hewei
/
jitsi-deploy
mirror of https://github.com/shanghailug/jitsi-deploy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add workflow for 'ct lint'

Browse Source
pull/11/head
Wei He 4 years ago committed by Wei He
parent b1721d5aee
commit 69166eeec2
53 changed files with 2054 additions and 10 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 54
      .github/workflows/lint-test.yaml
  2. 8
      ct.yaml
  3. 6
      jitsi/Chart.lock
  4. 8
      jitsi/Chart.yaml
  5. BIN
      jitsi/charts/jitsi-meet-1.2.2.tgz
  6. 25
      jitsi/charts/jitsi-meet/.helmignore
  7. 6
      jitsi/charts/jitsi-meet/Chart.lock
  8. 11
      jitsi/charts/jitsi-meet/Chart.yaml
  9. 21
      jitsi/charts/jitsi-meet/LICENSE
  10. 157
      jitsi/charts/jitsi-meet/README.md
  11. 23
      jitsi/charts/jitsi-meet/charts/prosody/.helmignore
  12. 6
      jitsi/charts/jitsi-meet/charts/prosody/Chart.yaml
  13. 21
      jitsi/charts/jitsi-meet/charts/prosody/templates/NOTES.txt
  14. 63
      jitsi/charts/jitsi-meet/charts/prosody/templates/_helpers.tpl
  15. 12
      jitsi/charts/jitsi-meet/charts/prosody/templates/envs-configmap.yaml
  16. 13
      jitsi/charts/jitsi-meet/charts/prosody/templates/envs-secret.yaml
  17. 56
      jitsi/charts/jitsi-meet/charts/prosody/templates/ingress.yaml
  18. 26
      jitsi/charts/jitsi-meet/charts/prosody/templates/service.yaml
  19. 12
      jitsi/charts/jitsi-meet/charts/prosody/templates/serviceaccount.yaml
  20. 130
      jitsi/charts/jitsi-meet/charts/prosody/templates/statefulset.yaml
  21. 15
      jitsi/charts/jitsi-meet/charts/prosody/templates/tests/test-connection.yaml
  22. 94
      jitsi/charts/jitsi-meet/charts/prosody/values.yaml
  23. 21
      jitsi/charts/jitsi-meet/templates/NOTES.txt
  24. 104
      jitsi/charts/jitsi-meet/templates/_helpers.tpl
  25. 31
      jitsi/charts/jitsi-meet/templates/common-configmap.yaml
  26. 59
      jitsi/charts/jitsi-meet/templates/ingress.yaml
  27. 18
      jitsi/charts/jitsi-meet/templates/jibri/_helper.tpl
  28. 21
      jitsi/charts/jitsi-meet/templates/jibri/configmap.yaml
  29. 93
      jitsi/charts/jitsi-meet/templates/jibri/deployment.yaml
  30. 18
      jitsi/charts/jitsi-meet/templates/jibri/persistentvolumeclaim.yaml
  31. 21
      jitsi/charts/jitsi-meet/templates/jibri/service.yaml
  32. 14
      jitsi/charts/jitsi-meet/templates/jibri/xmpp-secret.yaml
  33. 18
      jitsi/charts/jitsi-meet/templates/jicofo/_helper.tpl
  34. 22
      jitsi/charts/jitsi-meet/templates/jicofo/configmap.yaml
  35. 76
      jitsi/charts/jitsi-meet/templates/jicofo/deployment.yaml
  36. 11
      jitsi/charts/jitsi-meet/templates/jicofo/xmpp-secret.yaml
  37. 18
      jitsi/charts/jitsi-meet/templates/jvb/_helper.tpl
  38. 28
      jitsi/charts/jitsi-meet/templates/jvb/configmap.yaml
  39. 166
      jitsi/charts/jitsi-meet/templates/jvb/deployment.yaml
  40. 27
      jitsi/charts/jitsi-meet/templates/jvb/metrics-prometheus.yaml
  41. 16
      jitsi/charts/jitsi-meet/templates/jvb/metrics-service.yaml
  42. 35
      jitsi/charts/jitsi-meet/templates/jvb/service.yaml
  43. 10
      jitsi/charts/jitsi-meet/templates/jvb/xmpp-secret.yaml
  44. 12
      jitsi/charts/jitsi-meet/templates/serviceaccount.yaml
  45. 15
      jitsi/charts/jitsi-meet/templates/tests/test-connection.yaml
  46. 15
      jitsi/charts/jitsi-meet/templates/web/_helper.tpl
  47. 24
      jitsi/charts/jitsi-meet/templates/web/configmap.yaml
  48. 84
      jitsi/charts/jitsi-meet/templates/web/deployment.yaml
  49. 18
      jitsi/charts/jitsi-meet/templates/web/service.yaml
  50. 288
      jitsi/charts/jitsi-meet/values.yaml
  51. 3
      jitsi/ci/dummy-values.yaml
  52. 4
      jitsi/values.yaml
  53. 7
      lintconf.yaml

54
.github/workflows/lint-test.yaml
Unescape View File

@ -0,0 +1,54 @@
name: Lint and Test Charts
on: pull_request
jobs:
lint-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v1
with:
version: v3.8.2
- uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.2.1
with:
version: v3.5.1
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --config ct.yaml)
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
fi
- name: Run chart-testing (lint)
run: ct lint --config ct.yaml --lint-conf lintconf.yaml --validate-maintainers=false
- name: Create k3s cluster
uses: debianmaster/actions-k3s@master
with:
version: 'v1.23.6-k3s1'
if: steps.list-changed.outputs.changed == 'true'
- name: Wait for traefik
run: |
kubectl -n kube-system wait --for=condition=complete job/helm-install-traefik-crd
kubectl -n kube-system wait --for=condition=complete job/helm-install-traefik
kubectl -n kube-system wait --for=condition=available deploy/traefik
if: steps.list-changed.outputs.changed == 'true'
- name: Run chart-testing (install)
run: ct install --config ct.yaml --chart-dirs . --charts jitsi
if: steps.list-changed.outputs.changed == 'true'

8
ct.yaml
Unescape View File

@ -0,0 +1,8 @@
# See https://github.com/helm/chart-testing#configuration
remote: origin
target-branch: main
chart-dirs:
- .
chart-repos:
- jitsi=https://jitsi-contrib.github.io/jitsi-helm
helm-extra-args: --timeout 600s

6
jitsi/Chart.lock
Unescape View File

@ -1,6 +1,6 @@
dependencies:
- name: jitsi-meet
repository: https://jitsi-contrib.github.io/jitsi-helm
repository: ""
version: 1.2.2
digest: sha256:165664c1a23bc9760177e63740a861360eee007b432d9044ea449e77fba95d94
generated: "2022-05-02T17:15:02.132446+08:00"
digest: sha256:f27d02481ecd087ba8c56aa5e8f76e97f177ff8488a17b016e4bc1c54c253f23
generated: "2022-05-20T21:45:04.926228+08:00"

8
jitsi/Chart.yaml
Unescape View File

@ -1,7 +1,7 @@
---
apiVersion: v2
name: jitsi-deploy
version: 0.1.0
version: 0.1.1
dependencies:
- name: jitsi-meet
version: 1.2.2
repository: "https://jitsi-contrib.github.io/jitsi-helm"
- name: jitsi-meet
version: 1.2.2

BIN
jitsi/charts/jitsi-meet-1.2.2.tgz
View File

Binary file not shown.

25
jitsi/charts/jitsi-meet/.helmignore
Unescape View File

@ -0,0 +1,25 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# GitHub Pages
docs/

6
jitsi/charts/jitsi-meet/Chart.lock
Unescape View File

@ -0,0 +1,6 @@
dependencies:
- name: prosody
repository: ""
version: '*'
digest: sha256:fa9f3f9cfe91aefb81520e7b941b3412241dba7e1631a69138f0fe328c3795ff
generated: "2020-07-15T11:12:58.968506151+02:00"

11
jitsi/charts/jitsi-meet/Chart.yaml
Unescape View File

@ -0,0 +1,11 @@
apiVersion: v2
appVersion: stable-6865
dependencies:
- condition: prosody.enabled
name: prosody
repository: ""
version: 1.2.2
description: A Helm chart for Kubernetes
name: jitsi-meet
type: application
version: 1.2.2

21
jitsi/charts/jitsi-meet/LICENSE
Unescape View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2021 jitsi-contrib
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

157
jitsi/charts/jitsi-meet/README.md
Unescape View File

@ -0,0 +1,157 @@
# Helm Chart for Jitsi Meet
[jitsi-meet](https://jitsi.org/jitsi-meet/) Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
## TL;DR;
```bash
helm repo add jitsi https://jitsi-contrib.github.io/jitsi-helm/
helm install myjitsi jitsi/jitsi-meet
```
## Introduction
This chart bootstraps a jitsi-meet deployment, like the official [one](https://meet.jit.si).
## Different topology
To be able to do video conferencing with other people, the jvb component should be reachable by all participants (eg: a public IP).
Thus the default behaviour of advertised the internal IP of jvb, is not really suitable in many cases.
Kubernetes offers multiple possibilities to work around the problem. Not all options are available depending on the Kubernetes cluster setup.
The chart tries to make all options available without enforcing one.
### Option 1: service of type `LoadBalancer`
This requires a cloud setup that enables a Loadbalancer attachement.
This could be enabled via values:
```yaml
jvb:
service:
type: LoadBalancer
# Depending on the cloud, publicIP cannot be know in advance, so deploy first, without the next option.
# Next: redeploy with the following option set to the public IP you retrieved from the API.
publicIP: 1.2.3.4
```
In this case you're not allowed to change the `jvb.replicaCount` to more than `1`, UDP packets will be routed to random `jvb`, which would not allow for a working video setup.
### Option 2: NodePort and node with Public IP or external loadbalancer
```yaml
jvb:
service:
type: NodePort
# It may be required to change the default port to a value allowed by Kubernetes (30000-32768)
UDPPort: 30000
# Use public IP of one of your node, or the public IP of a loadbalancer in front of the nodes
publicIP: 1.2.3.4
```
In this case you're not allowed to change the `jvb.replicaCount` to more than `1`, UDP packets will be routed to random `jvb`, which would not allow for a working video setup.
### Option 3: hostPort and node with Public IP
Assuming that the node knows the PublicIP it holds, you can enable this setup:
```yaml
jvb:
useHostPort: true
# This option requires kubernetes >= 1.17
useNodeIP: true
```
In this case you can have more the one `jvb` but you're putting you cluster at risk by having it directly exposed on the Internet.
### Option 4: Use ingress TCP/UDP forward capabilities
In case of an ingress capable of doing tcp/udp forwarding (like nginx-ingress), it can be setup to forward the video streams.
```yaml
# Don't forget to configure the ingress properly (separate configuration)
jvb:
# 1.2.3.4 being one of the IP of the ingress controller
publicIP: 1.2.3.4
```
Again in this case, only one jvb will work in this case.
### Option 5: Bring your own setup
There are multiple other possibilities combining the available parameters, depending of your cluster/network setup.
## Configuration
The following table lists the configurable parameters of the jisti-meet chart and their default values.
Parameter | Description | Default
--- | --- | ---
`imagePullSecrets` | List of names of secrets resources containing private registry credentials | `[]`
`enableAuth` | Enable authentication | `false`
`enableGuests` | Enable guest access | `true`
`jibri.enabled` | Enable Jibri service | `false`
`jibri.persistence.enabled` | Enable persistent storage for Jibri recordings | `false`
`jibri.persistence.size` | Jibri persistent storage size | `4Gi`
`jibri.persistence.existingClaim` | Use pre-created PVC for Jibri | `(unset)`
`jibri.persistence.storageClassName` | StorageClass to use with Jibri | `(unset)`
`jibri.shm.enabled` | Allocate shared memory to Jibri pod | `false`
`jibri.shm.useHost` | Pass `/dev/shm` from host to Jibri | `false`
`jibri.shm.size` | Jibri shared memory size | `256Mi`
`jibri.replicaCount` | Number of replica of the jibri pods | `1`
`jibri.image.repository` | Name of the image to use for the jibri pods | `jitsi/jibri`
`jibri.extraEnvs` | Map containing additional environment variables for jibri | '{}'
`jibri.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map
`jibri.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map
`jibri.breweryMuc` | Name of the XMPP MUC used by jibri | `jibribrewery`
`jibri.xmpp.user` | Name of the XMPP user used by jibri to authenticate | `jibri`
`jibri.xmpp.password` | Password used by jibri to authenticate on the XMPP service | 10 random chars
`jibri.recorder.user` | Name of the XMPP user used by jibri to record | `recorder`
`jibri.recorder.password` | Password used by jibri to record on the XMPP service | 10 random chars
`jicofo.replicaCount` | Number of replica of the jicofo pods | `1`
`jicofo.image.repository` | Name of the image to use for the jicofo pods | `jitsi/jicofo`
`jicofo.extraEnvs` | Map containing additional environment variables for jicofo | '{}'
`jicofo.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map
`jicofo.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map
`jicofo.xmpp.user` | Name of the XMPP user used by jicofo to authenticate | `focus`
`jicofo.xmpp.password` | Password used by jicofo to authenticate on the XMPP service | 10 random chars
`jicofo.xmpp.componentSecret` | Values of the secret used by jicofo for the xmpp-component | 10 random chars
`jvb.service.enabled` | Boolean to enable os disable the jvb service creation | `false` if `jvb.useHostPort` is `true` otherwise `true`
`jvb.service.type` | Type of the jvb service | `ClusterIP`
`jvb.UDPPort` | UDP port used by jvb, also affects port of service, and hostPort | `10000`
`jvb.extraEnvs` | Map containing additional environment variables to jvb | '{}'
`jvb.xmpp.user` | Name of the XMPP user used by jvb to authenticate | `jvb`
`jvb.xmpp.password` | Password used by jvb to authenticate on the XMPP service | 10 random chars
`jvb.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map
`jvb.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map
`jvb.websockets.enabled` | Enable WebSocket support for JVB/Colibri | `false`
`jvb.websockets.serverID` | Set JVB/Colibri WS Server ID | `podIP` (see `values.yaml`)
`jvb.metrics.enabled` | Boolean that control the metrics exporter for jvb. If true the `ServiceMonitor` will also created | `false`
`jvb.metrics.prometheusAnnotations` | Boolean that controls the generation of prometheus annotations, to expose metrics for HPA | `false`
`jvb.metrics.image.repository` | Default image repository for metrics exporter | `docker.io/systemli/prometheus-jitsi-meet-exporter`
`jvb.metrics.image.tag` | Default tag for metrics exporter | `1.1.5`
`jvb.metrics.image.pullPolicy` | ImagePullPolicy for metrics exporter | `IfNotPresent`
`jvb.metrics.serviceMonitor.enabled` | `ServiceMonitor` for Prometheus | `true`
`jvb.metrics.serviceMonitor.selector` | Selector for `ServiceMonitor` | `{ release: prometheus-operator }`
`jvb.metrics.serviceMonitor.interval` | Interval for `ServiceMonitor` | `10s`
`jvb.metrics.serviceMonitor.honorLabels` | Make `ServiceMonitor` honor labels | `false`
`jvb.metrics.resources` | Resources for the metrics container | `{ requests: { cpu: 10m, memory: 16Mi }, limits: { cpu: 20m, memory: 32Mi } }`
`octo.enabled` | Boolean to enable or disable the OCTO mode, for a single region | `false`
`web.httpsEnabled` | Boolean that enabled tls-termination on the web pods. Useful if you expose the UI via a `Loadbalancer` IP instead of an ingress | `false`
`web.httpRedirect` | Boolean that enabled http-to-https redirection. Useful for ingress that don't support this feature (ex: GKE ingress) | `false`
`web.resolverIP` | DNS service IP for Web container to use | (unset)
`web.extraEnvs` | Map containing additional environment variable to web pods | '{}'
`web.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map
`web.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map
`tz` | System Time Zone | `Europe/Amsterdam`
## Package
```bash
helm package . -d docs
helm repo index docs --url https://jitsi-contrib.github.io/jitsi-helm/
```

23
jitsi/charts/jitsi-meet/charts/prosody/.helmignore
Unescape View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
jitsi/charts/jitsi-meet/charts/prosody/Chart.yaml
Unescape View File

@ -0,0 +1,6 @@
apiVersion: v2
appVersion: 0.11.13
description: A Helm chart for Kubernetes
name: prosody
type: application
version: 1.2.2

21
jitsi/charts/jitsi-meet/charts/prosody/templates/NOTES.txt
Unescape View File

@ -0,0 +1,21 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "prosody.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "prosody.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "prosody.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "prosody.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}

63
jitsi/charts/jitsi-meet/charts/prosody/templates/_helpers.tpl
Unescape View File

@ -0,0 +1,63 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "prosody.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "prosody.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "prosody.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "prosody.labels" -}}
helm.sh/chart: {{ include "prosody.chart" . }}
{{ include "prosody.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "prosody.selectorLabels" -}}
app.kubernetes.io/name: {{ include "prosody.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "prosody.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "prosody.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

12
jitsi/charts/jitsi-meet/charts/prosody/templates/envs-configmap.yaml
Unescape View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "prosody.fullname" . }}
labels:
{{- include "prosody.labels" . | nindent 4 }}
data:
{{- range $key, $value := .Values.env }}
{{- if not (kindIs "invalid" $value) }}
{{ $key }}: {{ tpl $value $ | quote }}
{{- end }}
{{- end }}

13
jitsi/charts/jitsi-meet/charts/prosody/templates/envs-secret.yaml
Unescape View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "prosody.fullname" . }}
labels:
{{- include "prosody.labels" . | nindent 4 }}
type: Opaque
data:
{{- range $key, $value := .Values.secretEnvs }}
{{- if not (kindIs "invalid" $value) }}
{{ $key }}: {{ tpl $value $ | b64enc }}
{{- end }}
{{- end }}

56
jitsi/charts/jitsi-meet/charts/prosody/templates/ingress.yaml
Unescape View File

@ -0,0 +1,56 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "prosody.fullname" . -}}
{{- $svcPort := index .Values.service.ports "bosh-insecure" -}}
{{- $kubeVersion := .Capabilities.KubeVersion.GitVersion -}}
{{- if semverCompare ">=1.19-0" $kubeVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" $kubeVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "prosody.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
pathType: Prefix
backend:
{{ if semverCompare ">=1.19-0" $kubeVersion }}
service:
name: {{ $fullName }}
port:
{{ if kindIs "float64" $svcPort }}
number: {{ $svcPort }}
{{ else }}
name: {{ $svcPort }}
{{ end }}
{{ else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{ end }}
{{- end }}
{{- end }}
{{- end }}

26
jitsi/charts/jitsi-meet/charts/prosody/templates/service.yaml
Unescape View File

@ -0,0 +1,26 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "prosody.fullname" . }}
labels:
{{- include "prosody.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ index .Values.service.ports "bosh-insecure" }}
protocol: TCP
name: tcp-bosh-insecure
- port: {{ index .Values.service.ports "bosh-secure" }}
protocol: TCP
name: tcp-bosh-secure
- port: {{ index .Values.service.ports "xmpp-component" }}
protocol: TCP
name: tcp-xmpp-component
- port: {{ index .Values.service.ports "xmpp-c2s" }}
protocol: TCP
name: tcp-xmpp-c2
- port: {{ index .Values.service.ports "xmpp-s2s" }}
protocol: TCP
name: tcp-xmpp-s2
selector:
{{- include "prosody.selectorLabels" . | nindent 4 }}

12
jitsi/charts/jitsi-meet/charts/prosody/templates/serviceaccount.yaml
Unescape View File

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "prosody.serviceAccountName" . }}
labels:
{{- include "prosody.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

130
jitsi/charts/jitsi-meet/charts/prosody/templates/statefulset.yaml
Unescape View File

@ -0,0 +1,130 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "prosody.fullname" . }}
labels:
{{- include "prosody.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
serviceName: "prosody"
replicas: 1
selector:
matchLabels:
{{- include "prosody.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "prosody.selectorLabels" . | nindent 8 }}
{{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.podLabels }}
{{ $label }}: {{ $value }}
{{- end }}
{{- with mergeOverwrite .Values.global.podAnnotations .Values.podAnnotations }}
annotations:
{{- range $annotation, $value := . }}
{{ $annotation }}: {{ $value }}
{{- end }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "prosody.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ tpl (default .Chart.AppVersion .Values.image.tag ) . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
envFrom:
- configMapRef:
name: {{ include "prosody.fullname" . }}
- secretRef:
name: {{ include "prosody.fullname" . }}
{{- range .Values.extraEnvFrom }}
- {{ tpl (toYaml . ) $ | indent 12 | trim }}
{{- end }}
{{- if .Values.extraEnvs }}
env:
{{- range .Values.extraEnvs }}
- {{ tpl (toYaml . ) $ | indent 12 | trim }}
{{- end }}
{{- end }}
ports:
- name: xmpp-c2s
containerPort: {{ index .Values.service.ports "xmpp-c2s" }}
protocol: TCP
- name: xmpp-s2s
containerPort: {{ index .Values.service.ports "xmpp-s2s" }}
protocol: TCP
- name: xmpp-component
containerPort: {{ index .Values.service.ports "xmpp-component" }}
protocol: TCP
- name: bosh-insecure
containerPort: {{ index .Values.service.ports "bosh-insecure" }}
protocol: TCP
- name: bosh-secure
containerPort: {{ index .Values.service.ports "bosh-secure" }}
protocol: TCP
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: prosody-data
mountPath: {{ .Values.dataDir }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
volumes:
- name: prosody-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: prosody-data
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if or .Values.persistence.enabled .Values.extraVolumeClaimTemplates }}
volumeClaimTemplates:
- metadata:
name: prosody-data
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- with .Values.persistence.storageClassName }}
storageClassName: {{ . | quote }}
{{- end }}
{{- with .Values.extraVolumeClaimTemplates }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

15
jitsi/charts/jitsi-meet/charts/prosody/templates/tests/test-connection.yaml
Unescape View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "prosody.fullname" . }}-test-connection"
labels:
{{- include "prosody.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "prosody.fullname" . }}:{{ index .Values.service.ports "bosh-insecure" }}/http-bind']
restartPolicy: Never

94
jitsi/charts/jitsi-meet/charts/prosody/values.yaml
Unescape View File

@ -0,0 +1,94 @@
# Default values for prosody.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: nginx
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
domain:
dataDir: /config/data
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podLabels: {}
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
ports:
bosh-insecure: 5280
bosh-secure: 5281
xmpp-c2s: 5222
xmpp-s2s: 5269
xmpp-component: 5347
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
livenessProbe:
httpGet:
path: /http-bind
port: bosh-insecure
readinessProbe:
httpGet:
path: /http-bind
port: bosh-insecure
persistence:
enabled: true
size: 3G
storageClassName:
nodeSelector: {}
tolerations: []
affinity: {}
extraEnvs: []
extraEnvFrom: []
secretEnvs: {}

21
jitsi/charts/jitsi-meet/templates/NOTES.txt
Unescape View File

@ -0,0 +1,21 @@
1. Get the application URL by running these commands:
{{- if .Values.web.ingress.enabled }}
{{- range $host := .Values.web.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.web.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.web.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "jitsi-meet.web.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.web.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "jitsi-meet.web.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "jitsi-meet.web.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.web.service.port }}
{{- else if contains "ClusterIP" .Values.web.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "jitsi-meet.name" . }},app.kubernetes.io/component=web,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}

104
jitsi/charts/jitsi-meet/templates/_helpers.tpl
Unescape View File

@ -0,0 +1,104 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "jitsi-meet.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "jitsi-meet.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "jitsi-meet.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "jitsi-meet.labels" -}}
helm.sh/chart: {{ include "jitsi-meet.chart" . }}
{{ include "jitsi-meet.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "jitsi-meet.selectorLabels" -}}
app.kubernetes.io/name: {{ include "jitsi-meet.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "jitsi-meet.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "jitsi-meet.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
https://github.com/helm/helm/issues/4535
*/}}
{{- define "call-nested" }}
{{- $dot := index . 0 }}
{{- $subchart := index . 1 }}
{{- $template := index . 2 }}
{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
{{- end }}
{{- define "jitsi-meet.xmpp.domain" -}}
{{- if .Values.xmpp.domain -}}
{{ .Values.xmpp.domain }}
{{- else -}}
{{ .Release.Namespace }}.svc
{{- end -}}
{{- end -}}
{{- define "jitsi-meet.xmpp.server" -}}
{{- if .Values.prosody.server -}}
{{ .Values.prosody.server }}
{{- else -}}
{{ include "call-nested" (list . "prosody" "prosody.fullname") }}.{{ .Release.Namespace }}.svc
{{- end -}}
{{- end -}}
{{- define "jitsi-meet.publicURL" -}}
{{- if .Values.publicURL }}
{{- .Values.publicURL -}}
{{- else -}}
{{- if .Values.web.ingress.tls -}}https://{{- else -}}http://{{- end -}}
{{- if .Values.web.ingress.tls -}}
{{- (.Values.web.ingress.tls|first).hosts|first -}}
{{- else if .Values.web.ingress.hosts -}}
{{- (.Values.web.ingress.hosts|first).host -}}
{{ required "You need to define a publicURL or some value for ingress" .Values.publicURL }}
{{- end -}}
{{- end -}}
{{- end -}}

31
jitsi/charts/jitsi-meet/templates/common-configmap.yaml
Unescape View File

@ -0,0 +1,31 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
labels:
{{- include "jitsi-meet.labels" . | nindent 4 }}
data:
ENABLE_AUTH: {{ ternary "1" "0" .Values.enableAuth | quote }}
ENABLE_GUESTS: {{ ternary "1" "0" .Values.enableGuests | quote }}
PUBLIC_URL: {{ include "jitsi-meet.publicURL" . }}
XMPP_DOMAIN: {{ include "jitsi-meet.xmpp.domain" . }}
XMPP_MUC_DOMAIN: {{ .Values.xmpp.mucDomain | default (printf "muc.%s" (include "jitsi-meet.xmpp.domain" .)) }}
XMPP_AUTH_DOMAIN: {{ .Values.xmpp.authDomain | default (printf "auth.%s" (include "jitsi-meet.xmpp.domain" .)) }}
XMPP_GUEST_DOMAIN: {{ .Values.xmpp.guestDomain | default (printf "guest.%s" (include "jitsi-meet.xmpp.domain" .)) }}
XMPP_RECORDER_DOMAIN: {{ .Values.xmpp.recorderDomain | default (printf "recorder.%s" (include "jitsi-meet.xmpp.domain" .)) }}
XMPP_INTERNAL_MUC_DOMAIN: {{ .Values.xmpp.internalMucDomain | default (printf "internal-muc.%s" (include "jitsi-meet.xmpp.domain" .)) }}
{{- if .Values.jibri.enabled }}
ENABLE_RECORDING: "true"
{{- end }}
TZ: '{{ .Values.tz }}'
{{- range $key, $value := .Values.extraCommonEnvs }}
{{- if not (kindIs "invalid" $value) }}
{{ $key }}: {{ tpl $value $ | quote }}
{{- end }}
{{- end }}
{{- if .Values.octo.enabled }}
ENABLE_OCTO: "1"
TESTING_OCTO_PROBABILITY: "1"
DEPLOYMENTINFO_REGION: "all"
DEPLOYMENTINFO_USERREGION: "all"
{{- end }}

59
jitsi/charts/jitsi-meet/templates/ingress.yaml
Unescape View File

@ -0,0 +1,59 @@
{{- if .Values.web.ingress.enabled -}}
{{- $fullName := include "jitsi-meet.web.fullname" . -}}
{{- $svcPort := .Values.web.service.port -}}
{{- $kubeVersion := .Capabilities.KubeVersion.GitVersion -}}
{{- if semverCompare ">=1.19-0" $kubeVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" $kubeVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "jitsi-meet.web.labels" . | nindent 4 }}
{{- with .Values.web.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.web.ingress.ingressClassName (semverCompare ">=1.19-0" $kubeVersion) }}
ingressClassName: {{ .Values.web.ingress.ingressClassName }}
{{- end }}
{{- if .Values.web.ingress.tls }}
tls:
{{- range .Values.web.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.web.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
pathType: Prefix
backend:
{{ if semverCompare ">=1.19-0" $kubeVersion }}
service:
name: {{ $fullName }}
port:
{{ if kindIs "float64" $svcPort }}
number: {{ $svcPort }}
{{ else }}
name: {{ $svcPort }}
{{ end }}
{{ else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{ end }}
{{- end }}
{{- end }}
{{- end }}

18
jitsi/charts/jitsi-meet/templates/jibri/_helper.tpl
Unescape View File

@ -0,0 +1,18 @@
{{- define "jitsi-meet.jibri.fullname" -}}
{{ include "jitsi-meet.fullname" . }}-jibri
{{- end -}}
{{- define "jitsi-meet.jibri.labels" -}}
{{ include "jitsi-meet.labels" . }}
app.kubernetes.io/component: jibri
{{- end -}}
{{- define "jitsi-meet.jibri.selectorLabels" -}}
{{ include "jitsi-meet.selectorLabels" . }}
app.kubernetes.io/component: jibri
{{- end -}}
{{- define "jitsi-meet.jibri.secret" -}}
{{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jibri
{{- end -}}

21
jitsi/charts/jitsi-meet/templates/jibri/configmap.yaml
Unescape View File

@ -0,0 +1,21 @@
{{- if .Values.jibri.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "jitsi-meet.jibri.fullname" . }}
labels:
{{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
data:
XMPP_SERVER: '{{ include "jitsi-meet.xmpp.server" . }}'
JIBRI_BREWERY_MUC: '{{ .Values.jibri.breweryMuc }}'
JIBRI_RECORDING_DIR: '{{ .Values.jibri.recordingDir | default "/data/recordings" }}'
JIBRI_FINALIZE_RECORDING_SCRIPT_PATH: "/config/finalize.sh"
JIBRI_STRIP_DOMAIN_JID: muc
JIBRI_LOGS_DIR: "/data/logs"
DISPLAY: ":0"
{{- range $key, $value := .Values.jibri.extraEnvs }}
{{- if not (kindIs "invalid" $value) }}
{{ $key }}: {{ tpl $value $ | quote }}
{{- end }}
{{- end }}
{{- end }}

93
jitsi/charts/jitsi-meet/templates/jibri/deployment.yaml
Unescape View File

@ -0,0 +1,93 @@
{{- if .Values.jibri.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "jitsi-meet.jibri.fullname" . }}
labels:
{{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
{{- with .Values.jibri.annotations }}
annotations:
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.jibri.replicaCount | default 1 }}
selector:
matchLabels:
{{- include "jitsi-meet.jibri.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "jitsi-meet.jibri.selectorLabels" . | nindent 8 }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/jibri/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/jibri/xmpp-secret.yaml") . | sha256sum }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
containers:
- name: {{ .Chart.Name }}
securityContext:
privileged: true
image: "{{ .Values.jibri.image.repository }}:{{ default .Chart.AppVersion .Values.jibri.image.tag }}"
imagePullPolicy: {{ pluck "pullPolicy" .Values.jibri.image .Values.image | first }}
ports:
- name: http-internal
containerPort: 3333
- name: http-api
containerPort: 2222
{{- with default .Values.jibri.livenessProbe .Values.jibri.livenessProbeOverride }}
livenessProbe:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with default .Values.jibri.readinessProbe .Values.jibri.readinessProbeOverride }}
readinessProbe:
{{- toYaml . | nindent 10 }}
{{- end }}
envFrom:
- secretRef:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jibri
- configMapRef:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
- configMapRef:
name: {{ include "jitsi-meet.jibri.fullname" . }}
resources:
{{- toYaml .Values.jibri.resources | nindent 12 }}
volumeMounts:
- name: jibri-data
mountPath: /data
- name: dev-snd
mountPath: /dev/snd
{{- if .Values.jibri.shm.enabled }}
- name: dev-shm
mountPath: /dev/shm
{{- end }}
volumes:
- name: jibri-data
{{- if .Values.jibri.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.jibri.persistence.existingClaim | default (include "jitsi-meet.jibri.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
- name: dev-snd
hostPath:
path: /dev/snd
{{- if .Values.jibri.shm.enabled }}
- name: dev-shm
{{- if .Values.jibri.shm.useHost }}
hostPath:
path: /dev/shm
{{- else }}
emptyDir:
medium: Memory
sizeLimit: {{ .Values.jibri.shm.size | default "256Mi" | quote }}
{{- end }}
{{- end }}
{{- end }}

18
jitsi/charts/jitsi-meet/templates/jibri/persistentvolumeclaim.yaml
Unescape View File

@ -0,0 +1,18 @@
{{- if and .Values.jibri.enabled .Values.jibri.persistence.enabled (not .Values.jibri.persistence.existingClaim)}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "jitsi-meet.jibri.fullname" . }}
labels:
{{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.jibri.persistence.size | quote }}
{{- with .Values.jibri.persistence.storageClassName }}
storageClassName: {{ . | quote }}
{{- end }}
{{- end -}}

21
jitsi/charts/jitsi-meet/templates/jibri/service.yaml
Unescape View File

@ -0,0 +1,21 @@
{{- if .Values.jibri.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "jitsi-meet.jibri.fullname" . }}
labels:
{{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http-internal
port: 3333
targetPort: 3333
protocol: TCP
- name: http-api
port: 2222
targetPort: 2222
protocol: TCP
selector:
{{- include "jitsi-meet.jibri.selectorLabels" . | nindent 4 }}
{{- end }}

14
jitsi/charts/jitsi-meet/templates/jibri/xmpp-secret.yaml
Unescape View File

@ -0,0 +1,14 @@
{{- if .Values.jibri.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jibri
labels:
{{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
type: Opaque
data:
JIBRI_XMPP_USER: '{{ .Values.jibri.xmpp.user | b64enc }}'
JIBRI_XMPP_PASSWORD: '{{ default (randAlphaNum 10) .Values.jibri.xmpp.password | b64enc }}'
JIBRI_RECORDER_USER: '{{ .Values.jibri.recorder.user | b64enc }}'
JIBRI_RECORDER_PASSWORD: '{{ default (randAlphaNum 10) .Values.jibri.recorder.password | b64enc }}'
{{- end }}

18
jitsi/charts/jitsi-meet/templates/jicofo/_helper.tpl
Unescape View File

@ -0,0 +1,18 @@
{{- define "jitsi-meet.jicofo.fullname" -}}
{{ include "jitsi-meet.fullname" . }}-jicofo
{{- end -}}
{{- define "jitsi-meet.jicofo.labels" -}}
{{ include "jitsi-meet.labels" . }}
app.kubernetes.io/component: jicofo
{{- end -}}
{{- define "jitsi-meet.jicofo.selectorLabels" -}}
{{ include "jitsi-meet.selectorLabels" . }}
app.kubernetes.io/component: jicofo
{{- end -}}
{{- define "jitsi-meet.jicofo.secret" -}}
{{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jicofo
{{- end -}}

22
jitsi/charts/jitsi-meet/templates/jicofo/configmap.yaml
Unescape View File

@ -0,0 +1,22 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "jitsi-meet.jicofo.fullname" . }}
labels:
{{- include "jitsi-meet.jicofo.labels" . | nindent 4 }}
data:
JVB_BREWERY_MUC: '{{ .Values.jvb.breweryMuc }}'
XMPP_SERVER: '{{ include "jitsi-meet.xmpp.server" . }}'
{{- if .Values.jibri.enabled }}
JIBRI_BREWERY_MUC: '{{ .Values.jibri.breweryMuc }}'
JIBRI_PENDING_TIMEOUT: '{{ .Values.jibri.timeout }}'
{{- end }}
{{- range $key, $value := .Values.jicofo.extraEnvs }}
{{- if not (kindIs "invalid" $value) }}
{{ $key }}: {{ tpl $value $ | quote }}
{{- end }}
{{- end }}
{{- if .Values.octo.enabled }}
ENABLE_OCTO: "1"
OCTO_BRIDGE_SELECTION_STRATEGY: "SplitBridgeSelectionStrategy"
{{- end }}

76
jitsi/charts/jitsi-meet/templates/jicofo/deployment.yaml
Unescape View File

@ -0,0 +1,76 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "jitsi-meet.jicofo.fullname" . }}
labels:
{{- include "jitsi-meet.jicofo.labels" . | nindent 4 }}
{{- with .Values.jicofo.annotations }}
annotations:
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.jicofo.replicaCount }}
selector:
matchLabels:
{{- include "jitsi-meet.jicofo.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "jitsi-meet.jicofo.selectorLabels" . | nindent 8 }}
{{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.jicofo.podLabels }}
{{ $label }}: {{ $value }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/jicofo/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/jicofo/xmpp-secret.yaml") . | sha256sum }}
{{- range $annotation, $value := mergeOverwrite .Values.global.podAnnotations .Values.jicofo.podAnnotations }}
{{ $annotation }}: {{ $value|quote }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.jicofo.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.jicofo.securityContext | nindent 12 }}
image: "{{ .Values.jicofo.image.repository }}:{{ default .Chart.AppVersion .Values.jicofo.image.tag }}"
imagePullPolicy: {{ pluck "pullPolicy" .Values.jicofo.image .Values.image | first }}
envFrom:
- secretRef:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jicofo
- configMapRef:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
- configMapRef:
name: {{ include "jitsi-meet.jicofo.fullname" . }}
ports:
- name: http
containerPort: 80
protocol: TCP
{{- with .Values.jicofo.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.jicofo.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.jicofo.resources | nindent 12 }}
{{- with .Values.jicofo.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jicofo.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jicofo.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

11
jitsi/charts/jitsi-meet/templates/jicofo/xmpp-secret.yaml
Unescape View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jicofo
labels:
{{- include "jitsi-meet.jicofo.labels" . | nindent 4 }}
type: Opaque
data:
JICOFO_AUTH_USER: '{{ .Values.jicofo.xmpp.user | b64enc }}'
JICOFO_AUTH_PASSWORD: '{{ default (randAlphaNum 10) .Values.jicofo.xmpp.password | b64enc }}'
JICOFO_COMPONENT_SECRET: '{{ default (randAlphaNum 10) .Values.jicofo.xmpp.componentSecret | b64enc }}'

18
jitsi/charts/jitsi-meet/templates/jvb/_helper.tpl
Unescape View File

@ -0,0 +1,18 @@
{{- define "jitsi-meet.jvb.fullname" -}}
{{ include "jitsi-meet.fullname" . }}-jvb
{{- end -}}
{{- define "jitsi-meet.jvb.labels" -}}
{{ include "jitsi-meet.labels" . }}
app.kubernetes.io/component: jvb
{{- end -}}
{{- define "jitsi-meet.jvb.selectorLabels" -}}
{{ include "jitsi-meet.selectorLabels" . }}
app.kubernetes.io/component: jvb
{{- end -}}
{{- define "jitsi-meet.jvb.secret" -}}
{{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jvb
{{- end -}}

28
jitsi/charts/jitsi-meet/templates/jvb/configmap.yaml
Unescape View File

@ -0,0 +1,28 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "jitsi-meet.jvb.fullname" . }}
labels:
{{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
data:
JVB_BREWERY_MUC: '{{ .Values.jvb.breweryMuc }}'
JVB_PORT: '{{ .Values.jvb.UDPPort }}'
JVB_STUN_SERVERS: '{{.Values.jvb.stunServers }}'
JVB_TCP_HARVESTER_DISABLED: '1'
XMPP_SERVER: '{{ include "jitsi-meet.xmpp.server" . }}'
{{- range $key, $value := .Values.jvb.extraEnvs }}
{{- if not (kindIs "invalid" $value) }}
{{ $key }}: {{ tpl $value $ | quote }}
{{- end }}
{{- end }}
COLIBRI_REST_ENABLED: 'true'
{{- if .Values.jvb.websockets.enabled }}
ENABLE_COLIBRI_WEBSOCKET: 'true'
{{- else }}
ENABLE_COLIBRI_WEBSOCKET: 'false'
{{- end }}
{{- if .Values.octo.enabled }}
ENABLE_OCTO: "1"
JVB_OCTO_BIND_PORT: "4096"
JVB_OCTO_REGION: "all"
{{- end }}

166
jitsi/charts/jitsi-meet/templates/jvb/deployment.yaml
Unescape View File

@ -0,0 +1,166 @@
{{- $serverID := default "podIP" .Values.jvb.websockets.serverID }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "jitsi-meet.jvb.fullname" . }}
labels:
{{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
{{- with .Values.jvb.annotations }}
annotations:
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.jvb.replicaCount }}
selector:
matchLabels:
{{- include "jitsi-meet.jvb.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "jitsi-meet.jvb.selectorLabels" . | nindent 8 }}
{{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.jvb.podLabels }}
{{ $label }}: {{ $value }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/jvb/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/jvb/xmpp-secret.yaml") . | sha256sum }}
{{- if and .Values.jvb.metrics.enabled .Values.jvb.metrics.prometheusAnnotations }}
prometheus.io/port: "9888"
prometheus.io/scrape: "true"
{{- end }}
{{- range $annotation, $value := mergeOverwrite .Values.global.podAnnotations .Values.jvb.podAnnotations }}
{{ $annotation }}: {{ $value|quote }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.jvb.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.jvb.securityContext | nindent 12 }}
image: "{{ .Values.jvb.image.repository }}:{{ default .Chart.AppVersion .Values.jvb.image.tag }}"
imagePullPolicy: {{ pluck "pullPolicy" .Values.jvb.image .Values.image | first }}
envFrom:
- secretRef:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jvb
- configMapRef:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
- configMapRef:
name: {{ include "jitsi-meet.jvb.fullname" . }}
env:
{{- if or .Values.jvb.useNodeIP .Values.jvb.publicIP }}
- name: DOCKER_HOST_ADDRESS
{{- if .Values.jvb.publicIP }}
value: {{ .Values.jvb.publicIP }}
{{- else }}
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- end }}
{{- end }}
{{- if .Values.jvb.websockets.enabled }}
- name: JVB_WS_SERVER_ID
{{- if eq $serverID "service" }}
value: {{ include "jitsi-meet.jvb.fullname" . }}.{{ .Release.Namespace }}.svc
{{- else if eq $serverID "podIP" }}
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- else }}
value: {{ $serverID | quote }}
{{- end }}
{{- end }}
{{- if .Values.octo.enabled }}
- name: JVB_OCTO_BIND_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: JVB_OCTO_PUBLIC_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- end }}
ports:
- name: rtp-udp
containerPort: {{ .Values.jvb.UDPPort }}
{{- if .Values.jvb.useHostPort }}
hostPort: {{ .Values.jvb.UDPPort }}
{{- end }}
protocol: UDP
{{- if .Values.jvb.websockets.enabled }}
- name: colibri-ws-tcp
containerPort: 9090
protocol: TCP
{{- end }}
{{- with .Values.jvb.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.jvb.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.jvb.resources | nindent 12 }}
{{- with .Values.jvb.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.jvb.metrics.enabled }}
- name: metrics
image: {{ .Values.jvb.metrics.image.repository }}:{{ .Values.jvb.metrics.image.tag }}
imagePullPolicy: {{ .Values.jvb.metrics.image.pullPolicy }}
securityContext:
runAsUser: 10001
command:
- /prometheus-jitsi-meet-exporter
- -videobridge-url
- http://localhost:8080/colibri/stats
ports:
- containerPort: 9888
name: tcp-metrics
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: 9888
initialDelaySeconds: 3
periodSeconds: 5
resources:
{{- toYaml .Values.jvb.metrics.resources | nindent 12 }}
{{- end }}
{{- with .Values.jvb.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if or .Values.jvb.useHostPort .Values.jvb.affinity }}
affinity:
{{- if .Values.jvb.affinity }}
{{- toYaml .Values.jvb.affinity | nindent 8 }}
{{- else }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/component
operator: In
values:
- jvb
topologyKey: "kubernetes.io/hostname"
{{- end }}
{{- end }}
{{- with .Values.jvb.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jvb.extraVolumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

27
jitsi/charts/jitsi-meet/templates/jvb/metrics-prometheus.yaml
Unescape View File

@ -0,0 +1,27 @@
{{- if and (.Values.jvb.metrics.enabled) (.Values.jvb.metrics.serviceMonitor.enabled) }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "jitsi-meet.jvb.fullname" . }}
labels:
{{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
{{- range $key, $value := .Values.jvb.metrics.serviceMonitor.selector }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
endpoints:
- port: tcp-metrics
path: /metrics
{{- if .Values.jvb.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.jvb.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.jvb.metrics.serviceMonitor.interval }}
interval: {{ .Values.jvb.metrics.serviceMonitor.interval }}
{{- end }}
selector:
matchLabels:
{{- include "jitsi-meet.jvb.labels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end -}}

16
jitsi/charts/jitsi-meet/templates/jvb/metrics-service.yaml
Unescape View File

@ -0,0 +1,16 @@
{{- if .Values.jvb.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "jitsi-meet.jvb.fullname" . }}-metrics
labels:
{{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: 9888
protocol: TCP
name: tcp-metrics
selector:
{{- include "jitsi-meet.jvb.selectorLabels" . | nindent 4 }}
{{- end }}

35
jitsi/charts/jitsi-meet/templates/jvb/service.yaml
Unescape View File

@ -0,0 +1,35 @@
{{- if or (and (kindIs "invalid" .Values.jvb.service.enabled) (not .Values.jvb.useHostPort)) .Values.jvb.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "jitsi-meet.jvb.fullname" . }}
annotations:
{{- range $key, $value := .Values.jvb.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
{{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
spec:
type: {{ .Values.jvb.service.type }}
{{- with .Values.jvb.service.LoadbalancerIP }}
loadBalancerIP: {{ . }}
{{- end }}
ports:
- port: {{ default 10000 .Values.jvb.UDPPort }}
{{- if or (eq .Values.jvb.service.type "NodePort") (eq .Values.jvb.service.type "LoadBalancer") }}
nodePort: {{ .Values.jvb.UDPPort }}
{{- end }}
protocol: UDP
name: rtp-udp
{{- if .Values.jvb.websockets.enabled }}
- port: 9090
protocol: TCP
name: colibri-ws-tcp
{{- end }}
{{- with .Values.jvb.service.externalIPs }}
externalIPs:
{{ toYaml . | indent 2 | trim }}
{{- end }}
selector:
{{- include "jitsi-meet.jvb.selectorLabels" . | nindent 4 }}
{{- end }}

10
jitsi/charts/jitsi-meet/templates/jvb/xmpp-secret.yaml
Unescape View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jvb
labels:
{{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
type: Opaque
data:
JVB_AUTH_USER: '{{ .Values.jvb.xmpp.user | b64enc }}'
JVB_AUTH_PASSWORD: '{{ default (randAlphaNum 10) .Values.jvb.xmpp.password | b64enc }}'

12
jitsi/charts/jitsi-meet/templates/serviceaccount.yaml
Unescape View File

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "jitsi-meet.serviceAccountName" . }}
labels:
{{- include "jitsi-meet.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

15
jitsi/charts/jitsi-meet/templates/tests/test-connection.yaml
Unescape View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "jitsi-meet.web.fullname" . }}-test-connection"
labels:
{{- include "jitsi-meet.web.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "jitsi-meet.web.fullname" . }}:{{ .Values.web.service.port }}']
restartPolicy: Never

15
jitsi/charts/jitsi-meet/templates/web/_helper.tpl
Unescape View File

@ -0,0 +1,15 @@
{{- define "jitsi-meet.web.fullname" -}}
{{ include "jitsi-meet.fullname" . }}-web
{{- end -}}
{{- define "jitsi-meet.web.labels" -}}
{{ include "jitsi-meet.labels" . }}
app.kubernetes.io/component: web
{{- end -}}
{{- define "jitsi-meet.web.selectorLabels" -}}
{{ include "jitsi-meet.selectorLabels" . }}
app.kubernetes.io/component: web
{{- end -}}

24
jitsi/charts/jitsi-meet/templates/web/configmap.yaml
Unescape View File

@ -0,0 +1,24 @@
{{- $serverID := default "podIP" .Values.jvb.websockets.serverID }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "jitsi-meet.web.fullname" . }}
labels:
{{- include "jitsi-meet.web.labels" . | nindent 4 }}
data:
DISABLE_HTTPS: {{ ternary "0" "1" .Values.web.httpsEnabled | quote }}
ENABLE_HTTP_REDIRECT: {{ ternary "1" "0" .Values.web.httpRedirect | quote }}
JICOFO_AUTH_USER: '{{ .Values.jicofo.xmpp.user }}'
XMPP_BOSH_URL_BASE: 'http://{{ include "jitsi-meet.xmpp.server" . }}:{{ index .Values.prosody.service.ports "bosh-insecure" }}'
{{- if and .Values.jvb.websockets.enabled (eq $serverID "service") }}
NGINX_RESOLVER: {{ required "(web.resolverIP) Please set an IP address of your KubeDNS service!" .Values.web.resolverIP }}
{{- end }}
{{- if .Values.jibri.enabled }}
ENABLE_RECORDING: "true"
ENABLE_FILE_RECORDING_SERVICE_SHARING: "true"
{{- end }}
{{- range $key, $value := .Values.web.extraEnvs }}
{{- if not (kindIs "invalid" $value) }}
{{ $key }}: {{ tpl $value $ | quote }}
{{- end }}
{{- end }}

84
jitsi/charts/jitsi-meet/templates/web/deployment.yaml
Unescape View File

@ -0,0 +1,84 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "jitsi-meet.web.fullname" . }}
labels:
{{- include "jitsi-meet.web.labels" . | nindent 4 }}
{{- with .Values.web.annotations }}
annotations:
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.web.replicaCount }}
selector:
matchLabels:
{{- include "jitsi-meet.web.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "jitsi-meet.web.selectorLabels" . | nindent 8 }}
{{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.web.podLabels }}
{{ $label }}: {{ $value }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }}
{{- range $annotation, $value := mergeOverwrite .Values.global.podAnnotations .Values.web.podAnnotations }}
{{ $annotation }}: {{ $value|quote }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.web.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.web.securityContext | nindent 12 }}
image: "{{ .Values.web.image.repository }}:{{ default .Chart.AppVersion .Values.web.image.tag }}"
imagePullPolicy: {{ pluck "pullPolicy" .Values.web.image .Values.image | first }}
envFrom:
- configMapRef:
name: {{ include "jitsi-meet.web.fullname" . }}
- configMapRef:
name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
{{- with .Values.web.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.web.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.web.resources | nindent 12 }}
{{- with .Values.web.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.web.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.web.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.web.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.web.extraVolumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

18
jitsi/charts/jitsi-meet/templates/web/service.yaml
Unescape View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "jitsi-meet.web.fullname" . }}
labels:
{{- include "jitsi-meet.web.labels" . | nindent 4 }}
spec:
type: {{ .Values.web.service.type }}
ports:
- port: {{ .Values.web.service.port }}
protocol: TCP
name: http
{{- with .Values.web.service.externalIPs }}
externalIPs:
{{ toYaml . | indent 2 | trim }}
{{- end }}
selector:
{{- include "jitsi-meet.web.selectorLabels" . | nindent 4 }}

288
jitsi/charts/jitsi-meet/values.yaml
Unescape View File

@ -0,0 +1,288 @@
# Default values for jitsi-meet.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
podLabels: {}
podAnnotations: {}
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
enableAuth: false
enableGuests: true
publicURL: ""
tz: Europe/Amsterdam
image:
pullPolicy: IfNotPresent
web:
replicaCount: 1
image:
repository: jitsi/web
extraEnvs: {}
service:
type: ClusterIP
port: 80
externalIPs: []
ingress:
enabled: false
# ingressClassName: "nginx-ingress-0"
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: jitsi.local
paths: ['/']
tls: []
# - secretName: jitsi-web-certificate
# hosts:
# - jitsi.local
# Useful for ingresses that don't support http-to-https redirect by themself, (namely: GKE),
httpRedirect: false
# When tls-termination by the ingress is not wanted, enable this and set web.service.type=Loadbalancer
httpsEnabled: false
## Resolver IP for nginx.
## Set this to ClusterIP of your `kube-dns` service
## when using websockets and discovering JVB's address
## via k8s services.
# resolverIP: 10.43.0.10
livenessProbe:
httpGet:
path: /
port: 80
readinessProbe:
httpGet:
path: /
port: 80
podLabels: {}
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
jicofo:
replicaCount: 1
image:
repository: jitsi/jicofo
xmpp:
user: focus
password:
componentSecret:
livenessProbe:
tcpSocket:
port: 8888
readinessProbe:
tcpSocket:
port: 8888
podLabels: {}
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
extraEnvs: {}
jvb:
replicaCount: 1
image:
repository: jitsi/jvb
xmpp:
user: jvb
password:
stunServers: 'meet-jit-si-turnrelay.jitsi.net:443'
useHostPort: false
UDPPort: 10000
service:
enabled:
type: ClusterIP
externalIPs: []
## Annotations to be added to the service (if LoadBalancer is used)
##
annotations: {}
breweryMuc: jvbbrewery
livenessProbe:
httpGet:
path: /about/health
port: 8080
readinessProbe:
httpGet:
path: /about/health
port: 8080
podLabels: {}
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
extraEnvs: {}
websockets:
## Set to 'true' to enable Colibri WebSocket support in JVB:
enabled: false
## Uncomment this to set JVB server ID manually,
## Or use one of pre-defined values:
## * "podIP" will fetch JVB pod's IP address from K8s metadata;
## * "service" will use JVB service name generated by Helm.
##
## Don't forget to set `web.resolverIP` to your cluster's
## DNS service IP when setting this to "service"!
##
## (default is "podIP")
# serverID: podIP
metrics:
enabled: false
prometheusAnnotations: false
image:
repository: docker.io/systemli/prometheus-jitsi-meet-exporter
tag: 1.1.9
pullPolicy: IfNotPresent
serviceMonitor:
enabled: true
selector:
release: prometheus-operator
interval: 10s
# honorLabels: false
resources:
requests:
cpu: 10m
memory: 16Mi
limits:
cpu: 20m
memory: 32Mi
octo:
enabled: false
jibri:
## Enabling Jibri will allow users to record
## and/or stream their meetings (e.g. to YouTube).
enabled: false
## Enable persistent storage for local recordings.
## If disabled, jibri pod will use a transient
## emptyDir-backed storage instead.
persistence:
enabled: false
size: 4Gi
## Set this to existing PVC name if you have one.
existingClaim:
storageClassName:
shm:
## Set to true to enable "/dev/shm" mount.
## May be required by built-in Chromium.
enabled: false
## If "true", will use host's shared memory dir,
## and if "false" — an emptyDir mount.
# useHost: false
# size: 256Mi
image:
repository: jitsi/jibri
breweryMuc: jibribrewery
timeout: 90
## jibri XMPP user credentials:
xmpp:
user: jibri
password:
## recorder XMPP user credentials:
recorder:
user: recorder
password:
livenessProbe:
exec:
command: ["pgrep", "java"]
readinessProbe:
exec:
command: ["pgrep", "java"]
extraEnvs: {}
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
xmpp:
domain: meet.jitsi
authDomain:
mucDomain:
internalMucDomain:
guestDomain:
extraCommonEnvs: {}
prosody:
enabled: true
server:
extraEnvFrom:
- secretRef:
name: '{{ include "prosody.fullname" . }}-jicofo'
- secretRef:
name: '{{ include "prosody.fullname" . }}-jvb'
- configMapRef:
name: '{{ include "prosody.fullname" . }}-common'
## Uncomment this if you want to use jibri:
# - secretRef:
# name: '{{ include "prosody.fullname" . }}-jibri'
image:
repository: jitsi/prosody
tag: 'stable-6865'

3
jitsi/ci/dummy-values.yaml
Unescape View File

@ -0,0 +1,3 @@
---
jitsi-meet:
publicURL: "http://localhost"

4
jitsi/values.yaml
Unescape View File

@ -1,4 +1,4 @@
---
certResolver: le-staging
fqdn: ""
@ -29,7 +29,6 @@ jitsi-meet:
service:
# enabled: true
type: NodePort
# It may be required to change the default port to a value allowed by Kubernetes (30000-32768)
UDPPort: 30000
livenessProbe:
@ -42,5 +41,4 @@ jitsi-meet:
websockets:
enabled: true
# Use public IP of one of your node, or the public IP of a loadbalancer in front of the nodes
publicIP: ""

7
lintconf.yaml
Unescape View File

@ -0,0 +1,7 @@
extends: default
rules:
empty-lines:
max: 3
max-start: 1
max-end: 1
Write Preview
Loading…
Cancel
Save