From 3cc947cc059ae573e28fc8c94b2f7f098abc2d19 Mon Sep 17 00:00:00 2001 From: Wei He Date: Fri, 24 Jun 2022 19:24:22 +0800 Subject: [PATCH] add support for custom port --- .github/workflows/pr.yaml | 87 +++++++++++++++++++++++++-- argocd/ingressroute-server.yaml.sh | 22 +++++-- deploy_jitsi.sh | 62 ++++++++++--------- jitsi/Chart.yaml | 2 +- jitsi/templates/ingressroute-web.yaml | 8 ++- jitsi/values.yaml | 2 + traefik-config.yaml.sh | 29 +++++++-- 7 files changed, 167 insertions(+), 45 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 81c9e58..7702031 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -6,14 +6,27 @@ jobs: e2e-test: runs-on: ubuntu-latest steps: + - name: Print the GitHub context + env: + GITHUB_CONTEXT: ${{ toJson(github) }} + run: echo "$GITHUB_CONTEXT" + - name: Checkout uses: actions/checkout@v3 - - - name: Run It + + - name: Remove built-in kubectl run: | sudo rm $(which kubectl) - sudo RUN_IN_CI=1 TLS_CERT=test/localhost.crt TLS_KEY=test/localhost.key ./deploy_jitsi.sh localhost test@localhost.local + - name: Install + run: | + sudo \ + DEPLOY_GIT_REPO=${{github.event.pull_request.head.repo.clone_url}} \ + DEPLOY_GIT_VERSION=${{github.head_ref}} \ + TLS_CERT=test/localhost.crt \ + TLS_KEY=test/localhost.key \ + ./deploy_jitsi.sh localhost + - name: Wait for pods run: | sudo kubectl -n prod wait pods -l app.kubernetes.io/name=prosody --for condition=Ready --timeout=90s @@ -22,9 +35,71 @@ jobs: sudo kubectl -n prod wait pods -l app.kubernetes.io/component=etherpad --for condition=Ready --timeout=180s sudo kubectl -n prod wait pods -l app.kubernetes.io/component=jvb --for condition=Ready --timeout=300s - - name: Check homepage + - name: Check run: | curl -vIL --cacert test/rootca.crt https://localhost + curl \ + --include \ + --no-buffer \ + --header "Connection: Upgrade" \ + --header "Upgrade: websocket" \ + --header "Host: localhost:443" \ + --header "Origin: https://localhost:443" \ + --cacert test/rootca.crt \ + https://localhost/xmpp-websocket?room=test | + grep 'It works! Now point your WebSocket client to this URL to connect to Prosody.' + + - name: Tear down + run: sudo /usr/local/bin/k3s-uninstall.sh + + e2e-test-custom-port: + runs-on: ubuntu-latest + steps: + - name: Print the GitHub context + env: + GITHUB_CONTEXT: ${{ toJson(github) }} + run: echo "$GITHUB_CONTEXT" + + - name: Checkout + uses: actions/checkout@v3 + + - name: Remove built-in kubectl + run: | + sudo rm $(which kubectl) + + - name: Install with custom port + run: | + sudo \ + DEPLOY_GIT_REPO=${{github.event.pull_request.head.repo.clone_url}} \ + DEPLOY_GIT_VERSION=${{github.head_ref}} \ + PORT=7443 \ + TLS_CERT=test/localhost.crt \ + TLS_KEY=test/localhost.key \ + ./deploy_jitsi.sh localhost + + - name: Wait for pods + run: | + sudo kubectl -n prod wait pods -l app.kubernetes.io/name=prosody --for condition=Ready --timeout=90s + sudo kubectl -n prod wait pods -l app.kubernetes.io/component=web --for condition=Ready --timeout=90s + sudo kubectl -n prod wait pods -l app.kubernetes.io/component=jicofo --for condition=Ready --timeout=180s + sudo kubectl -n prod wait pods -l app.kubernetes.io/component=etherpad --for condition=Ready --timeout=180s + sudo kubectl -n prod wait pods -l app.kubernetes.io/component=jvb --for condition=Ready --timeout=300s + + - name: Check + run: | + curl -vIL --cacert test/rootca.crt https://localhost:7443 + curl \ + --include \ + --no-buffer \ + --header "Connection: Upgrade" \ + --header "Upgrade: websocket" \ + --header "Host: localhost:7443" \ + --header "Origin: https://localhost:7443" \ + --cacert test/rootca.crt \ + https://localhost:7443/xmpp-websocket?room=test | + grep 'It works! Now point your WebSocket client to this URL to connect to Prosody.' + curl http://localhost 2>&1 | grep "Connection refused" + curl https://localhost 2>&1 | grep "Connection refused" - name: Tear down run: sudo /usr/local/bin/k3s-uninstall.sh @@ -42,7 +117,7 @@ jobs: with: version: v3.9.0 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 with: python-version: '3.x' @@ -65,7 +140,7 @@ jobs: - name: Create k3s cluster uses: debianmaster/actions-k3s@master with: - version: 'v1.24.1+k3s1' + version: 'v1.24.1-k3s1' if: steps.list-changed.outputs.changed == 'true' - name: Wait for traefik diff --git a/argocd/ingressroute-server.yaml.sh b/argocd/ingressroute-server.yaml.sh index 613f0ff..99105f7 100755 --- a/argocd/ingressroute-server.yaml.sh +++ b/argocd/ingressroute-server.yaml.sh @@ -1,9 +1,13 @@ if [ -n "${FQDN}" ]; then HOST_RULE="Host(\`${FQDN}\`)" - TLS_CERT_RESOLVER="certResolver: ${CERT_RESOLVER}" else HOST_RULE="Host(\`${PUBLIC_IP}\`)" - TLS_MAP="{}" +fi + +if [ ${PUBLIC_PORT} -eq 443 ]; then + ENTRYPOINT=websecure +else + ENTRYPOINT=jitsi-meet fi cat < " +if [ $# -ne 1 ] && [ $# -ne 2 ]; then + err "usage: $0 []" fi # check sudo @@ -22,6 +22,20 @@ apt update && apt -y install grep bind9-dnsutils iproute2 curl wget git export FQDN=$1 export ACME_EMAIL=$2 +if [ -n "${TLS_CERT}" ] && [ -n "${TLS_KEY}" ]; then + CERT_RESOLVER="" +else + if [ -z "${ACME_EMAIL}" ]; then + err " is required if no TLS cert is provided in TLS_CERT and TLS_KEY envvars" + fi + if [ -n "${STAGING_CERT}" ]; then + CERT_RESOLVER="le-staging" + else + CERT_RESOLVER="le-prod" + fi +fi +export CERT_RESOLVER + if [[ "${FQDN}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then export PUBLIC_IP=${FQDN} export FQDN="" @@ -42,6 +56,14 @@ if [ ${FQDN} != "localhost" ] && ! (curl -s https://ipinfo.io/ip | grep -q ${PUB err "the host doesn't have such public ip: ${PUBLIC_IP}, but these: \n$(curl -s https://ipinfo.io/ip)" fi +if [ -z "${PORT}" ]; then + export PUBLIC_PORT=443 + export PUBLIC_URL="https://${FQDN:-${PUBLIC_IP}}" +else + export PUBLIC_PORT=${PORT} + export PUBLIC_URL="https://${FQDN:-${PUBLIC_IP}}:${PUBLIC_PORT}" +fi + if [ -n "${TEST_INSTALL}" ]; then export HELM_NAME=jitsitest export NAMESPACE=test @@ -61,11 +83,7 @@ DEPLOY_GIT_REPO=${DEPLOY_GIT_REPO:-"https://github.com/shanghailug/jitsi-deploy. # workspace WS_DIR=${HOME}/deploy/$(date +"%Y%m%d_%H%M%S") -if [ -n "${RUN_IN_CI}" ]; then - SRC_DIR=${PWD} -else - SRC_DIR=${WS_DIR}/jitsi-deploy -fi +SRC_DIR=${WS_DIR}/jitsi-deploy mkdir -p ${WS_DIR} function get_helm { @@ -78,13 +96,11 @@ function get_helm { } function get_src { - if [ -z "${RUN_IN_CI}" ]; then - cd ${WS_DIR}/ - git clone ${DEPLOY_GIT_REPO} - cd $SRC_DIR/ - if [ -n "${DEPLOY_GIT_VERSION}" ]; then - git checkout ${DEPLOY_GIT_VERSION} - fi + cd ${WS_DIR}/ + git clone ${DEPLOY_GIT_REPO} + cd $SRC_DIR/ + if [ -n "${DEPLOY_GIT_VERSION}" ]; then + git checkout ${DEPLOY_GIT_VERSION} fi } @@ -169,18 +185,13 @@ function do_chart { EXCLUDE_JVB_VALUES_FILE="-f values-jvb-off.yaml" fi - if [ -n "${STAGING_CERT}" ]; then - CERT_RESOLVER="le-staging" - else - CERT_RESOLVER="le-prod" - fi - helm -n ${NAMESPACE} upgrade -i --create-namespace ${HELM_NAME} . \ -f values.yaml \ $EXCLUDE_JVB_VALUES_FILE \ --set certResolver=${CERT_RESOLVER} \ --set fqdn="${FQDN}" \ - --set jitsi-meet.publicURL=https://${FQDN:-${PUBLIC_IP}} \ + --set port=${PUBLIC_PORT} \ + --set jitsi-meet.publicURL="${PUBLIC_URL}" \ --set jitsi-meet.jvb.publicIP=${PUBLIC_IP} \ --set jitsi-meet.jvb.UDPPort=${JVB_PORT} } @@ -196,12 +207,6 @@ function do_app { EXCLUDE_JVB_VALUES_FILE="--values values-jvb-off.yaml" fi - if [ -n "${STAGING_CERT}" ]; then - CERT_RESOLVER="le-staging" - else - CERT_RESOLVER="le-prod" - fi - argocd login --core ORIG_NAMESPACE=$(kubectl config view --minify -o jsonpath='{..namespace}') kubectl config set-context --current --namespace=argocd @@ -218,7 +223,8 @@ function do_app { ${EXCLUDE_JVB_VALUES_FILE} \ --helm-set certResolver=${CERT_RESOLVER} \ --helm-set fqdn="${FQDN}" \ - --helm-set jitsi-meet.publicURL=https://${FQDN:-${PUBLIC_IP}} \ + --helm-set port=${PUBLIC_PORT} \ + --helm-set jitsi-meet.publicURL="${PUBLIC_URL}" \ --helm-set jitsi-meet.jvb.publicIP=${PUBLIC_IP} \ --helm-set jitsi-meet.jvb.UDPPort=${JVB_PORT} diff --git a/jitsi/Chart.yaml b/jitsi/Chart.yaml index 7e6c8f8..ff8c4e9 100644 --- a/jitsi/Chart.yaml +++ b/jitsi/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v2 name: jitsi-deploy -version: 0.1.5 +version: 0.1.6 dependencies: - name: jitsi-meet version: "1.2.2+etherpad.1" diff --git a/jitsi/templates/ingressroute-web.yaml b/jitsi/templates/ingressroute-web.yaml index 9d12b3f..292b5b1 100644 --- a/jitsi/templates/ingressroute-web.yaml +++ b/jitsi/templates/ingressroute-web.yaml @@ -6,20 +6,25 @@ metadata: name: jitsi-websecure spec: entryPoints: + {{- if eq (int .Values.port) 443 }} - websecure + {{- else }} + - jitsi-meet + {{- end }} routes: - kind: Rule match: Host(`{{ $hostname }}`) && PathPrefix(`/`) services: - name: {{ .Release.Name }}-jitsi-meet-web port: 80 - {{- if .Values.fqdn }} + {{- if .Values.certResolver }} tls: certResolver: {{ .Values.certResolver }} {{- else }} tls: {} {{- end }} +{{- if eq (int .Values.port) 443 }} --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute @@ -36,3 +41,4 @@ spec: services: - name: {{ .Release.Name }}-jitsi-meet-web port: 80 +{{- end }} diff --git a/jitsi/values.yaml b/jitsi/values.yaml index d1a73f0..c345331 100755 --- a/jitsi/values.yaml +++ b/jitsi/values.yaml @@ -3,6 +3,8 @@ certResolver: le-staging fqdn: "" +port: 443 + etherpad: scheduled: false schedules: diff --git a/traefik-config.yaml.sh b/traefik-config.yaml.sh index 233d402..193f7a2 100755 --- a/traefik-config.yaml.sh +++ b/traefik-config.yaml.sh @@ -8,6 +8,9 @@ spec: valuesContent: |- additionalArguments: - "--log.level=DEBUG" +EOF +if [ -n "${CERT_RESOLVER}" ]; then + cat <