add workflow for 'ct lint'

4 years ago · 69166eeec2
parent b1721d5aee
commit 69166eeec2
53 changed files with 2054 additions and 10 deletions
--- a/.github/workflows/lint-test.yaml
+++ b/.github/workflows/lint-test.yaml
@ -0,0 +1,54 @@
 name: Lint and Test Charts
 on: pull_request
 jobs:
  lint-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Helm
        uses: azure/setup-helm@v1
        with:
          version: v3.8.2
      - uses: actions/setup-python@v3
        with:
          python-version: '3.x'
      - name: Set up chart-testing
        uses: helm/chart-testing-action@v2.2.1
        with:
          version: v3.5.1
      - name: Run chart-testing (list-changed)
        id: list-changed
        run: |
          changed=$(ct list-changed --config ct.yaml)
          if [[ -n "$changed" ]]; then
            echo "::set-output name=changed::true"
          fi
      - name: Run chart-testing (lint)
        run: ct lint --config ct.yaml --lint-conf lintconf.yaml --validate-maintainers=false
      - name: Create k3s cluster
        uses: debianmaster/actions-k3s@master
        with:
          version: 'v1.23.6-k3s1'
        if: steps.list-changed.outputs.changed == 'true'
      - name: Wait for traefik
        run: |
          kubectl -n kube-system wait --for=condition=complete job/helm-install-traefik-crd
          kubectl -n kube-system wait --for=condition=complete job/helm-install-traefik
          kubectl -n kube-system wait --for=condition=available deploy/traefik
        if: steps.list-changed.outputs.changed == 'true'
      - name: Run chart-testing (install)
        run: ct install --config ct.yaml --chart-dirs . --charts jitsi
        if: steps.list-changed.outputs.changed == 'true'
--- a/ct.yaml
+++ b/ct.yaml
@ -0,0 +1,8 @@
 # See https://github.com/helm/chart-testing#configuration
 remote: origin
 target-branch: main
 chart-dirs:
  - .
 chart-repos:
  - jitsi=https://jitsi-contrib.github.io/jitsi-helm
 helm-extra-args: --timeout 600s
--- a/jitsi/Chart.lock
+++ b/jitsi/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: jitsi-meet
-  repository: https://jitsi-contrib.github.io/jitsi-helm
+  repository: ""
  version: 1.2.2
-digest: sha256:165664c1a23bc9760177e63740a861360eee007b432d9044ea449e77fba95d94
+digest: sha256:f27d02481ecd087ba8c56aa5e8f76e97f177ff8488a17b016e4bc1c54c253f23
-generated: "2022-05-02T17:15:02.132446+08:00"
+generated: "2022-05-20T21:45:04.926228+08:00"
--- a/jitsi/Chart.yaml
+++ b/jitsi/Chart.yaml
@ -1,7 +1,7 @@
 ---
 apiVersion: v2
 name: jitsi-deploy
-version: 0.1.0
+version: 0.1.1
 dependencies:
- name: jitsi-meet
+  - name: jitsi-meet
-  version: 1.2.2
+    version: 1.2.2
  repository: "https://jitsi-contrib.github.io/jitsi-helm"
--- a/jitsi/charts/jitsi-meet-1.2.2.tgz
+++ b/jitsi/charts/jitsi-meet-1.2.2.tgz
--- a/jitsi/charts/jitsi-meet/.helmignore
+++ b/jitsi/charts/jitsi-meet/.helmignore
@ -0,0 +1,25 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
 # GitHub Pages
 docs/
--- a/jitsi/charts/jitsi-meet/Chart.lock
+++ b/jitsi/charts/jitsi-meet/Chart.lock
@ -0,0 +1,6 @@
 dependencies:
 - name: prosody
  repository: ""
  version: '*'
 digest: sha256:fa9f3f9cfe91aefb81520e7b941b3412241dba7e1631a69138f0fe328c3795ff
 generated: "2020-07-15T11:12:58.968506151+02:00"
--- a/jitsi/charts/jitsi-meet/Chart.yaml
+++ b/jitsi/charts/jitsi-meet/Chart.yaml
@ -0,0 +1,11 @@
 apiVersion: v2
 appVersion: stable-6865
 dependencies:
 - condition: prosody.enabled
  name: prosody
  repository: ""
  version: 1.2.2
 description: A Helm chart for Kubernetes
 name: jitsi-meet
 type: application
 version: 1.2.2
--- a/jitsi/charts/jitsi-meet/LICENSE
+++ b/jitsi/charts/jitsi-meet/LICENSE
@ -0,0 +1,21 @@
 MIT License
 Copyright (c) 2021 jitsi-contrib
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/jitsi/charts/jitsi-meet/README.md
+++ b/jitsi/charts/jitsi-meet/README.md
@ -0,0 +1,157 @@
 # Helm Chart for Jitsi Meet
 [jitsi-meet](https://jitsi.org/jitsi-meet/) Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
 ## TL;DR;
 ```bash
 helm repo add jitsi https://jitsi-contrib.github.io/jitsi-helm/
 helm install myjitsi jitsi/jitsi-meet
 ```
 ## Introduction
 This chart bootstraps a jitsi-meet deployment, like the official [one](https://meet.jit.si).
 ## Different topology
 To be able to do video conferencing with other people, the jvb component should be reachable by all participants (eg: a public IP).
 Thus the default behaviour of advertised the internal IP of jvb, is not really suitable in many cases.
 Kubernetes offers multiple possibilities to work around the problem. Not all options are available depending on the Kubernetes cluster setup.
 The chart tries to make all options available without enforcing one.
 ### Option 1: service of type `LoadBalancer`
 This requires a cloud setup that enables a Loadbalancer attachement.
 This could be enabled via values:
 ```yaml
 jvb:
  service:
    type: LoadBalancer
  # Depending on the cloud, publicIP cannot be know in advance, so deploy first, without the next option.
  # Next: redeploy with the following option set to the public IP you retrieved from the API.
  publicIP: 1.2.3.4
 ```
 In this case you're not allowed to change the `jvb.replicaCount` to more than `1`, UDP packets will be routed to random `jvb`, which would not allow for a working video setup.
 ### Option 2: NodePort and node with Public IP or external loadbalancer
 ```yaml
 jvb:
  service:
    type: NodePort
  # It may be required to change the default port to a value allowed by Kubernetes (30000-32768)
  UDPPort: 30000
  # Use public IP of one of your node, or the public IP of a loadbalancer in front of the nodes
  publicIP: 1.2.3.4
 ```
 In this case you're not allowed to change the `jvb.replicaCount` to more than `1`, UDP packets will be routed to random `jvb`, which would not allow for a working video setup.
 ### Option 3: hostPort and node with Public IP
 Assuming that the node knows the PublicIP it holds, you can enable this setup:
 ```yaml
 jvb:
  useHostPort: true
  # This option requires kubernetes >= 1.17
  useNodeIP: true
 ```
 In this case you can have more the one `jvb` but you're putting you cluster at risk by having it directly exposed on the Internet.
 ### Option 4: Use ingress TCP/UDP forward capabilities
 In case of an ingress capable of doing tcp/udp forwarding (like nginx-ingress), it can be setup to forward the video streams.
 ```yaml
 # Don't forget to configure the ingress properly (separate configuration)
 jvb:
  # 1.2.3.4 being one of the IP of the ingress controller
  publicIP: 1.2.3.4
 ```
 Again in this case, only one jvb will work in this case.
 ### Option 5: Bring your own setup
 There are multiple other possibilities combining the available parameters, depending of your cluster/network setup.
 ## Configuration
 The following table lists the configurable parameters of the jisti-meet chart and their default values.
 Parameter | Description | Default
 --- | --- | ---
 `imagePullSecrets` | List of names of secrets resources containing private registry credentials | `[]`
 `enableAuth` | Enable authentication | `false`
 `enableGuests` | Enable guest access | `true`
 `jibri.enabled` | Enable Jibri service | `false`
 `jibri.persistence.enabled` | Enable persistent storage for Jibri recordings | `false`
 `jibri.persistence.size` | Jibri persistent storage size | `4Gi`
 `jibri.persistence.existingClaim` | Use pre-created PVC for Jibri | `(unset)`
 `jibri.persistence.storageClassName` | StorageClass to use with Jibri | `(unset)`
 `jibri.shm.enabled` | Allocate shared memory to Jibri pod | `false`
 `jibri.shm.useHost` | Pass `/dev/shm` from host to Jibri | `false`
 `jibri.shm.size` | Jibri shared memory size | `256Mi`
 `jibri.replicaCount` | Number of replica of the jibri pods | `1`
 `jibri.image.repository` | Name of the image to use for the jibri pods | `jitsi/jibri`
 `jibri.extraEnvs` | Map containing additional environment variables for jibri | '{}'
 `jibri.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map
 `jibri.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map
 `jibri.breweryMuc` | Name of the XMPP MUC used by jibri | `jibribrewery`
 `jibri.xmpp.user` | Name of the XMPP user used by jibri to authenticate | `jibri`
 `jibri.xmpp.password` | Password used by jibri to authenticate on the XMPP service | 10 random chars
 `jibri.recorder.user` | Name of the XMPP user used by jibri to record | `recorder`
 `jibri.recorder.password` | Password used by jibri to record on the XMPP service | 10 random chars
 `jicofo.replicaCount` | Number of replica of the jicofo pods | `1`
 `jicofo.image.repository` | Name of the image to use for the jicofo pods | `jitsi/jicofo`
 `jicofo.extraEnvs` | Map containing additional environment variables for jicofo | '{}'
 `jicofo.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map
 `jicofo.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map
 `jicofo.xmpp.user` | Name of the XMPP user used by jicofo to authenticate | `focus`
 `jicofo.xmpp.password` | Password used by jicofo to authenticate on the XMPP service | 10 random chars
 `jicofo.xmpp.componentSecret` | Values of the secret used by jicofo for the xmpp-component | 10 random chars
 `jvb.service.enabled` | Boolean to enable os disable the jvb service creation | `false` if `jvb.useHostPort` is `true` otherwise `true`
 `jvb.service.type` | Type of the jvb service | `ClusterIP`
 `jvb.UDPPort` | UDP port used by jvb, also affects port of service, and hostPort | `10000`
 `jvb.extraEnvs` | Map containing additional environment variables to jvb | '{}'
 `jvb.xmpp.user` | Name of the XMPP user used by jvb to authenticate | `jvb`
 `jvb.xmpp.password` | Password used by jvb to authenticate on the XMPP service | 10 random chars
 `jvb.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map
 `jvb.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map
 `jvb.websockets.enabled` | Enable WebSocket support for JVB/Colibri | `false`
 `jvb.websockets.serverID` | Set JVB/Colibri WS Server ID | `podIP` (see `values.yaml`)
 `jvb.metrics.enabled` | Boolean that control the metrics exporter for jvb. If true the `ServiceMonitor` will also created | `false`
 `jvb.metrics.prometheusAnnotations` | Boolean that controls the generation of prometheus annotations, to expose metrics for HPA | `false`
 `jvb.metrics.image.repository` | Default image repository for metrics exporter | `docker.io/systemli/prometheus-jitsi-meet-exporter`
 `jvb.metrics.image.tag` | Default tag for metrics exporter | `1.1.5`
 `jvb.metrics.image.pullPolicy` | ImagePullPolicy for metrics exporter | `IfNotPresent`
 `jvb.metrics.serviceMonitor.enabled` | `ServiceMonitor` for Prometheus | `true`
 `jvb.metrics.serviceMonitor.selector` | Selector for `ServiceMonitor` | `{ release: prometheus-operator }`
 `jvb.metrics.serviceMonitor.interval` | Interval for `ServiceMonitor` | `10s`
 `jvb.metrics.serviceMonitor.honorLabels` | Make `ServiceMonitor` honor labels | `false`
 `jvb.metrics.resources` | Resources for the metrics container | `{ requests: { cpu: 10m, memory: 16Mi }, limits: { cpu: 20m, memory: 32Mi } }`
 `octo.enabled` | Boolean to enable or disable the OCTO mode, for a single region | `false`
 `web.httpsEnabled` | Boolean that enabled tls-termination on the web pods. Useful if you expose the UI via a `Loadbalancer` IP instead of an ingress | `false`
 `web.httpRedirect` | Boolean that enabled http-to-https redirection. Useful for ingress that don't support this feature (ex: GKE ingress) | `false`
 `web.resolverIP` | DNS service IP for Web container to use | (unset)
 `web.extraEnvs` | Map containing additional environment variable to web pods | '{}'
 `web.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map
 `web.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map
 `tz` | System Time Zone | `Europe/Amsterdam`
 ## Package
 ```bash
 helm package . -d docs
 helm repo index docs --url https://jitsi-contrib.github.io/jitsi-helm/
 ```
--- a/jitsi/charts/jitsi-meet/charts/prosody/.helmignore
+++ b/jitsi/charts/jitsi-meet/charts/prosody/.helmignore
@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/jitsi/charts/jitsi-meet/charts/prosody/Chart.yaml
+++ b/jitsi/charts/jitsi-meet/charts/prosody/Chart.yaml
@ -0,0 +1,6 @@
 apiVersion: v2
 appVersion: 0.11.13
 description: A Helm chart for Kubernetes
 name: prosody
 type: application
 version: 1.2.2
--- a/jitsi/charts/jitsi-meet/charts/prosody/templates/NOTES.txt
+++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/NOTES.txt
@ -0,0 +1,21 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "prosody.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "prosody.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "prosody.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "prosody.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
 {{- end }}
--- a/jitsi/charts/jitsi-meet/charts/prosody/templates/_helpers.tpl
+++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/_helpers.tpl
@ -0,0 +1,63 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "prosody.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "prosody.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "prosody.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "prosody.labels" -}}
 helm.sh/chart: {{ include "prosody.chart" . }}
 {{ include "prosody.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Selector labels
 */}}
 {{- define "prosody.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "prosody.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "prosody.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create -}}
    {{ default (include "prosody.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
--- a/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-configmap.yaml
+++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-configmap.yaml
@ -0,0 +1,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "prosody.fullname" . }}
  labels:
    {{- include "prosody.labels" . | nindent 4 }}
 data:
  {{- range $key, $value := .Values.env }}
  {{- if not (kindIs "invalid" $value) }}
  {{ $key }}: {{ tpl $value $ | quote }}
  {{- end }}
  {{- end }}
--- a/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-secret.yaml
+++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-secret.yaml
@ -0,0 +1,13 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "prosody.fullname" . }}
  labels:
    {{- include "prosody.labels" . | nindent 4 }}
 type: Opaque
 data:
  {{- range $key, $value := .Values.secretEnvs }}
  {{- if not (kindIs "invalid" $value) }}
  {{ $key }}: {{ tpl $value $ | b64enc }}
  {{- end }}
  {{- end }}
--- a/jitsi/charts/jitsi-meet/charts/prosody/templates/ingress.yaml
+++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/ingress.yaml
@ -0,0 +1,56 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "prosody.fullname" . -}}
 {{- $svcPort := index .Values.service.ports "bosh-insecure" -}}
 {{- $kubeVersion := .Capabilities.KubeVersion.GitVersion -}}
 {{- if semverCompare ">=1.19-0" $kubeVersion -}}
 apiVersion: networking.k8s.io/v1
 {{- else if semverCompare ">=1.14-0" $kubeVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "prosody.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
        {{- range .paths }}
          - path: {{ . }}
            pathType: Prefix
            backend:
            {{ if semverCompare ">=1.19-0" $kubeVersion }}
              service:
                name: {{ $fullName }}
                port:
                  {{ if kindIs "float64" $svcPort }}
                  number: {{ $svcPort }}
                  {{ else }}
                  name: {{ $svcPort }}
                  {{ end }}
            {{ else }}
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
            {{ end }}
        {{- end }}
  {{- end }}
 {{- end }}
--- a/jitsi/charts/jitsi-meet/charts/prosody/templates/service.yaml
+++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/service.yaml
@ -0,0 +1,26 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "prosody.fullname" . }}
  labels:
    {{- include "prosody.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ index .Values.service.ports "bosh-insecure" }}
      protocol: TCP
      name: tcp-bosh-insecure
    - port: {{ index .Values.service.ports "bosh-secure" }}
      protocol: TCP
      name: tcp-bosh-secure
    - port: {{ index .Values.service.ports "xmpp-component" }}
      protocol: TCP
      name: tcp-xmpp-component
    - port: {{ index .Values.service.ports "xmpp-c2s" }}
      protocol: TCP
      name: tcp-xmpp-c2
    - port: {{ index .Values.service.ports "xmpp-s2s" }}
      protocol: TCP
      name: tcp-xmpp-s2
  selector:
    {{- include "prosody.selectorLabels" . | nindent 4 }}
--- a/jitsi/charts/jitsi-meet/charts/prosody/templates/serviceaccount.yaml
+++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/serviceaccount.yaml
@ -0,0 +1,12 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "prosody.serviceAccountName" . }}
  labels:
    {{- include "prosody.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end -}}
--- a/jitsi/charts/jitsi-meet/charts/prosody/templates/statefulset.yaml
+++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/statefulset.yaml
@ -0,0 +1,130 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  name: {{ include "prosody.fullname" . }}
  labels:
    {{- include "prosody.labels" . | nindent 4 }}
  {{- with .Values.annotations }}
  annotations:
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  serviceName: "prosody"
  replicas: 1
  selector:
    matchLabels:
      {{- include "prosody.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "prosody.selectorLabels" . | nindent 8 }}
      {{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.podLabels }}
        {{ $label }}: {{ $value }}
      {{- end }}
      {{- with mergeOverwrite .Values.global.podAnnotations .Values.podAnnotations }}
      annotations:
      {{- range $annotation, $value := . }}
        {{ $annotation }}: {{ $value }}
      {{- end }}
      {{- end }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "prosody.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ tpl (default .Chart.AppVersion .Values.image.tag ) . }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          envFrom:
          - configMapRef:
              name: {{ include "prosody.fullname" . }}
          - secretRef:
              name: {{ include "prosody.fullname" . }}
          {{- range .Values.extraEnvFrom }}
          - {{ tpl (toYaml . ) $ | indent 12 | trim }}
          {{- end }}
          {{- if .Values.extraEnvs }}
          env:
          {{- range .Values.extraEnvs }}
          - {{ tpl (toYaml . ) $ | indent 12 | trim }}
          {{- end }}
          {{- end }}
          ports:
            - name: xmpp-c2s
              containerPort: {{ index .Values.service.ports "xmpp-c2s" }}
              protocol: TCP
            - name: xmpp-s2s
              containerPort: {{ index .Values.service.ports "xmpp-s2s" }}
              protocol: TCP
            - name: xmpp-component
              containerPort: {{ index .Values.service.ports "xmpp-component" }}
              protocol: TCP
            - name: bosh-insecure
              containerPort: {{ index .Values.service.ports "bosh-insecure" }}
              protocol: TCP
            - name: bosh-secure
              containerPort: {{ index .Values.service.ports "bosh-secure" }}
              protocol: TCP
          {{- with .Values.livenessProbe }}
          livenessProbe:
          {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.readinessProbe }}
          readinessProbe:
          {{- toYaml . | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
          - name: prosody-data
            mountPath: {{ .Values.dataDir }}
          {{- with .Values.extraVolumeMounts }}
          {{- toYaml . | nindent 10 }}
          {{- end }}
      volumes:
      - name: prosody-data
        {{- if .Values.persistence.enabled }}
        persistentVolumeClaim:
          claimName: prosody-data
        {{- else }}
        emptyDir: {}
        {{- end }}
      {{- with .Values.extraVolumes }}
      {{- toYaml . | nindent 6 }}
      {{- end }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- if or .Values.persistence.enabled .Values.extraVolumeClaimTemplates }}
  volumeClaimTemplates:
  - metadata:
      name: prosody-data
    spec:
      accessModes:
        - ReadWriteOnce
      volumeMode: Filesystem
      resources:
        requests:
          storage: {{ .Values.persistence.size }}
      {{- with .Values.persistence.storageClassName }}
      storageClassName: {{ . | quote }}
      {{- end }}
  {{- with .Values.extraVolumeClaimTemplates }}
  {{- toYaml . | nindent 2 }}
  {{- end }}
  {{- end }}
--- a/jitsi/charts/jitsi-meet/charts/prosody/templates/tests/test-connection.yaml
+++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/tests/test-connection.yaml
@ -0,0 +1,15 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "prosody.fullname" . }}-test-connection"
  labels:
    {{- include "prosody.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "prosody.fullname" . }}:{{ index .Values.service.ports "bosh-insecure" }}/http-bind']
  restartPolicy: Never
--- a/jitsi/charts/jitsi-meet/charts/prosody/values.yaml
+++ b/jitsi/charts/jitsi-meet/charts/prosody/values.yaml
@ -0,0 +1,94 @@
 # Default values for prosody.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 image:
  repository: nginx
  pullPolicy: IfNotPresent
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 domain:
 dataDir: /config/data
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
 podLabels: {}
 podAnnotations: {}
 podSecurityContext: {}
  # fsGroup: 2000
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 service:
  type: ClusterIP
  ports:
    bosh-insecure: 5280
    bosh-secure: 5281
    xmpp-c2s: 5222
    xmpp-s2s: 5269
    xmpp-component: 5347
 ingress:
  enabled: false
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths: []
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 livenessProbe:
  httpGet:
    path: /http-bind
    port: bosh-insecure
 readinessProbe:
  httpGet:
    path: /http-bind
    port: bosh-insecure
 persistence:
  enabled: true
  size: 3G
  storageClassName:
 nodeSelector: {}
 tolerations: []
 affinity: {}
 extraEnvs: []
 extraEnvFrom: []
 secretEnvs: {}
--- a/jitsi/charts/jitsi-meet/templates/NOTES.txt
+++ b/jitsi/charts/jitsi-meet/templates/NOTES.txt
@ -0,0 +1,21 @@
 1. Get the application URL by running these commands:
 {{- if .Values.web.ingress.enabled }}
 {{- range $host := .Values.web.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.web.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.web.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "jitsi-meet.web.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.web.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "jitsi-meet.web.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "jitsi-meet.web.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.web.service.port }}
 {{- else if contains "ClusterIP" .Values.web.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "jitsi-meet.name" . }},app.kubernetes.io/component=web,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
 {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/_helpers.tpl
+++ b/jitsi/charts/jitsi-meet/templates/_helpers.tpl
@ -0,0 +1,104 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "jitsi-meet.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "jitsi-meet.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "jitsi-meet.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "jitsi-meet.labels" -}}
 helm.sh/chart: {{ include "jitsi-meet.chart" . }}
 {{ include "jitsi-meet.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Selector labels
 */}}
 {{- define "jitsi-meet.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "jitsi-meet.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "jitsi-meet.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create -}}
    {{ default (include "jitsi-meet.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
  https://github.com/helm/helm/issues/4535
 */}}
 {{- define "call-nested" }}
 {{- $dot := index . 0 }}
 {{- $subchart := index . 1 }}
 {{- $template := index . 2 }}
 {{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
 {{- end }}
 {{- define "jitsi-meet.xmpp.domain" -}}
 {{- if  .Values.xmpp.domain -}}
  {{ .Values.xmpp.domain }}
 {{- else -}}
  {{ .Release.Namespace }}.svc
 {{- end -}}
 {{- end -}}
 {{- define "jitsi-meet.xmpp.server" -}}
 {{- if .Values.prosody.server -}}
  {{ .Values.prosody.server }}
 {{- else -}}
  {{ include "call-nested" (list . "prosody" "prosody.fullname") }}.{{ .Release.Namespace }}.svc
 {{- end -}}
 {{- end -}}
 {{- define "jitsi-meet.publicURL" -}}
 {{- if .Values.publicURL }}
 {{- .Values.publicURL -}}
 {{- else -}}
 {{- if .Values.web.ingress.tls -}}https://{{- else -}}http://{{- end -}}
 {{- if .Values.web.ingress.tls -}}
 {{- (.Values.web.ingress.tls|first).hosts|first -}}
 {{- else if .Values.web.ingress.hosts -}}
 {{- (.Values.web.ingress.hosts|first).host -}}
 {{ required "You need to define a publicURL or some value for ingress" .Values.publicURL }}
 {{- end -}}
 {{- end -}}
 {{- end -}}
--- a/jitsi/charts/jitsi-meet/templates/common-configmap.yaml
+++ b/jitsi/charts/jitsi-meet/templates/common-configmap.yaml
@ -0,0 +1,31 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
  labels:
    {{- include "jitsi-meet.labels" . | nindent 4 }}
 data:
  ENABLE_AUTH: {{ ternary "1" "0" .Values.enableAuth | quote }}
  ENABLE_GUESTS: {{ ternary "1" "0" .Values.enableGuests | quote }}
  PUBLIC_URL: {{ include "jitsi-meet.publicURL" . }}
  XMPP_DOMAIN: {{ include "jitsi-meet.xmpp.domain" . }}
  XMPP_MUC_DOMAIN: {{ .Values.xmpp.mucDomain | default (printf "muc.%s" (include "jitsi-meet.xmpp.domain" .)) }}
  XMPP_AUTH_DOMAIN: {{ .Values.xmpp.authDomain | default (printf "auth.%s" (include "jitsi-meet.xmpp.domain" .)) }}
  XMPP_GUEST_DOMAIN: {{ .Values.xmpp.guestDomain | default (printf "guest.%s" (include "jitsi-meet.xmpp.domain" .)) }}
  XMPP_RECORDER_DOMAIN: {{ .Values.xmpp.recorderDomain | default (printf "recorder.%s" (include "jitsi-meet.xmpp.domain" .)) }}
  XMPP_INTERNAL_MUC_DOMAIN: {{ .Values.xmpp.internalMucDomain | default (printf "internal-muc.%s" (include "jitsi-meet.xmpp.domain" .)) }}
  {{- if .Values.jibri.enabled }}
  ENABLE_RECORDING: "true"
  {{- end }}
  TZ: '{{ .Values.tz }}'
  {{- range $key, $value := .Values.extraCommonEnvs }}
  {{- if not (kindIs "invalid" $value) }}
  {{ $key }}: {{ tpl $value $ | quote }}
  {{- end }}
  {{- end }}
  {{- if .Values.octo.enabled }}
  ENABLE_OCTO: "1"
  TESTING_OCTO_PROBABILITY: "1"
  DEPLOYMENTINFO_REGION: "all"
  DEPLOYMENTINFO_USERREGION: "all"
  {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/ingress.yaml
+++ b/jitsi/charts/jitsi-meet/templates/ingress.yaml
@ -0,0 +1,59 @@
 {{- if .Values.web.ingress.enabled -}}
 {{- $fullName := include "jitsi-meet.web.fullname" . -}}
 {{- $svcPort := .Values.web.service.port -}}
 {{- $kubeVersion := .Capabilities.KubeVersion.GitVersion -}}
 {{- if semverCompare ">=1.19-0" $kubeVersion -}}
 apiVersion: networking.k8s.io/v1
 {{- else if semverCompare ">=1.14-0" $kubeVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "jitsi-meet.web.labels" . | nindent 4 }}
  {{- with .Values.web.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- if and .Values.web.ingress.ingressClassName (semverCompare ">=1.19-0" $kubeVersion) }}
  ingressClassName: {{ .Values.web.ingress.ingressClassName }}
 {{- end }}
 {{- if .Values.web.ingress.tls }}
  tls:
  {{- range .Values.web.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.web.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
        {{- range .paths }}
          - path: {{ . }}
            pathType: Prefix
            backend:
            {{ if semverCompare ">=1.19-0" $kubeVersion }}
              service:
                name: {{ $fullName }}
                port:
                  {{ if kindIs "float64" $svcPort }}
                  number: {{ $svcPort }}
                  {{ else }}
                  name: {{ $svcPort }}
                  {{ end }}
            {{ else }}
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
            {{ end }}
        {{- end }}
  {{- end }}
 {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jibri/_helper.tpl
+++ b/jitsi/charts/jitsi-meet/templates/jibri/_helper.tpl
@ -0,0 +1,18 @@
 {{- define "jitsi-meet.jibri.fullname" -}}
 {{ include "jitsi-meet.fullname" . }}-jibri
 {{- end -}}
 {{- define "jitsi-meet.jibri.labels" -}}
 {{ include "jitsi-meet.labels" . }}
 app.kubernetes.io/component: jibri
 {{- end -}}
 {{- define "jitsi-meet.jibri.selectorLabels" -}}
 {{ include "jitsi-meet.selectorLabels" . }}
 app.kubernetes.io/component: jibri
 {{- end -}}
 {{- define "jitsi-meet.jibri.secret" -}}
 {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jibri
 {{- end -}}
--- a/jitsi/charts/jitsi-meet/templates/jibri/configmap.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jibri/configmap.yaml
@ -0,0 +1,21 @@
 {{- if .Values.jibri.enabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "jitsi-meet.jibri.fullname" . }}
  labels:
    {{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
 data:
  XMPP_SERVER: '{{ include "jitsi-meet.xmpp.server" . }}'
  JIBRI_BREWERY_MUC: '{{ .Values.jibri.breweryMuc }}'
  JIBRI_RECORDING_DIR: '{{ .Values.jibri.recordingDir | default "/data/recordings" }}'
  JIBRI_FINALIZE_RECORDING_SCRIPT_PATH: "/config/finalize.sh"
  JIBRI_STRIP_DOMAIN_JID: muc
  JIBRI_LOGS_DIR: "/data/logs"
  DISPLAY: ":0"
  {{- range $key, $value := .Values.jibri.extraEnvs }}
  {{- if not (kindIs "invalid" $value) }}
  {{ $key }}: {{ tpl $value $ | quote }}
  {{- end }}
  {{- end }}
 {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jibri/deployment.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jibri/deployment.yaml
@ -0,0 +1,93 @@
 {{- if .Values.jibri.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "jitsi-meet.jibri.fullname" . }}
  labels:
    {{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
  {{- with .Values.jibri.annotations }}
  annotations:
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  replicas: {{ .Values.jibri.replicaCount | default 1 }}
  selector:
    matchLabels:
      {{- include "jitsi-meet.jibri.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "jitsi-meet.jibri.selectorLabels" . | nindent 8 }}
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/jibri/configmap.yaml") . | sha256sum }}
        checksum/secret: {{ include (print $.Template.BasePath "/jibri/xmpp-secret.yaml") . | sha256sum }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
      containers:
      - name: {{ .Chart.Name }}
        securityContext:
          privileged: true
        image: "{{ .Values.jibri.image.repository }}:{{ default .Chart.AppVersion .Values.jibri.image.tag }}"
        imagePullPolicy: {{ pluck "pullPolicy" .Values.jibri.image .Values.image | first }}
        ports:
        - name: http-internal
          containerPort: 3333
        - name: http-api
          containerPort: 2222
        {{- with default .Values.jibri.livenessProbe .Values.jibri.livenessProbeOverride }}
        livenessProbe:
        {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- with default .Values.jibri.readinessProbe .Values.jibri.readinessProbeOverride }}
        readinessProbe:
        {{- toYaml . | nindent 10 }}
        {{- end }}
        envFrom:
        - secretRef:
            name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jibri
        - configMapRef:
            name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
        - configMapRef:
            name: {{ include "jitsi-meet.jibri.fullname" . }}
        resources:
          {{- toYaml .Values.jibri.resources | nindent 12 }}
        volumeMounts:
        - name: jibri-data
          mountPath: /data
        - name: dev-snd
          mountPath: /dev/snd
        {{- if .Values.jibri.shm.enabled }}
        - name: dev-shm
          mountPath: /dev/shm
        {{- end }}
      volumes:
      - name: jibri-data
        {{- if .Values.jibri.persistence.enabled }}
        persistentVolumeClaim:
          claimName: {{ .Values.jibri.persistence.existingClaim | default (include "jitsi-meet.jibri.fullname" .) }}
        {{- else }}
        emptyDir: {}
        {{- end }}
      - name: dev-snd
        hostPath:
          path: /dev/snd
      {{- if .Values.jibri.shm.enabled }}
      - name: dev-shm
      {{-   if .Values.jibri.shm.useHost }}
        hostPath:
          path: /dev/shm
      {{-   else }}
        emptyDir:
          medium: Memory
          sizeLimit: {{ .Values.jibri.shm.size | default "256Mi" | quote }}
      {{-   end }}
      {{- end }}
 {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jibri/persistentvolumeclaim.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jibri/persistentvolumeclaim.yaml
@ -0,0 +1,18 @@
 {{- if and .Values.jibri.enabled .Values.jibri.persistence.enabled (not .Values.jibri.persistence.existingClaim)}}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ include "jitsi-meet.jibri.fullname" . }}
  labels:
    {{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
  namespace: {{ .Release.Namespace }}
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: {{ .Values.jibri.persistence.size | quote }}
  {{- with .Values.jibri.persistence.storageClassName }}
  storageClassName: {{ . | quote }}
  {{- end }}
 {{- end -}}
--- a/jitsi/charts/jitsi-meet/templates/jibri/service.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jibri/service.yaml
@ -0,0 +1,21 @@
 {{- if .Values.jibri.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "jitsi-meet.jibri.fullname" . }}
  labels:
    {{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
 spec:
  type: ClusterIP
  ports:
  - name: http-internal
    port: 3333
    targetPort: 3333
    protocol: TCP
  - name: http-api
    port: 2222
    targetPort: 2222
    protocol: TCP
  selector:
    {{- include "jitsi-meet.jibri.selectorLabels" . | nindent 4 }}
 {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jibri/xmpp-secret.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jibri/xmpp-secret.yaml
@ -0,0 +1,14 @@
 {{- if .Values.jibri.enabled }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jibri
  labels:
    {{- include "jitsi-meet.jibri.labels" . | nindent 4 }}
 type: Opaque
 data:
  JIBRI_XMPP_USER: '{{ .Values.jibri.xmpp.user | b64enc }}'
  JIBRI_XMPP_PASSWORD: '{{ default (randAlphaNum 10) .Values.jibri.xmpp.password | b64enc }}'
  JIBRI_RECORDER_USER: '{{ .Values.jibri.recorder.user | b64enc }}'
  JIBRI_RECORDER_PASSWORD: '{{ default (randAlphaNum 10) .Values.jibri.recorder.password | b64enc }}'
 {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jicofo/_helper.tpl
+++ b/jitsi/charts/jitsi-meet/templates/jicofo/_helper.tpl
@ -0,0 +1,18 @@
 {{- define "jitsi-meet.jicofo.fullname" -}}
 {{ include "jitsi-meet.fullname" . }}-jicofo
 {{- end -}}
 {{- define "jitsi-meet.jicofo.labels" -}}
 {{ include "jitsi-meet.labels" . }}
 app.kubernetes.io/component: jicofo
 {{- end -}}
 {{- define "jitsi-meet.jicofo.selectorLabels" -}}
 {{ include "jitsi-meet.selectorLabels" . }}
 app.kubernetes.io/component: jicofo
 {{- end -}}
 {{- define "jitsi-meet.jicofo.secret" -}}
 {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jicofo
 {{- end -}}
--- a/jitsi/charts/jitsi-meet/templates/jicofo/configmap.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jicofo/configmap.yaml
@ -0,0 +1,22 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "jitsi-meet.jicofo.fullname" . }}
  labels:
    {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }}
 data:
  JVB_BREWERY_MUC: '{{ .Values.jvb.breweryMuc }}'
  XMPP_SERVER: '{{ include "jitsi-meet.xmpp.server" . }}'
  {{- if .Values.jibri.enabled }}
  JIBRI_BREWERY_MUC: '{{ .Values.jibri.breweryMuc }}'
  JIBRI_PENDING_TIMEOUT: '{{ .Values.jibri.timeout }}'
  {{- end }}
  {{- range $key, $value := .Values.jicofo.extraEnvs }}
  {{- if not (kindIs "invalid" $value) }}
  {{ $key }}: {{ tpl $value $ | quote }}
  {{- end }}
  {{- end }}
  {{- if .Values.octo.enabled }}
  ENABLE_OCTO: "1"
  OCTO_BRIDGE_SELECTION_STRATEGY: "SplitBridgeSelectionStrategy"
  {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jicofo/deployment.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jicofo/deployment.yaml
@ -0,0 +1,76 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "jitsi-meet.jicofo.fullname" . }}
  labels:
    {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }}
  {{- with .Values.jicofo.annotations }}
  annotations:
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  replicas: {{ .Values.jicofo.replicaCount }}
  selector:
    matchLabels:
      {{- include "jitsi-meet.jicofo.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "jitsi-meet.jicofo.selectorLabels" . | nindent 8 }}
      {{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.jicofo.podLabels }}
        {{ $label }}: {{ $value }}
      {{- end }}
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/jicofo/configmap.yaml") . | sha256sum }}
        checksum/secret: {{ include (print $.Template.BasePath "/jicofo/xmpp-secret.yaml") . | sha256sum }}
      {{- range $annotation, $value := mergeOverwrite .Values.global.podAnnotations .Values.jicofo.podAnnotations }}
        {{ $annotation }}: {{ $value|quote }}
      {{- end }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.jicofo.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.jicofo.securityContext | nindent 12 }}
          image: "{{ .Values.jicofo.image.repository }}:{{ default .Chart.AppVersion .Values.jicofo.image.tag }}"
          imagePullPolicy: {{ pluck "pullPolicy" .Values.jicofo.image .Values.image | first }}
          envFrom:
          - secretRef:
              name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jicofo
          - configMapRef:
              name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
          - configMapRef:
              name: {{ include "jitsi-meet.jicofo.fullname" . }}
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          {{- with .Values.jicofo.livenessProbe }}
          livenessProbe:
          {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.jicofo.readinessProbe }}
          readinessProbe:
          {{- toYaml . | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.jicofo.resources | nindent 12 }}
      {{- with .Values.jicofo.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.jicofo.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.jicofo.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jicofo/xmpp-secret.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jicofo/xmpp-secret.yaml
@ -0,0 +1,11 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jicofo
  labels:
    {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }}
 type: Opaque
 data:
  JICOFO_AUTH_USER: '{{ .Values.jicofo.xmpp.user | b64enc }}'
  JICOFO_AUTH_PASSWORD: '{{ default (randAlphaNum 10) .Values.jicofo.xmpp.password | b64enc }}'
  JICOFO_COMPONENT_SECRET: '{{ default (randAlphaNum 10) .Values.jicofo.xmpp.componentSecret | b64enc }}'
--- a/jitsi/charts/jitsi-meet/templates/jvb/_helper.tpl
+++ b/jitsi/charts/jitsi-meet/templates/jvb/_helper.tpl
@ -0,0 +1,18 @@
 {{- define "jitsi-meet.jvb.fullname" -}}
 {{ include "jitsi-meet.fullname" . }}-jvb
 {{- end -}}
 {{- define "jitsi-meet.jvb.labels" -}}
 {{ include "jitsi-meet.labels" . }}
 app.kubernetes.io/component: jvb
 {{- end -}}
 {{- define "jitsi-meet.jvb.selectorLabels" -}}
 {{ include "jitsi-meet.selectorLabels" . }}
 app.kubernetes.io/component: jvb
 {{- end -}}
 {{- define "jitsi-meet.jvb.secret" -}}
 {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jvb
 {{- end -}}
--- a/jitsi/charts/jitsi-meet/templates/jvb/configmap.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jvb/configmap.yaml
@ -0,0 +1,28 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "jitsi-meet.jvb.fullname" . }}
  labels:
    {{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
 data:
  JVB_BREWERY_MUC: '{{ .Values.jvb.breweryMuc }}'
  JVB_PORT: '{{ .Values.jvb.UDPPort }}'
  JVB_STUN_SERVERS: '{{.Values.jvb.stunServers }}'
  JVB_TCP_HARVESTER_DISABLED: '1'
  XMPP_SERVER: '{{ include "jitsi-meet.xmpp.server" . }}'
  {{- range $key, $value := .Values.jvb.extraEnvs }}
  {{- if not (kindIs "invalid" $value) }}
  {{ $key }}: {{ tpl $value $ | quote }}
  {{- end }}
  {{- end }}
  COLIBRI_REST_ENABLED: 'true'
  {{- if .Values.jvb.websockets.enabled }}
  ENABLE_COLIBRI_WEBSOCKET: 'true'
  {{- else }}
  ENABLE_COLIBRI_WEBSOCKET: 'false'
  {{- end }}
  {{- if .Values.octo.enabled }}
  ENABLE_OCTO: "1"
  JVB_OCTO_BIND_PORT: "4096"
  JVB_OCTO_REGION: "all"
  {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jvb/deployment.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jvb/deployment.yaml
@ -0,0 +1,166 @@
 {{- $serverID := default "podIP" .Values.jvb.websockets.serverID }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "jitsi-meet.jvb.fullname" . }}
  labels:
    {{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
  {{- with .Values.jvb.annotations }}
  annotations:
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  replicas: {{ .Values.jvb.replicaCount }}
  selector:
    matchLabels:
      {{- include "jitsi-meet.jvb.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "jitsi-meet.jvb.selectorLabels" . | nindent 8 }}
      {{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.jvb.podLabels }}
        {{ $label }}: {{ $value }}
      {{- end }}
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/jvb/configmap.yaml") . | sha256sum }}
        checksum/secret: {{ include (print $.Template.BasePath "/jvb/xmpp-secret.yaml") . | sha256sum }}
        {{- if and .Values.jvb.metrics.enabled  .Values.jvb.metrics.prometheusAnnotations  }}
        prometheus.io/port: "9888"
        prometheus.io/scrape: "true"
        {{- end }}
      {{- range $annotation, $value := mergeOverwrite .Values.global.podAnnotations .Values.jvb.podAnnotations }}
        {{ $annotation }}: {{ $value|quote }}
      {{- end }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.jvb.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.jvb.securityContext | nindent 12 }}
          image: "{{ .Values.jvb.image.repository }}:{{ default .Chart.AppVersion .Values.jvb.image.tag }}"
          imagePullPolicy: {{ pluck "pullPolicy" .Values.jvb.image .Values.image | first }}
          envFrom:
          - secretRef:
              name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jvb
          - configMapRef:
              name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
          - configMapRef:
              name: {{ include "jitsi-meet.jvb.fullname" . }}
          env:
          {{- if or .Values.jvb.useNodeIP .Values.jvb.publicIP }}
          - name: DOCKER_HOST_ADDRESS
            {{- if .Values.jvb.publicIP }}
            value: {{ .Values.jvb.publicIP }}
            {{- else }}
            valueFrom:
              fieldRef:
                fieldPath: status.hostIP
            {{- end }}
          {{- end }}
          {{- if .Values.jvb.websockets.enabled }}
          - name: JVB_WS_SERVER_ID
            {{- if eq $serverID "service" }}
            value: {{ include "jitsi-meet.jvb.fullname" . }}.{{ .Release.Namespace }}.svc
            {{- else if eq $serverID "podIP" }}
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
            {{- else }}
            value: {{ $serverID | quote }}
            {{- end }}
          {{- end }}
          {{- if  .Values.octo.enabled }}
          - name: JVB_OCTO_BIND_ADDRESS
            valueFrom:
              fieldRef:
                fieldPath: status.hostIP
          - name: JVB_OCTO_PUBLIC_ADDRESS
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
          {{- end }}
          ports:
            - name: rtp-udp
              containerPort: {{ .Values.jvb.UDPPort }}
              {{- if .Values.jvb.useHostPort }}
              hostPort: {{ .Values.jvb.UDPPort }}
              {{- end }}
              protocol: UDP
          {{- if .Values.jvb.websockets.enabled }}
            - name: colibri-ws-tcp
              containerPort: 9090
              protocol: TCP
          {{- end }}
          {{- with .Values.jvb.livenessProbe }}
          livenessProbe:
          {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.jvb.readinessProbe }}
          readinessProbe:
          {{- toYaml . | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.jvb.resources | nindent 12 }}
          {{- with .Values.jvb.extraVolumeMounts }}
          volumeMounts:
          {{- toYaml . | nindent 10 }}
          {{- end }}
        {{- if .Values.jvb.metrics.enabled }}
        - name: metrics
          image: {{ .Values.jvb.metrics.image.repository }}:{{ .Values.jvb.metrics.image.tag }}
          imagePullPolicy: {{ .Values.jvb.metrics.image.pullPolicy }}
          securityContext:
            runAsUser: 10001
          command:
            - /prometheus-jitsi-meet-exporter
            - -videobridge-url
            - http://localhost:8080/colibri/stats
          ports:
            - containerPort: 9888
              name: tcp-metrics
              protocol: TCP
          readinessProbe:
            httpGet:
              path: /health
              port: 9888
            initialDelaySeconds: 3
            periodSeconds: 5
          resources:
        {{- toYaml .Values.jvb.metrics.resources | nindent 12 }}
      {{- end }}
      {{- with .Values.jvb.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- if or .Values.jvb.useHostPort .Values.jvb.affinity }}
      affinity:
      {{- if .Values.jvb.affinity }}
        {{- toYaml .Values.jvb.affinity | nindent 8 }}
      {{- else }}
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: app.kubernetes.io/component
                operator: In
                values:
                - jvb
            topologyKey: "kubernetes.io/hostname"
      {{- end }}
    {{- end }}
    {{- with .Values.jvb.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.jvb.extraVolumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
    {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jvb/metrics-prometheus.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jvb/metrics-prometheus.yaml
@ -0,0 +1,27 @@
 {{- if and (.Values.jvb.metrics.enabled) (.Values.jvb.metrics.serviceMonitor.enabled) }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "jitsi-meet.jvb.fullname" . }}
  labels:
    {{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
    {{- range $key, $value := .Values.jvb.metrics.serviceMonitor.selector }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
 spec:
  endpoints:
    - port: tcp-metrics
      path: /metrics
      {{- if .Values.jvb.metrics.serviceMonitor.honorLabels }}
      honorLabels: {{ .Values.jvb.metrics.serviceMonitor.honorLabels }}
      {{- end }}
      {{- if .Values.jvb.metrics.serviceMonitor.interval }}
      interval: {{ .Values.jvb.metrics.serviceMonitor.interval }}
      {{- end }}
  selector:
    matchLabels:
  {{- include "jitsi-meet.jvb.labels" . | nindent 6 }}
  namespaceSelector:
    matchNames:
      - {{ .Release.Namespace }}
  {{- end -}}
--- a/jitsi/charts/jitsi-meet/templates/jvb/metrics-service.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jvb/metrics-service.yaml
@ -0,0 +1,16 @@
 {{- if .Values.jvb.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "jitsi-meet.jvb.fullname" . }}-metrics
  labels:
  {{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
 spec:
  type: ClusterIP
  ports:
    - port: 9888
      protocol: TCP
      name: tcp-metrics
  selector:
  {{- include "jitsi-meet.jvb.selectorLabels" . | nindent 4 }}
  {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jvb/service.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jvb/service.yaml
@ -0,0 +1,35 @@
 {{- if or (and (kindIs "invalid" .Values.jvb.service.enabled) (not .Values.jvb.useHostPort)) .Values.jvb.service.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "jitsi-meet.jvb.fullname" . }}
  annotations:
  {{- range $key, $value := .Values.jvb.service.annotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
  labels:
    {{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.jvb.service.type }}
  {{- with .Values.jvb.service.LoadbalancerIP }}
  loadBalancerIP: {{ . }}
  {{- end }}
  ports:
    - port: {{ default 10000 .Values.jvb.UDPPort }}
      {{- if or (eq .Values.jvb.service.type "NodePort") (eq .Values.jvb.service.type "LoadBalancer") }}
      nodePort: {{ .Values.jvb.UDPPort }}
      {{- end }}
      protocol: UDP
      name: rtp-udp
    {{- if .Values.jvb.websockets.enabled }}
    - port: 9090
      protocol: TCP
      name: colibri-ws-tcp
    {{- end }}
  {{- with .Values.jvb.service.externalIPs }}
  externalIPs:
  {{ toYaml . | indent 2 | trim }}
  {{- end }}
  selector:
    {{- include "jitsi-meet.jvb.selectorLabels" . | nindent 4 }}
 {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/jvb/xmpp-secret.yaml
+++ b/jitsi/charts/jitsi-meet/templates/jvb/xmpp-secret.yaml
@ -0,0 +1,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jvb
  labels:
    {{- include "jitsi-meet.jvb.labels" . | nindent 4 }}
 type: Opaque
 data:
  JVB_AUTH_USER: '{{ .Values.jvb.xmpp.user | b64enc }}'
  JVB_AUTH_PASSWORD: '{{ default (randAlphaNum 10) .Values.jvb.xmpp.password | b64enc }}'
--- a/jitsi/charts/jitsi-meet/templates/serviceaccount.yaml
+++ b/jitsi/charts/jitsi-meet/templates/serviceaccount.yaml
@ -0,0 +1,12 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "jitsi-meet.serviceAccountName" . }}
  labels:
    {{- include "jitsi-meet.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end -}}
--- a/jitsi/charts/jitsi-meet/templates/tests/test-connection.yaml
+++ b/jitsi/charts/jitsi-meet/templates/tests/test-connection.yaml
@ -0,0 +1,15 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "jitsi-meet.web.fullname" . }}-test-connection"
  labels:
    {{- include "jitsi-meet.web.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "jitsi-meet.web.fullname" . }}:{{ .Values.web.service.port }}']
  restartPolicy: Never
--- a/jitsi/charts/jitsi-meet/templates/web/_helper.tpl
+++ b/jitsi/charts/jitsi-meet/templates/web/_helper.tpl
@ -0,0 +1,15 @@
 {{- define "jitsi-meet.web.fullname" -}}
 {{ include "jitsi-meet.fullname" . }}-web
 {{- end -}}
 {{- define "jitsi-meet.web.labels" -}}
 {{ include "jitsi-meet.labels" . }}
 app.kubernetes.io/component: web
 {{- end -}}
 {{- define "jitsi-meet.web.selectorLabels" -}}
 {{ include "jitsi-meet.selectorLabels" . }}
 app.kubernetes.io/component: web
 {{- end -}}
--- a/jitsi/charts/jitsi-meet/templates/web/configmap.yaml
+++ b/jitsi/charts/jitsi-meet/templates/web/configmap.yaml
@ -0,0 +1,24 @@
 {{- $serverID := default "podIP" .Values.jvb.websockets.serverID }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "jitsi-meet.web.fullname" . }}
  labels:
    {{- include "jitsi-meet.web.labels" . | nindent 4 }}
 data:
  DISABLE_HTTPS: {{ ternary "0" "1" .Values.web.httpsEnabled | quote }}
  ENABLE_HTTP_REDIRECT: {{ ternary "1" "0" .Values.web.httpRedirect | quote }}
  JICOFO_AUTH_USER: '{{ .Values.jicofo.xmpp.user }}'
  XMPP_BOSH_URL_BASE: 'http://{{ include "jitsi-meet.xmpp.server" . }}:{{ index .Values.prosody.service.ports "bosh-insecure" }}'
  {{- if and .Values.jvb.websockets.enabled (eq $serverID "service") }}
  NGINX_RESOLVER: {{ required "(web.resolverIP) Please set an IP address of your KubeDNS service!" .Values.web.resolverIP }}
  {{- end }}
  {{- if .Values.jibri.enabled }}
  ENABLE_RECORDING: "true"
  ENABLE_FILE_RECORDING_SERVICE_SHARING: "true"
  {{- end }}
  {{- range $key, $value := .Values.web.extraEnvs }}
  {{- if not (kindIs "invalid" $value) }}
  {{ $key }}: {{ tpl $value $ | quote }}
  {{- end }}
  {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/web/deployment.yaml
+++ b/jitsi/charts/jitsi-meet/templates/web/deployment.yaml
@ -0,0 +1,84 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "jitsi-meet.web.fullname" . }}
  labels:
    {{- include "jitsi-meet.web.labels" . | nindent 4 }}
  {{- with .Values.web.annotations }}
  annotations:
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  replicas: {{ .Values.web.replicaCount }}
  selector:
    matchLabels:
      {{- include "jitsi-meet.web.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "jitsi-meet.web.selectorLabels" . | nindent 8 }}
      {{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.web.podLabels }}
        {{ $label }}: {{ $value }}
      {{- end }}
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }}
      {{- range $annotation, $value := mergeOverwrite .Values.global.podAnnotations .Values.web.podAnnotations }}
        {{ $annotation }}: {{ $value|quote }}
      {{- end }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.web.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.web.securityContext | nindent 12 }}
          image: "{{ .Values.web.image.repository }}:{{ default .Chart.AppVersion .Values.web.image.tag }}"
          imagePullPolicy: {{ pluck "pullPolicy" .Values.web.image .Values.image | first }}
          envFrom:
          - configMapRef:
              name: {{ include "jitsi-meet.web.fullname" . }}
          - configMapRef:
              name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
            - name: https
              containerPort: 443
              protocol: TCP
          {{- with .Values.web.livenessProbe }}
          livenessProbe:
          {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.web.readinessProbe }}
          readinessProbe:
          {{- toYaml . | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.web.resources | nindent 12 }}
          {{- with .Values.web.extraVolumeMounts }}
          volumeMounts:
          {{- toYaml . | nindent 10 }}
          {{- end }}
      {{- with .Values.web.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.web.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.web.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.web.extraVolumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
    {{- end }}
--- a/jitsi/charts/jitsi-meet/templates/web/service.yaml
+++ b/jitsi/charts/jitsi-meet/templates/web/service.yaml
@ -0,0 +1,18 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "jitsi-meet.web.fullname" . }}
  labels:
    {{- include "jitsi-meet.web.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.web.service.type }}
  ports:
    - port: {{ .Values.web.service.port }}
      protocol: TCP
      name: http
  {{- with .Values.web.service.externalIPs }}
  externalIPs:
  {{ toYaml . | indent 2 | trim }}
  {{- end }}
  selector:
    {{- include "jitsi-meet.web.selectorLabels" . | nindent 4 }}
--- a/jitsi/charts/jitsi-meet/values.yaml
+++ b/jitsi/charts/jitsi-meet/values.yaml
@ -0,0 +1,288 @@
 # Default values for jitsi-meet.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 global:
  podLabels: {}
  podAnnotations: {}
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 enableAuth: false
 enableGuests: true
 publicURL: ""
 tz: Europe/Amsterdam
 image:
  pullPolicy: IfNotPresent
 web:
  replicaCount: 1
  image:
    repository: jitsi/web
  extraEnvs: {}
  service:
    type: ClusterIP
    port: 80
    externalIPs: []
  ingress:
    enabled: false
    # ingressClassName: "nginx-ingress-0"
    annotations: {}
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
    hosts:
    - host: jitsi.local
      paths: ['/']
    tls: []
    #  - secretName: jitsi-web-certificate
    #    hosts:
    #      - jitsi.local
  # Useful for ingresses that don't support http-to-https redirect by themself, (namely: GKE),
  httpRedirect: false
  # When tls-termination by the ingress is not wanted, enable this and set web.service.type=Loadbalancer
  httpsEnabled: false
  ## Resolver IP for nginx.
  ## Set this to ClusterIP of your `kube-dns` service
  ## when using websockets and discovering JVB's address
  ## via k8s services.
  # resolverIP: 10.43.0.10
  livenessProbe:
    httpGet:
      path: /
      port: 80
  readinessProbe:
    httpGet:
      path: /
      port: 80
  podLabels: {}
  podAnnotations: {}
  podSecurityContext: {}
    # fsGroup: 2000
  securityContext: {}
    # capabilities:
    #   drop:
    #   - ALL
    # readOnlyRootFilesystem: true
    # runAsNonRoot: true
    # runAsUser: 1000
  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi
  nodeSelector: {}
  tolerations: []
  affinity: {}
 jicofo:
  replicaCount: 1
  image:
    repository: jitsi/jicofo
  xmpp:
    user: focus
    password:
    componentSecret:
  livenessProbe:
    tcpSocket:
      port: 8888
  readinessProbe:
    tcpSocket:
      port: 8888
  podLabels: {}
  podAnnotations: {}
  podSecurityContext: {}
  securityContext: {}
  resources: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  extraEnvs: {}
 jvb:
  replicaCount: 1
  image:
    repository: jitsi/jvb
  xmpp:
    user: jvb
    password:
  stunServers: 'meet-jit-si-turnrelay.jitsi.net:443'
  useHostPort: false
  UDPPort: 10000
  service:
    enabled:
    type: ClusterIP
    externalIPs: []
    ## Annotations to be added to the service (if LoadBalancer is used)
    ##
    annotations: {}
  breweryMuc: jvbbrewery
  livenessProbe:
    httpGet:
      path: /about/health
      port: 8080
  readinessProbe:
    httpGet:
      path: /about/health
      port: 8080
  podLabels: {}
  podAnnotations: {}
  podSecurityContext: {}
  securityContext: {}
  resources: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  extraEnvs: {}
  websockets:
    ## Set to 'true' to enable Colibri WebSocket support in JVB:
    enabled: false
    ## Uncomment this to set JVB server ID manually,
    ## Or use one of pre-defined values:
    ## * "podIP" will fetch JVB pod's IP address from K8s metadata;
    ## * "service" will use JVB service name generated by Helm.
    ##
    ## Don't forget to set `web.resolverIP` to your cluster's
    ## DNS service IP when setting this to "service"!
    ##
    ## (default is "podIP")
    # serverID: podIP
  metrics:
    enabled: false
    prometheusAnnotations: false
    image:
      repository: docker.io/systemli/prometheus-jitsi-meet-exporter
      tag: 1.1.9
      pullPolicy: IfNotPresent
    serviceMonitor:
      enabled: true
      selector:
        release: prometheus-operator
      interval: 10s
      # honorLabels: false
    resources:
      requests:
        cpu: 10m
        memory: 16Mi
      limits:
        cpu: 20m
        memory: 32Mi
 octo:
  enabled: false
 jibri:
  ## Enabling Jibri will allow users to record
  ## and/or stream their meetings (e.g. to YouTube).
  enabled: false
  ## Enable persistent storage for local recordings.
  ## If disabled, jibri pod will use a transient
  ## emptyDir-backed storage instead.
  persistence:
    enabled: false
    size: 4Gi
    ## Set this to existing PVC name if you have one.
    existingClaim:
    storageClassName:
  shm:
    ## Set to true to enable "/dev/shm" mount.
    ## May be required by built-in Chromium.
    enabled: false
    ## If "true", will use host's shared memory dir,
    ## and if "false" — an emptyDir mount.
    # useHost: false
    # size: 256Mi
  image:
    repository: jitsi/jibri
  breweryMuc: jibribrewery
  timeout: 90
  ## jibri XMPP user credentials:
  xmpp:
    user: jibri
    password:
  ## recorder XMPP user credentials:
  recorder:
    user: recorder
    password:
  livenessProbe:
    exec:
      command: ["pgrep", "java"]
  readinessProbe:
    exec:
      command: ["pgrep", "java"]
  extraEnvs: {}
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
 xmpp:
  domain: meet.jitsi
  authDomain:
  mucDomain:
  internalMucDomain:
  guestDomain:
 extraCommonEnvs: {}
 prosody:
  enabled: true
  server:
  extraEnvFrom:
  - secretRef:
      name: '{{ include "prosody.fullname" . }}-jicofo'
  - secretRef:
      name: '{{ include "prosody.fullname" . }}-jvb'
  - configMapRef:
      name: '{{ include "prosody.fullname" . }}-common'
  ## Uncomment this if you want to use jibri:
  # - secretRef:
  #     name: '{{ include "prosody.fullname" . }}-jibri'
  image:
    repository: jitsi/prosody
    tag: 'stable-6865'
--- a/jitsi/ci/dummy-values.yaml
+++ b/jitsi/ci/dummy-values.yaml
@ -0,0 +1,3 @@
 ---
 jitsi-meet:
  publicURL: "http://localhost"
--- a/jitsi/values.yaml
+++ b/jitsi/values.yaml
@ -1,4 +1,4 @@
-
+---
 certResolver: le-staging
 fqdn: ""
@ -29,7 +29,6 @@ jitsi-meet:
    service:
      # enabled: true
      type: NodePort
    # It may be required to change the default port to a value allowed by Kubernetes (30000-32768)
    UDPPort: 30000
    livenessProbe:
@ -42,5 +41,4 @@ jitsi-meet:
    websockets:
      enabled: true
    # Use public IP of one of your node, or the public IP of a loadbalancer in front of the nodes
    publicIP: ""
--- a/lintconf.yaml
+++ b/lintconf.yaml
@ -0,0 +1,7 @@
 extends: default
 rules:
  empty-lines:
    max: 3
    max-start: 1
    max-end: 1