a/src/test/cljc/dda/c4k_jitsi/core_test.cljc
+++ b/src/test/cljc/dda/c4k_jitsi/core_test.cljc
@ -1,20 +1,28 @@
 (ns dda.c4k-jitsi.core-test
  (:require
-   #?(:cljs [shadow.resource :as rc])
   #?(:clj [clojure.test :refer [deftest is are testing run-tests]]
      :cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
   [clojure.spec.alpha :as s]
   [dda.c4k-common.yaml :as yaml]
-   [dda.c4k-jitsi.core :as cut]))
+   [dda.c4k-jitsi.core :as cut]
+   #?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
+

 #?(:cljs
   (defmethod yaml/load-resource :jitsi-test [resource-name]
-     (case resource-name
-       "jitsi-test/valid-auth.yaml"   (rc/inline "jitsi-test/valid-auth.yaml")
-       "jitsi-test/valid-config.yaml" (rc/inline "jitsi-test/valid-config.yaml")
-       (throw (js/Error. "Undefined Resource!")))))
+     (get (inline-resources "jitsi-test") resource-name)))

 (deftest validate-valid-resources
  (is (s/valid? cut/config? (yaml/load-as-edn "jitsi-test/valid-config.yaml")))
-  (is (s/valid? cut/auth? (yaml/load-as-edn "jitsi-test/valid-auth.yaml")))
-  )
+  (is (s/valid? cut/auth? (yaml/load-as-edn "jitsi-test/valid-auth.yaml"))))
+
+(deftest test-whole-generation
+  (is (= 63
+         (count
+          (cut/config-objects
+           (yaml/load-as-edn "jitsi-test/valid-config.yaml")))))
+  (is (= 6
+         (count
+          (cut/auth-objects
+           (yaml/load-as-edn "jitsi-test/valid-config.yaml")
+           (yaml/load-as-edn "jitsi-test/valid-auth.yaml"))))))
--- a/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc
+++ b/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc
@ -5,296 +5,182 @@
   [clojure.spec.test.alpha :as st]
   [dda.c4k-jitsi.jitsi :as cut]))

-(st/instrument `cut/generate-deployment)
-(st/instrument `cut/generate-secret-jitsi)
-(st/instrument `cut/generate-ingress-web)
-(st/instrument `cut/generate-jvb-service)
+(st/instrument `cut/prosody-config)
+(st/instrument `cut/prosody-auth)
+(st/instrument `cut/jitsi-config)
+(st/instrument `cut/jibri-config)
+(st/instrument `cut/web-config)
+(st/instrument `cut/jvb-config)
+(st/instrument `cut/etherpad-config)
+(st/instrument `cut/excalidraw-config)

-(deftest should-generate-deployment
-  (is (= {:apiVersion "apps/v1",
-          :kind "Deployment",
-          :metadata
-          {:labels {:app "jitsi"},
-           :name "jitsi"
-           :namespace "jitsi"},
-          :spec
-          {:strategy {:type "Recreate"},
-           :selector {:matchLabels {:app "jitsi"}},
-           :template
-           {:metadata {:labels {:app "jitsi"}},
-            :spec
-            {:containers
-             [{:name "jicofo",
-               :image "jitsi/jicofo:stable-9646",
-               :imagePullPolicy "IfNotPresent",
-               :env
-               [{:name "XMPP_SERVER", :value "localhost"}
-                {:name "JICOFO_COMPONENT_SECRET",
-                 :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_COMPONENT_SECRET"}}}
-                {:name "JICOFO_AUTH_USER", :value "focus"}
-                {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
-                {:name "TZ", :value "Europe/Berlin"}]}
-              {:name "prosody",
-               :image "jitsi/prosody:stable-9646",
-               :imagePullPolicy "IfNotPresent",
-               :env
-               [{:name "PUBLIC_URL", :value "xy.xy.xy"}
-                {:name "XMPP_SERVER", :value "localhost"}
-                {:name "JICOFO_COMPONENT_SECRET",
-                 :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_COMPONENT_SECRET"}}}
-                {:name "JVB_AUTH_USER", :value "jvb"}
-                {:name "JVB_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JVB_AUTH_PASSWORD"}}}
-                {:name "JICOFO_AUTH_USER", :value "focus"}
-                {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
-                {:name "TZ", :value "Europe/Berlin"}
-                {:name "JVB_TCP_HARVESTER_DISABLED", :value "true"}]}
-              {:name "web",
-               :image "domaindrivenarchitecture/c4k-jitsi-web",
-               :imagePullPolicy "IfNotPresent",
-               :env
-               [{:name "PUBLIC_URL", :value "xy.xy.xy"}
-                {:name "XMPP_SERVER", :value "localhost"}
-                {:name "XMPP_BOSH_URL_BASE", :value "http://127.0.0.1:5280"}
-                {:name "JICOFO_AUTH_USER", :value "focus"}
-                {:name "TZ", :value "Europe/Berlin"}
-                {:name "JVB_TCP_HARVESTER_DISABLED", :value "true"}
-                {:name "DEFAULT_LANGUAGE", :value "de"}
-                {:name "RESOLUTION", :value "480"}
-                {:name "RESOLUTION_MIN", :value "240"}
-                {:name "RESOLUTION_WIDTH", :value "853"}
-                {:name "RESOLUTION_WIDTH_MIN", :value "427"}
-                {:name "DISABLE_AUDIO_LEVELS", :value "true"}
-                {:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy.xy.xy/p/"}
-                {:name "WHITEBOARD_ENABLED", :value "true"}
-                {:name "WHITEBOARD_COLLAB_SERVER_PUBLIC_URL", :value "https://excalidraw-backend.xy.xy.xy"}
-                {:name "COLIBRI_WEBSOCKET_REGEX", :value "127.0.0.1"}]}
-              {:name "jvb",
-               :image "jitsi/jvb:stable-9646",
-               :imagePullPolicy "IfNotPresent",
-               :env
-               [{:name "PUBLIC_URL", :value "xy.xy.xy"}
-                {:name "XMPP_SERVER", :value "localhost"}
-                {:name "DOCKER_HOST_ADDRESS", :value "xy.xy.xy"}
-                {:name "JICOFO_AUTH_USER", :value "focus"}
-                {:name "JVB_TCP_HARVESTER_DISABLED", :value "true"}
-                {:name "JVB_AUTH_USER", :value "jvb"}
-                {:name "JVB_PORT", :value "30300"}
-                {:name "JVB_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JVB_AUTH_PASSWORD"}}}
-                {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
-                {:name "TZ", :value "Europe/Berlin"}]}
-              {:name "etherpad",
-               :image "etherpad/etherpad:2",
-               :env
-               [{:name "XMPP_SERVER", :value "localhost"}
-                {:name "JICOFO_COMPONENT_SECRET",
-                 :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_COMPONENT_SECRET"}}}
-                {:name "JICOFO_AUTH_USER", :value "focus"}
-                {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
-                {:name "TZ", :value "Europe/Berlin"}]}]}}}}
-         (cut/generate-deployment {:fqdn "xy.xy.xy"
-                                   :namespace "jitsi"}))))
-
-(deftest should-generate-secret
+(deftest should-generate-prosody
  (is (= {:apiVersion "v1",
-          :kind "Secret",
-          :metadata 
-          {:name "jitsi-config"
-           :namespace "jitsi"},
-          :type "Opaque",
+          :kind "ServiceAccount",
+          :metadata
+          {:name "prosody",
+           :namespace "jitsi",
+           :labels
+           #:app.kubernetes.io{:name "prosody" :component "prosody"}}}
+         (first (cut/prosody-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"}))))
+  (is (= {:apiVersion "v1",
+          :kind "ConfigMap",
+          :metadata
+          {:name "prosody-common",
+           :namespace "jitsi",
+           :labels
+           #:app.kubernetes.io{:name "jitsi-meet" :component "prosody"}},
          :data
-          {:JVB_AUTH_PASSWORD "anZiLWF1dGg=",
-           :JICOFO_AUTH_PASSWORD "amljb2ZvLWF1dGg=",
-           :JICOFO_COMPONENT_SECRET "amljb2ZvLWNvbXA="}}
-         (cut/generate-secret-jitsi 
-          {:fqdn "xy.xy.xy"
-           :namespace "jitsi"}
-          {:jvb-auth-password "jvb-auth"
-           :jicofo-auth-password "jicofo-auth"
-           :jicofo-component-secret "jicofo-comp"}))))
-                                                        
-  (deftest should-generate-ingress-web
-    (is (= [{:apiVersion "cert-manager.io/v1",
-            :kind "Certificate",
-            :metadata
-            {:name "web",
-             :labels {:app.kubernetes.part-of "web"},
-             :namespace "jitsi"},
-            :spec
-            {:secretName "web",
-             :commonName "xy.xy.xy",
-             :duration "2160h",
-             :renewBefore "720h",
-             :dnsNames ["xy.xy.xy"],
-             :issuerRef {:name "staging", :kind "ClusterIssuer"}}}
-           {:apiVersion "networking.k8s.io/v1",
-            :kind "Ingress",
-            :metadata
-            {:namespace "jitsi",
-             :annotations
-             {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
-              :traefik.ingress.kubernetes.io/router.middlewares
-              "default-redirect-https@kubernetescrd",
-              :metallb.universe.tf/address-pool "public"},
-             :name "web",
-             :labels {:app.kubernetes.part-of "web"}},
-            :spec
-            {:tls [{:hosts ["xy.xy.xy"], :secretName "web"}],
-             :rules
-             [{:host "xy.xy.xy",
-               :http
-               {:paths
-                [{:pathType "Prefix",
-                  :path "/",
-                  :backend {:service {:name "web", :port {:number 80}}}}]}}]}}]
-           (cut/generate-ingress-web
-            {:fqdn "xy.xy.xy"
-             :namespace "jitsi"}))))
+          {:ENABLE_AUTH "0",
+           :ENABLE_GUESTS "1",
+           :PUBLIC_URL "xy.xy.xy",
+           :XMPP_DOMAIN "meet.jitsi",
+           :XMPP_MUC_DOMAIN "muc.meet.jitsi",
+           :XMPP_AUTH_DOMAIN "auth.meet.jitsi",
+           :XMPP_GUEST_DOMAIN "guest.meet.jitsi",
+           :XMPP_RECORDER_DOMAIN "recorder.meet.jitsi",
+           :XMPP_INTERNAL_MUC_DOMAIN "internal-muc.meet.jitsi",
+           :ENABLE_COLIBRI_WEBSOCKET "true",
+           :ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX "1",
+           :ENABLE_XMPP_WEBSOCKET "true",
+           :ENABLE_RECORDING "true",
+           :ENABLE_FILE_RECORDING_SERVICE_SHARING "true",
+           :TZ "Europe/Berlin"}}
+         (second (cut/prosody-config
+                  {:fqdn "xy.xy.xy"
+                   :namespace "jitsi"}))))
+  (is (= 8
+         (count (cut/prosody-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"}))))
+   (is (= 5
+         (count (cut/prosody-auth
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"}
+                 {:jvb-auth-password "jvb-auth"
+                  :jicofo-auth-password "jicofo-auth"
+                  :jicofo-component-secret "jicofo-comp"})))))

-(deftest should-generate-ingress-modelector
-  (is (= [{:apiVersion "cert-manager.io/v1",
-           :kind "Certificate",
-           :metadata
-           {:name "modelector",
-            :labels {:app.kubernetes.part-of "modelector"},
-            :namespace "jitsi"},
-           :spec
-           {:secretName "modelector",
-            :commonName "modelector.xy.xy",
-            :duration "2160h",
-            :renewBefore "720h",
-            :dnsNames ["modelector.xy.xy"],
-            :issuerRef {:name "staging", :kind "ClusterIssuer"}}}
-          {:apiVersion "networking.k8s.io/v1",
-           :kind "Ingress",
+(deftest should-generate-jicofo
+  (is (= 4
+         (count (cut/jicofo-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"})))))
+
+(deftest should-generate-jitsi
+  (is (= 1
+         (count (cut/jitsi-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"})))))
+
+(deftest should-generate-jibri
+  (is (= 6
+         (count (cut/jibri-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"})))))
+
+(deftest should-generate-web
+  (is (= 6
+         (count (cut/web-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"})))))
+
+(deftest should-generate-jvb
+  (is (= 3
+         (count (cut/jvb-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"})))))
+
+(deftest should-generate-etherpad
+  (is (= 2
+         (count (cut/etherpad-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"})))))
+
+(deftest should-generate-excalidraw
+  (is (= 2
+         (count (cut/excalidraw-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"})))))
+
+(deftest should-generate-moderator-elector
+  (is (= 2
+         (count (cut/moderator-elector-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"})))))
+
+(deftest should-generate-restart
+  (is (= {:apiVersion "rbac.authorization.k8s.io/v1",
+          :kind "RoleBinding",
+          :metadata {:name "deployment-restart", :namespace "jitsi"},
+          :roleRef
+          {:apiGroup "rbac.authorization.k8s.io",
+           :kind "Role",
+           :name "deployment-restart"},
+          :subjects
+          [{:kind "ServiceAccount",
+            :name "deployment-restart",
+            :namespace "jitsi"}]}
+         (second (cut/restart-config
+                  {:fqdn "xy.xy.xy"
+                   :namespace "jitsi"}))))
+  (is (= {:apiVersion "rbac.authorization.k8s.io/v1",
+          :kind "Role",
+          :metadata {:name "deployment-restart", :namespace "jitsi"},
+          :rules
+          [{:apiGroups ["apps" "extensions"],
+            :resources ["deployments"],
+            :resourceNames ["etherpad" "excalidraw"],
+            :verbs ["get" "patch" "list" "watch"]}]}
+         (nth (cut/restart-config
+               {:fqdn "xy.xy.xy"
+                :namespace "jitsi"})
+              2)))
+  (is (= {:apiVersion "batch/v1",
+          :kind "CronJob",
+          :metadata {:name "restart-etherpad", :namespace "jitsi"},
+          :spec
+          {:concurrencyPolicy "Forbid",
+           :schedule "0 2 * * *",
+           :jobTemplate
+           {:spec
+            {:backoffLimit 2,
+             :activeDeadlineSeconds 600,
+             :template
+             {:spec
+              {:serviceAccountName "deployment-restart",
+               :restartPolicy "Never",
+               :containers 
+               [{:name "kubectl", :image "bitnami/kubectl",
+                 :command
+                 ["bash"
+                  "-c"
+                  "kubectl rollout restart deployment/etherpad && kubectl rollout status deployment/etherpad"]}]}}}}}}
+         (nth (cut/restart-config
+               {:fqdn "xy.xy.xy"
+                :namespace "jitsi"})
+              3)))
+  (is (= 5
+         (count (cut/restart-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"})))))
+
+(deftest should-generate-coturn
+   (is (= 5
+         (count (cut/coturn-config
+                 {:fqdn "xy.xy.xy"
+                  :namespace "jitsi"}))))
+  (is (= {:apiVersion "v1",
+           :kind "ConfigMap",
           :metadata
           {:namespace "jitsi",
-            :annotations
-            {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
-             :traefik.ingress.kubernetes.io/router.middlewares
-             "default-redirect-https@kubernetescrd",
-             :metallb.universe.tf/address-pool "public"},
-            :name "modelector",
-            :labels {:app.kubernetes.part-of "modelector"}},
-           :spec
-           {:tls [{:hosts ["modelector.xy.xy"], :secretName "modelector"}],
-            :rules
-            [{:host "modelector.xy.xy",
-              :http
-              {:paths
-               [{:pathType "Prefix",
-                 :path "/",
-                 :backend {:service {:name "modelector", :port {:number 80}}}}]}}]}}]
-         (cut/generate-ingress-modelector
-          {:fqdn "xy.xy"
-           :namespace "jitsi"}))))
-
-(deftest should-generate-jvb-service
-  (is (= {:apiVersion "v1",
-          :kind "Service",
-          :metadata
-          {:labels {:service "jvb"},
-           :annotations
-           #:metallb.universe.tf{:allow-shared-ip "shared-ip-service-group",
-                                 :address-pool "public"},
-           :name "jvb-udp"
-           :namespace "jitsi"},
-          :spec
-          {:type "LoadBalancer",
-           :ports
-           [{:port 30300, :protocol "UDP", :targetPort 30300, :nodePort 30300}],
-           :selector {:app "jitsi"}}}
-         (cut/generate-jvb-service
-          {:fqdn "xy.xy.xy"
-           :namespace "jitsi"}))))
-
-(deftest should-generate-web-service
-  (is (= {:apiVersion "v1",
-          :kind "Service",
-          :metadata {:labels {:service "web"}, :name "web", :namespace "jitsi"},
-          :spec
-          {:ports
-           [{:name "http", :port 80, :targetPort 80}
-            {:name "https", :port 443, :targetPort 443}],
-           :selector {:app "jitsi"}}}
-         (cut/generate-web-service
-          {:fqdn "xy.xy.xy"
-           :namespace "jitsi"}))))
-
-(deftest should-generate-etherpad-service
-  (is (= {:apiVersion "v1",
-          :kind "Service",
-          :metadata
-          {:labels {:service "etherpad"}, :name "etherpad", :namespace "jitsi"},
-          :spec
-          {:ports [{:name "etherpad", :port 9001, :targetPort 9001}],
-           :selector {:app "jitsi"}}}
-         (cut/generate-etherpad-service
-          {:fqdn "xy.xy.xy"
-           :namespace "jitsi"}))))
-
-(deftest should-generate-excalidraw-backend-service
-  (is (= {:apiVersion "v1",
-          :kind "Service",
-          :metadata
-          {:labels {:service "excalidraw-backend"},
-           :name "excalidraw-backend",
-           :namespace "jitsi"},
-          :spec
-          {:ports [{:name "excalidraw-backend", :port 3002, :targetPort 80}],
-           :selector {:app "excalidraw-backend"}}}
-         (cut/generate-excalidraw-backend-service
-          {:fqdn "xy.xy.xy"
-           :namespace "jitsi"}))))
-
-(deftest should-generate-modelector-service
-  (is (= {:apiVersion "v1",
-          :kind "Service",
-          :metadata
-          {:labels {:service "modelector"},
-           :name "modelector",
-           :namespace "jitsi"},
-          :spec
-          {:ports [{:name "http", :port 80, :targetPort 8080}],
-           :selector {:app "modelector"}}}
-         (cut/generate-modelector-service
-          {:fqdn "xy.xy.xy"
-           :namespace "jitsi"}))))
-
-(deftest should-generate-modelector-deployment
-  (is (= {:apiVersion "apps/v1",
-          :kind "Deployment",
-          :metadata
-          {:labels {:app "modelector"},
-           :name "modelector",
-           :namespace "jitsi"},
-          :spec
-          {:selector {:matchLabels {:app "modelector"}},
-           :replicas 1,
-           :strategy {:type "Recreate"},
-           :template
-           {:metadata {:labels {:app "modelector"}},
-            :spec
-            {:containers
-             [{:name "modelector",
-               :image "domaindrivenarchitecture/moderator-election-vaadin_fullstack",
-               :imagePullPolicy "IfNotPresent",
-               :env
-               [{:name "MEMBERNAMES",
-                 :value "Micha,Ansgar,Erik,Mirco"}]}]}}}}
-          (cut/generate-modelector-deployment
-           {:fqdn "xy.xy.xy"
-            :namespace "jitsi"}))))
-
-(deftest should-generate-excalidraw-deployment
-  (is (= {:apiVersion "v1",
-          :kind "Service",
-          :metadata
-          {:labels {:service "excalidraw-backend"},
-           :name "excalidraw-backend",
-           :namespace "jitsi"},
-          :spec
-          {:ports [{:name "excalidraw-backend", :port 3002, :targetPort 80}],
-           :selector {:app "excalidraw-backend"}}}
-         (cut/generate-excalidraw-backend-service
-          {:fqdn "xy.xy.xy"
-           :namespace "jitsi"}))))
+            :name "coturn-initial-config",
+            :labels #:app.kubernetes.io{:name "coturn"}},
+           :data
+           {:turnserver.conf
+            "realm: stun.xy.xy.xy\nlistening-ip: 0.0.0.0\nlistening-port: 3478\ntls-listening-port: 5349\nmin-port: 49152\nmax-port: 65535\nlog-file: stdout\npidfile: \"/var/tmp/turnserver.pid\"\npkey: \"/tls/tls.key\"\ncert: \"/tls/tls.crt\"\nuserdb: \"/var/db/turndb\""}}
+         (second (cut/coturn-config
+                  {:fqdn "xy.xy.xy"
+                   :namespace "jitsi"})))))