From 8db8cd7d9ae4cba316e4b799f22ac35089ffe861 Mon Sep 17 00:00:00 2001 From: Wei He Date: Sun, 15 May 2022 21:08:08 +0800 Subject: [PATCH] Scripted deployment with ArgoCD UI (#5) * initial import of deploy_jitsi.sh with argocd support * automatic Let's Encrypt cert * add INSTALL.md --- INSTALL.md | 83 +++++++ argocd/cmd-params-cm.yaml | 10 + argocd/ingressroute-server.yaml.sh | 26 +++ bootstrap.sh | 20 -- deploy_jitsi.sh | 225 +++++++++++++++++++ jitsi/Chart.lock | 6 + jitsi/Chart.yaml | 7 + jitsi/charts/jitsi-meet-1.2.2.tgz | Bin 0 -> 16392 bytes jitsi/templates/ingressroute-web.yaml | 16 ++ jitsi/templates/ingressroutetcp-prosody.yaml | 12 + jitsi/values-jvb-off.yaml | 5 + jitsi/values.yaml | 41 ++++ traefik-config.yaml.sh | 36 +++ values.yml | 12 - 14 files changed, 467 insertions(+), 32 deletions(-) create mode 100644 INSTALL.md create mode 100644 argocd/cmd-params-cm.yaml create mode 100755 argocd/ingressroute-server.yaml.sh delete mode 100755 bootstrap.sh create mode 100755 deploy_jitsi.sh create mode 100644 jitsi/Chart.lock create mode 100644 jitsi/Chart.yaml create mode 100644 jitsi/charts/jitsi-meet-1.2.2.tgz create mode 100644 jitsi/templates/ingressroute-web.yaml create mode 100644 jitsi/templates/ingressroutetcp-prosody.yaml create mode 100644 jitsi/values-jvb-off.yaml create mode 100755 jitsi/values.yaml create mode 100755 traefik-config.yaml.sh delete mode 100644 values.yml diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 0000000..2f87b6a --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,83 @@ +# Installation + +The deployment script is largely based on the helm chart [jitsi-helm](https://github.com/jitsi-contrib/jitsi-helm/). The dependencies include [k3s](https://k3s.io/), [traefik](https://traefik.io/) and [argocd](https://argoproj.github.io/). It also uses [Let's Encrypt](https://letsencrypt.org/) for signing TLS certificates. + +## Prerequisites + + * A GNU/Linux host with Debian/Ubuntu installed and root privileges + * The host has a public IPv4 address + * Allow these traffic through firewall: 80/TCP, 443/TCP, 5222/TCP (necessary only for external jvb), 30000/UDP (30001/UDP for test) + * An email inbox address for receiving ACME notification mails + * A domain name that has a DNS A record pointing to + * (optional) Another domain name (for test deployment purposes) that has a DNS A record pointing to + * (optional) Yet another domain name (for accessing the ArgoCD web UI) that has a DNS A record pointing to + +## Install/Upgrade + +The initial installation needs to be run from command line. But afterwards, ArgoCD web UI can be used instead to fulfill the subsequent (re)install/upgrade/uninstall needs. **All the shell commands need to be run with root user.** There are two installation modes, prod and test. By default, prod is installed. It can be switched to test by setting environment variable `TEST_INSTALL`. + +### Install/Upgrade from command line + +Run the following shell command by providing the 2 mandatory arguments: fully-qualified domain name for accessing jitsi web, and an email address for receiving Let's Enrypt's ACME mails. + +```bash +curl -sL https://raw.githubusercontent.com/shanghailug/jitsi-deploy/main/deploy_jitsi.sh | + bash -s - +``` + +Alternatively, an additional environment variable `ARGOCD_FQDN` can be provided to enable ArgoCD web server's ingress, so that it can be accessed post installation, for future operations: + +```bash +curl -sL https://raw.githubusercontent.com/shanghailug/jitsi-deploy/main/deploy_jitsi.sh | + ARGOCD_FQDN= bash -s - +``` + +Before committing to a prod installation, the whole setup can be tested by using a test hostname, only requesting certificates from staging instance of Let's Encrypt, and installing into `test` k8s namespace. This can be done by setting `TEST_INSTALL` and `STAGING_CERT` environment variable and giving test hostname as command argument, like this: + +```bash +curl -sL https://raw.githubusercontent.com/shanghailug/jitsi-deploy/main/deploy_jitsi.sh | + TEST_INSTALL=1 STAGING_CERT=1 ARGOCD_FQDN= bash -s - +``` + +The installed applications can then be updated/upgraded by rerunning exactly the same command, when the git repo is updated or it's desirable to enable ArgoCD web after initial installation is done. The already installed components will usually be kept as-is if their versions match, or be upgraded otherwise. If k3s needs to be upgraded, however, it's probably a better idea to [tear down](#tear-down) the whole setup before-hand. + +### Install/Upgrade from ArgoCD web UI + +If the initial installation enabled ArgoCD web UI's ingress by providing the environment variable `ARGOCD_FQDN`, then the ArgoCD web server can be accessed via `https://${ARGOCD_FQDN}/`. +Please refer to [ArgoCD docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#6-create-an-application-from-a-git-repository) for more details about how to create/update applications using helm charts from a git repo. The login's name is `admin` and the login's password can be retrieved after initial installation, by running the following command on the host: + +```bash +kubectl -n argocd get secret/argocd-initial-admin-secret -o jsonpath='{ .data.password }' | base64 -d +``` + +## Settings + +The following list of environment variables can be used to customize or alter the installation. + +Environment Variable | Description | Default Value | Default behaviour +--- | --- | --- | --- +`ARGOCD_FQDN` | fully-qualified hostname for accessing ArgoCD web UI | "" | don't enable web ingress for ArgoCD server +`ARGOCD_VERSION` | argocd release to install | "v2.3.3" | +`DEPLOY_GIT_REPO` | the git repo url for retrieving artifacts | `https://github.com/shanghailug/jitsi-deploy.git` | +`DEPLOY_GIT_VERSION` | the revision of artifacts to checkout and use from the repo | "" | use the default branch when git repo is cloned locally +`EXCLUDE_JVB` | Exclude built-in jvb component (so that an external one can be registered for use) | "" | include jvb +`K3S_VERSION` | k3s release to install | "v1.23.6+k3s1" | +`TEST_INSTALL` | when set to non-empty, install an app called `jitsitest` into `test` k8s namespace | "" | install an app called `jitsi` into `prod` k8s namespace + + +## Uninstall + +### Uninstall the applications + +The applications can be uninstalled either from ArgoCD web UI or by running something like the following commands: + +```bash +argocd app delete jitsi +argocd app delete jitsitest +``` + +### Tear down + +```bash +/usr/local/bin/k3s-uninstall.sh +``` diff --git a/argocd/cmd-params-cm.yaml b/argocd/cmd-params-cm.yaml new file mode 100644 index 0000000..9016764 --- /dev/null +++ b/argocd/cmd-params-cm.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmd-params-cm + namespace: argocd + labels: + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd +data: + server.insecure: "true" diff --git a/argocd/ingressroute-server.yaml.sh b/argocd/ingressroute-server.yaml.sh new file mode 100755 index 0000000..2eeaaff --- /dev/null +++ b/argocd/ingressroute-server.yaml.sh @@ -0,0 +1,26 @@ +cat < /dev/null && test -f /etc/rancher/k3s/k3s.yaml) || \ - curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644 - -export KUBECONFIG=/etc/rancher/k3s/k3s.yaml -kubectl get namespace jitsi &> /dev/null || \ - sudo -E kubectl create namespace jitsi - -sudo -E kubectl config set-context --current --namespace=jitsi - -# helm -which helm &> /dev/null || \ - curl -sfL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash -s - - -# jitsi -sudo -E helm repo add jitsi https://jitsi-contrib.github.io/jitsi-helm/ -sudo -E helm install shlug-jitsi jitsi/jitsi-meet -f values.yml -n jitsi - diff --git a/deploy_jitsi.sh b/deploy_jitsi.sh new file mode 100755 index 0000000..5577cb9 --- /dev/null +++ b/deploy_jitsi.sh @@ -0,0 +1,225 @@ +#!/usr/bin/env bash + +function err { + echo $1 1>&2 + exit 1 +} + +# check usage +if [ $# -ne 2 ]; then + err "usage: $0 " +fi + +# check sudo +if [ $EUID -ne 0 ]; then + err "sudo?" +fi + +# host OS packages +apt update && apt -y install grep bind9-dnsutils iproute2 curl wget git + +# parameters +export FQDN=$1 +export ACME_EMAIL=$2 +export PUBLIC_IP=$(nslookup ${FQDN} | grep -A1 Name: | grep Address: | cut -d' ' -f2) +if [ -z "${PUBLIC_IP}" ]; then + err "can't resolve hostname: ${FQDN}" +else + echo "resolved hostname '${FQDN}' to ip address ${PUBLIC_IP}" +fi +if ! (curl -s https://ipinfo.io/ip | grep -q ${PUBLIC_IP}); then + err "the host doesn't have such public ip: ${PUBLIC_IP}" +fi + +if [ -n "${TEST_INSTALL}" ]; then + export HELM_NAME=jitsitest + export NAMESPACE=test + export JVB_PORT=30001 +else + export HELM_NAME=jitsi + export NAMESPACE=prod + export JVB_PORT=30000 +fi + +# versions +K3S_VERSION=${K3S_VERSION:-"v1.23.6+k3s1"} +HELM_VERSION=${HELM_VERSION:-"v3.8.2"} +ARGOCD_VERSION=${ARGOCD_VERSION:-"v2.3.3"} +HELM_ARCHIVE="helm-${HELM_VERSION}-linux-amd64.tar.gz" +DEPLOY_GIT_REPO=${DEPLOY_GIT_REPO:-"https://github.com/shanghailug/jitsi-deploy.git"} + +# workspace +WS_DIR=${HOME}/deploy/$(date +"%Y%m%d_%H%M%S") +SRC_DIR=${WS_DIR}/jitsi-deploy +mkdir -p ${WS_DIR} + +function get_helm { + if ! which helm || ! ( helm version | grep -q ${HELM_VERSION} ); then + cd ${WS_DIR}/ + wget https://get.helm.sh/${HELM_ARCHIVE} + tar -zxvf ${HELM_ARCHIVE} + mv $(find -type f -name helm) /usr/local/bin/ + fi +} + +function get_src { + cd ${WS_DIR}/ + git clone ${DEPLOY_GIT_REPO} + cd $SRC_DIR/ + if [ -n "${DEPLOY_GIT_VERSION}" ]; then + git checkout ${DEPLOY_GIT_VERSION} + fi +} + +function do_k3s { + INSTALL_K3S= + # nuke + if [ -n "${NUKE_K3S}" ] && [ -f /usr/local/bin/k3s-uninstall.sh ]; then + /usr/local/bin/k3s-uninstall.sh + INSTALL_K3S=1 + elif ! which k3s; then + INSTALL_K3S=1 + fi + + # install k3s + if [ -n "${INSTALL_K3S}" ]; then + curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=${K3S_VERSION} INSTALL_K3S_EXEC="--tls-san ${PUBLIC_IP}" sh - + fi + + echo -n "waiting for k3s server node to become ready ." + while ! (kubectl get node | grep -q -w Ready); do + echo -n "." + sleep 1 + done + echo "ready." + export KUBECONFIG=/etc/rancher/k3s/k3s.yaml + kubectl get node -o wide +} + +function get_argocd { + if ! which argocd || ! (argocd -n argocd version --client | grep ^argocd: | grep -q ${ARGOCD_VERSION}); then + cd ${WS_DIR}/ + wget https://github.com/argoproj/argo-cd/releases/download/${ARGOCD_VERSION}/argocd-linux-amd64 + chmod a+x argocd-linux-amd64 + mv argocd-linux-amd64 /usr/local/bin/argocd + fi +} + +function do_traefik { + cd ${SRC_DIR}/ + ./traefik-config.yaml.sh | kubectl apply -f - + + echo -n "waiting for helm-install-traefik to become ready ." + while [ $(kubectl -n kube-system get job | grep helm-install-traefik | grep -c '1/1') -ne 2 ]; do + echo -n "." + sleep 1 + done + echo "ready." + kubectl -n kube-system get job -o wide +} + +function do_argocd { + cd ${SRC_DIR}/ + + kubectl create ns argocd --dry-run=client -o yaml | kubectl apply -f - + kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml + if [ -n "${ARGOCD_FQDN}" ]; then + export ARGOCD_FQDN + kubectl apply -f argocd/cmd-params-cm.yaml + kubectl -n argocd rollout restart deploy/argocd-server + argocd/ingressroute-server.yaml.sh | kubectl apply -f - + # ARGOCD_PASSWD=$(kubectl -n argocd get secret/argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d) + fi + + echo -n "waiting for argocd to become ready ." + while [ $(kubectl -n argocd get pods | grep -c '1/1') -ne 7 ]; do + echo -n "." + sleep 1 + done + echo "ready." + kubectl -n argocd get all +} + +function do_chart { + cd ${SRC_DIR}/jitsi + + if [ -n "${EXCLUDE_JVB}" ]; then + EXCLUDE_JVB_VALUES_FILE="-f values-jvb-off.yaml" + fi + + if [ -n "${STAGING_CERT}" ]; then + CERT_RESOLVER="le-staging" + else + CERT_RESOLVER="le-prod" + fi + + helm -n ${NAMESPACE} upgrade -i --create-namespace ${HELM_NAME} . \ + -f values.yaml \ + $EXCLUDE_JVB_VALUES_FILE \ + --set certResolver=${CERT_RESOLVER} \ + --set fqdn=${FQDN} \ + --set jitsi-meet.publicURL=https://${FQDN} \ + --set jitsi-meet.jvb.publicIP=${PUBLIC_IP} \ + --set jitsi-meet.jvb.UDPPort=${JVB_PORT} +} + +function do_app { + cd ${WS_DIR}/ + + if [ -n "${DEPLOY_GIT_VERSION}" ]; then + SET_GIT_REVISION="--revision ${DEPLOY_GIT_VERSION}" + fi + + if [ -n "${EXCLUDE_JVB}" ]; then + EXCLUDE_JVB_VALUES_FILE="--values values-jvb-off.yaml" + fi + + if [ -n "${STAGING_CERT}" ]; then + CERT_RESOLVER="le-staging" + else + CERT_RESOLVER="le-prod" + fi + + argocd login --core + ORIG_NAMESPACE=$(kubectl config view --minify -o jsonpath='{..namespace}') + kubectl config set-context --current --namespace=argocd + + kubectl create ns ${NAMESPACE} --dry-run=client -o yaml | kubectl apply -f - + argocd app create ${HELM_NAME} \ + --upsert \ + --repo ${DEPLOY_GIT_REPO} \ + --path jitsi \ + ${SET_GIT_REVISION} \ + --dest-server https://kubernetes.default.svc \ + --dest-namespace ${NAMESPACE} \ + --values values.yaml \ + ${EXCLUDE_JVB_VALUES_FILE} \ + --helm-set certResolver=${CERT_RESOLVER} \ + --helm-set fqdn=${FQDN} \ + --helm-set jitsi-meet.publicURL=https://${FQDN} \ + --helm-set jitsi-meet.jvb.publicIP=${PUBLIC_IP} \ + --helm-set jitsi-meet.jvb.UDPPort=${JVB_PORT} + + sleep 5 # there is a race if sync happens too quickly, so that it becomes a partial sync + argocd app sync ${HELM_NAME} + kubectl config set-context --current --namespace=${ORIG_NAMESPACE} +} + +# installation starts from here +( + get_helm + + get_src + + do_k3s + + get_argocd # 'argocd version' depends on k3s setup + + do_traefik + + do_argocd + + do_app + +# installation ends here +) 2>&1 | tee ${WS_DIR}/deploy.log diff --git a/jitsi/Chart.lock b/jitsi/Chart.lock new file mode 100644 index 0000000..f582b6c --- /dev/null +++ b/jitsi/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: jitsi-meet + repository: https://jitsi-contrib.github.io/jitsi-helm + version: 1.2.2 +digest: sha256:165664c1a23bc9760177e63740a861360eee007b432d9044ea449e77fba95d94 +generated: "2022-05-02T17:15:02.132446+08:00" diff --git a/jitsi/Chart.yaml b/jitsi/Chart.yaml new file mode 100644 index 0000000..09309a9 --- /dev/null +++ b/jitsi/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: jitsi-deploy +version: 0.1.0 +dependencies: +- name: jitsi-meet + version: 1.2.2 + repository: "https://jitsi-contrib.github.io/jitsi-helm" diff --git a/jitsi/charts/jitsi-meet-1.2.2.tgz b/jitsi/charts/jitsi-meet-1.2.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..29703ecb9e02b0d4f71811ed29e19ffef168536b GIT binary patch literal 16392 zcmYkD17jsox2BVH$F`kxY+D`Mwr!__j&0j!$F^=xYK$hzY?fNeTQXqjW#L1V72h7qw8N8~AGgsm`T{tx z%oQt~O$Viy89Q(wz{bAEyc;b)Y8NQM<(38Tdi z#yPHc4uzcW5kjM8^WY;>f{z~#DGn?y_ul6w3PmP{obg&Y9iYr?D-jUjb^1-~JteSR z?QQYG_G`eAhzKce==_mps7SLyT5QXfX#GW_3M^YLQ;v*|gG_3AvwLwb-*&^spipu8 zYv-^+L66fkVH~(k>3n%cYy}_M#PP_^wYg?@+P!-|N_&9>uKfH=F{+!A54fy%5C-X=sVRQwA1-LgU8Z7h8^Hv>w3m?1N?8iJny=rW6UL&&OK z9azF6Hqz?Zxbs_FfbB(J4hOY!$Ls8p5a`00uAz*#i{yCOoWE?Wo%Ql;&~!WzhJIkOHESPyJrK7EiuQKrJSdrA7R z4t%6TQdh)g>4(p^BrZb(_d zL?0%Jf!d2KfJvO2iB?>mb>Z?h(}H}4hnAtz?#CE#>L7`)C{;|CV?sN%|9P{M6WI<) zg@60ux6cU|w{lf^jVuvp8HTM4(&&rf{@0@kJ(cqb$(WDo-MTO7XYTpCNS9(FxuTsQ zh{{)NxRV)bdnwIY49E%uba?^giv~UyNq8edsk&eiD(qNCqiCD&6Mx z20-K~suZVcRuDfei;Pc1v$OA@Jy1mMm#};kZthTPaqkKXCEXo>ZXj_qF)Lr2vg8%c z(ZRBADnQhk35D^%NAIMO9$=1Slp3_U$Jh~U|lez_`>>nD zQz3uq>^UyYL=o4Jj2)(UA6g*iB#I9GUaUx>5ro^!co8{jLE+o6!jLS1MK4$+7{oIj!ALxdFOIw8 z*yB`nTyCR>7&=|sWKTywchPvGFzyb~E2Bkz93$b>w|22e;n9{B>;{DG&8kJB-eZBI za1x9CWy?-a+myK?PS3-)0O8b#i-X`t;0(m=H{V5`?kWmq;_B!nG5;meN(73`vKCU4 zwYsY`W@Tm_Wu=&>HA(J?dhYoc@>3ap2Q|?OGwy@fs3C|!;pb{!RQ|1-`m=D@AL2dzI+Ny^?98ZJz4P;f&!F%NaIy0vda=p;5k6B1C z!|?FBPfPiLEC|kBDM<@;D6s3vP^J6Ee{i4oM-wp5`f3MrGWydyp2yUWf9fxs`Eu1M zst_YX%YG4J95gT?)&3(T%IGgN2otFnu^DJqAiN-is%23+QN#*b6=`YK()lsD0SWoB zkrMP0!n~cTi&Oc_e&+o=7>PZ)lN!yMIoV554?RKI3pPq|4u{%Fm)10Pmoxf@UL16o z=zX#t*$_1@)8(}VXE97XI3vOxJc2y~iTHCYz_a!UD%x`J#SF{SCq-NDx{Z@A^znwp zx^EV3{Z3HoDzLvW#U+a#mm;gKU=k`Ip(dutD(f|dT3iLfX4{Hhg;uWZ?v)miK zF;C*gJeFHUBFvVp)_GG(Gl*Fb*e!E{{q{%-vfi3)S#mTWR1=qL#~02f(o7)q@w5zB zuCjY3G`#c$4W<0IOV!q4+GK_%_Oh38T(eQXrf~br-Sz~+;xPH{f-rS!d86y z_W`pq#XN1^%MfpRaGkN95?SY46TC(I$1HgDlY_FbSbyng)^(V;gzMoIx#Ps2l?)DxfZ$nnfika)DV3@! znfH)iXe{nI-Oa$~&cY58Thd(VUGow5^U(kvERbstzgcUe6(6Au`VvhBw^cm&?)L>u+x60Qr5a3=j-yZqfA6qMi8H9-mFls%l@#rP*p_dc|y8F|0OHi{*^lMIyob)#iS0; zrM=;NXB0d2iSsHP8zu^;lc!x@6)`3%O#XKm`OYKzrvo=^xjYG7?0B$)d%+ZFhh=I6 z-8=gab`h|G41?VSM&y2B$6u&rk`ipMKtL`KQz6d9C!}9vV-!b7<)j%QHYuk=m<~U* zsBS$n_09{iH$2vIaN|~4WQL7R8Q?m1GeHF}7p9Bn@RxT?2K-8jgz8jXTiZ)`zYa%D zr#}d@hvqNsoXjo7l&n7D4a%UQdF5((CLhZP!})3=JCd(lC{!*AJ!;lGNLM5UdlC9c_g$h zij!GL$CoZz3b_oLo1X`2aFJ4c5wC=Ucw!z;lp_J|X$l=?gfGFQ91%QGnE))Z~GfaS+S4Mq7iC{-p2kaoSz^_MwRfo2>k8f zG5j#DK7Z|dDTD@_td(URqZ~^&Vr_+BfAccAUzu?HAZkY5%>%KETdkjH(r;F^0D}m$ z+41gO>koLJdLL-bMmVTr@mS%b!W zbvOz-8h^~I`A}fUvWbEGf!J1FTS13;vSBURCj$$(Y_bSAT2s9_EJ(cQ;&NRv{efs@ z!Qb+aURLq$BqB%F+oeT=iAe|O6F5S?Go+{Zcsb+w_jjn;y@`!LLTj{MZ5L_OZRf!}R74R8|^qzHj^pJJGY zY}_8?Bz1TTXl2VgpOsHt1sA6-HM_KNQ^IrL*nru|y4aq@@VXKR}9;?S)>kYiGL@R3nbDrxA|>Y`uXeH}q;0KdvzA=C(* zE@DATy1Y-B&G7WL2Rk8#e*I|$G(?ZDT_s%U>dvZ5}!7-*u6BD0`a7;d^q==+G z%4d2`iLIyAsI-Y++dH?%A41G69#F3uZvs{bT~$0I)g+`KiT=`-Dxogeo&4^NHq8{0 z_Uh$X?S{?s*HV##+wsoun-InsmCHF~BN&4%1rW(U>0pD46^>Xwu@z&Sz57Yf2*E8P zw%%Wxv*&z5)^Rk}J?nwa+1C>-je1fc4P@0StkPD)5hfjZt;q{DCr*0%soDbSjgyVn z&lN?g&1u!PrLJ9l9UaoYCnFo0akW#kspA6HRy8CJ{Z}3do0|Mpq`>gCSGG4YQTQW= zn?=6(`q0k_`!#~rw)^$~hV>VChn`O$EHPVJQD=~;Qn(S@op(iEcgfQ<8WtxjaL!L#jgw1vc~5|~qc1s*n|l}C<; zCAk>P%914tKmL|vAzqf;ga8(p(|C5bwBwQeq_XvmRhvCp+&3%X4J`{(59A(K1o4WPv?W$xCOC!#9|uH;Hh|T8MN@V zsj8BeHqZCe9|@v*Drm2~#KZ?Y<2L2KCgIio)stD$`M5;rKDxZFWy`*W$UimCvfDS1 zi@L-_id)BTQCW=I)V5wKA2aN`L_K}G_m$g$>NU0P_qlHtfKe79nrC43ff(R(=C058 zz!TULPT>q_vHU|8uo1Gb>S#42Ht6P5^)d$=?N+6g$F|?B)^lF`UX@Dul}n6NA=bMm zC{dGEA$N1QAAqKpv ze7HVK=H*w(PsP2+fByY-QLxj)-OJYbo^rzmSmY zSs-b>8D?ubCP3lQo_v_~JrAz<^_?ioNrpNehZxROGqf60zmWNB9do;K#hM9R^_z5z~OHMjL2)e|XV-IghcWc}FfHF0|{YMl)eTZ)` z?^S<2+w?V5V1GmRRmhSqB$E>}Eg_#a4^I!ubIG)z81@jkrNofTHZE>&0&{59nPK=& zBqf055yKa2OAud9+I#Qb#bphHM1-}K1<%#H_Nb#0uzSBWR(b8|{;2)=Rka|{^LbUU zfa~hrqoW7UUE7h`#l9GKlI-Kla|w4Zs)RyF1C(9?Y7qV@DD17=7kHMw1cuI>_;K7< zA&Fki)i=D$7N#RoLYlL0xDIvUC2^u+yvc(?& zfQ6PW<`yD}T>1Ihtxx5iM{8l!HB=Q>$os#+!wV!BSo!&s%Y;l##?-)F_67FFFo{oH zE-zR86>!806VPm~LXnUXxTrv;UYVXZOt`niCzpm3D=sLm82jOD`fm^_Ri$|9b?hfi zX%F#EC0Gsa$nmPAQKZ6d%Kk*IMhK>LbgLe6#7VX@GGwwv1gMC#4HOEd`j*`wD;*6! zp{HEIMYNY#P?Fbq!sR6n#)@PLy=wyz9}HbZQBP{H2xw4z=t>^Hh=z}e_HO)eB$($s zRwAn~{-K<2%7||53yhP0-vcA|omWIF}>OIwi;_w!v9nXW3Xks-5wbQ7R`P^h_ z1o*#L-Vjv}+yyimR@7J$Ul#@GU~_0nf1>*lP8Eq%jLr__{SrJW;a4fF<3lY_%@<|+ zXuUbnrSu+h7c{D}`OO?snPqROCxP={;Mwaf(RXY4?kyXB?Dr~bH%q<@ zgjxy}d`ZEzwMS@*oHDtN;1Dy9pY-9mk@C}3v7M6#UW6QvsHmhECnU&-EdS8!Q=@?> z06*%78|v@OhvVT6I8yy}@)?Wksg~|ZU`nV*B7gbhPNB)9XbF|l{Lj$*wuWUi`(OF} zz_8&G@Uk1nrS|&+y5R}jsiEJ_F}qTQ@$=edP^PK()y;N=G<`}SEixx#wQ*_U6ME6} z>TOH`{g7^PciR5aA82=DKdgWa%EleR(>545w!FY!PNesk|J5{DF-*c(H1%6g@8oQu`cYvUX# z=F_^UD@u%KODBAhRSxtjn+!-oM{_s3MjzFUNEi#Lt9W)UON?c#C`07fRH0`q7ls8o zk9?k?gUPywc+qaXV&(@S&(d8;@1pP~ed3Uhu$ery3eROXGP`8s6w&UsFL@-Yt+(#5 zAZ`V9)zpHB&~B5IBW2~1Mf3zUGwyDaaq=!Lqv45Ad9?-&&7xvMriHs@PMOj2Qd;X_ zWZdj5`Df!alVf5{Bt&^ zw(uvrM&F>CSVg6);Z)r4_E^gN=?kCk(abg&yDF{|#t4idE9XchA!&@40RVunr!FhS z(vnuS8V!r?VU{#E)k2I6La6CZ!mD?oD>*b#%H*tB;rw$mM)_J4va~=7vUZBYKJntO z8;6WGB7%J3eb6Uf)m!O|b&-6U3B}t+tVD;*&^(qLWdBS)6mF&TzG$w1l%s+yyH(QI%#RrJnPmY$RfF`HxaFCaOV8GspX zcx69HrJ8>9IN>-&$-D@Kx{!Iw^-*r0i5awf1epQGw;pBHjGCC`-lRJGpR&P37LaIq z%eV-KKAv5*kh@UEwY5zy8UF75hYo*d0e_OntY^riSTzX^WOIZ3WLvN<%A0L#oMe0y z;`d2#CS2ZQj1%U5(0u`m*qLx?{3|@}>gi{B7 zVbAx;V!uF0U;apNcEgzvJZ6<7$q$w(-&bq+H-XHgOGr-=rc1Ti_^ngN&wy&6Xe*IC z=E{eB(&dof3n0vRyP%y)0sShIUx44=Has8VJ@D+u%ub+347fcLyoXUsdGqSzzh5{p z{Zz+X9aFqTS=@`(1E-C-p%@zu$C`!F(3GC(kV#Dt0-G4#x0I?r(7==ELc|>7mt|na zNNDKHn?CzJZya!_=#@Hj!02NYH4K6rh5qDp28u!vY#f~47lA%L25A3o!BOCvpPJ{0ROKh(*kpdEXJsDUH0D9E_X!zA-5le#yxXyTr6(W>2&fHe|e`KnG^YfE-q|%B&Uc&@(<5 zLY5u{oT&$1uU$+p)j4l-;kz<;s}IcWnk;&LY2#WAw28k~#d*S5eUwR4&zM+bXI*`#C5j10S`oagE@ z)j5-Qr)tXg=$Vm$Ip^OwawZdNaS-oW5~a2;Zpd9@Oup#86QhC_AP-JNiz)x9cq=!S zlWyFqMRTEMs>XHA!2a7f^@0QWa9p@=kafsKfgg{i@20`eAm9Xe2~Vny@}i5jiu7i6 z*EQoZM-OyZfgaGs3G0ZWRg+ANXp=Tf61$SZiiO%>J3l#aBSdP;6xPOX*GAcGBO836 zie7b^vE8piX#cc|&v_B=7?vUsXe+ZA73DZlI4a0I(rrFYe2GqXZnqhl3E?$|s)Vwr zK|qg?nwCU!2qSvP8*O_NfU(}%FB zdb)e+Mbt&DP{8IuE?u3x2q*k|t6ll<;+t{>%ozvmoCoMP0`XgN4g}cmZMJ(VQ-@1e zQPey<iq&;ou~TG++B0uYsY;WMevuzk-2Pd z+(^s)bK=d9$+!KI;o{b>54hqL16-d}K8w_fB0T=oj#_zer5l#NeC~kUuf4eKz$BJG zKc6tvGykM{1CBNHR6PUnoA2NBV`8*t0KjNo`D38=VQq|#d$d077~h-2Om5j+58k1! zb!7e5b5*VK#L!VlVGG|CIo|land5Mw0cCdJWEnH}m3|i&cIO40cy`~Crn|@ec_%4a z@bSS`42_O=P;MYdkf1<}8~Q>nMx-yNP-^0^B?a-L#NaNCN1tIr3zPhcMFQg2P@K}oqMH900GVCRMq>Q zHb0e3AR8h=&Jple4o`Znrd0lQx@Wk)t(@+I*cKiIg=!AJ_@ug~93On@z&P;$8H?x#-G_lmLb4v{Xz9(X1YIZ$JdNInMM~+zGd!9>RbOBY6ksq+HGWEd$nB6YdF+X zcA_-b@4&ShnZMW|e*e|;`*ijFN^1}vPlZG{OOSP2lPKZ2WS)NIMs4!f*WY+vq8yEt zu>{gV7eT#s61346QBhZGw^@-_l_sJkr{O>5CUjSvCZfY9{+f0dLuj?hzQ1&^HUp!b z0oP#0eaNKvA;t^u8edS6evpBs5fjctcPdMW}Q9e55K4ni4xW-Y`qIs=(tgSA< z^-u)SXp;**fbAYlq!z=Fx*tF7BlV+zDo&}M`xdUWI&{QN-?I;l9{l@kae9{!KFJ?12Hk}u&Wpg);|0Yp(uQ1jC<%TTTOKBd(wP4Q|DGN*JU$D5GD z=~t<&IZMu2%{x=4u}U~NDM48T9{S$=qa^EdIi0M-^(0GkD+QI+bLTgt*bjnO+sbVW zM(P}(qSkr+=zvrg9skP?)| zRl8){hwSkFn2%T;h8x1l`U6-JJ6KRj+CVR30_^?Z^{}ePLr?cnX=$!Bs?@i-Y4r= z|K9)+D!vT5X!K8VC(F&!bYtOf4;;W0-S;;1GkhdYYo+2)Ov#3hgXl5R_-D5 z+NK zwLHZQXr_G)t^5?Ki}u%d?vI4kMc3a0e+oXG>9ijGcj!*Vm z`9gX3wEQ}7Rr|og&-WcGJUqS=;Kr!3FE*;Hv`3p--y}z?!SaM`_Iid79TDB$6bXr<>hHT(;w&-N<92FSdAl@6ATR=`*1t zmJp}u{?U4u;qXgX?cKC(jeI^JpFVh>^3YL29+APJ6**sN9LV8O_(q8E0N6R6`v>UB zFQw)Ya>J?31@1xArhfIBJW-4R9S8^Y*?=MearS(J(z#NA9UVZZ+CiQNaKIT*I>jsh z2k^qgMHV4_qI?R^WR+dCcRppYNO+!>z$my!w}`{`oyVk$dJVs2xi%_t7@w?g{rH(y zDRffBbD9;?u$#dK&5UU0uZv<7YTmcSqMIDQ0$4h_om$%Hdt0hZG%SVR;I?twazVA# zoE^$VF{vLKR#CuO98Q`#CyPTKxMz)yKOy$pY#by36nv`0uy4KSxqAcKaa=-DPnflb zw{%h9pqnrYE`%q`D5ziD^B4lj{S6T){p|?jE<)0n@=#lg6`^{>jD41Ihfm0WEIcq& zWhevg+uiz;ueIWOy0wc}UF>o#=kh%+Q#bc@N-vGhY(CD+qbUpqde_+~gMJ-FggaVd zd;FI;7AI~1==1&mU zTAl4Jlrt4_=F~pJQUiR^Ev5&%dp`q58qkd5Gesczqi1T!FZBq>Z^8HRo%Ha^!ac97 zy{HZgX6h}nLbUU$d4`|3ni|yTElY#;rq-oSi7k{_kGq+WiX!N;Zlaf4w&WDS#G z5F>Ic;cq*^kE;jI1z+C;UaG_t>Ru}1AUR6wE%lo7sUB~?cF@z$_h$cT#J+_J928h1 zS(OHjj(=dv7zpx6(-c_0G_(7%h@BI^5YPPBx5r5+e>woxH}B%ZKu2S_%y3UOoDhHc zfBc4G{=rM-2Yvg&zzGhm${h9Mik;ZR+$*%giGrk3SzBDf2y5$gze7^+4 z>reB4-}R*#Xm{9l8nc_l$!W0KAb0l3PPTv@iaCwYh*SNm?2WiNn;2VLjWCoyzWld8 zW7-~4ti2&lfxodk<}c!5L5kf;1T%TYZN!)C3K>ABYzTg59JnVR65>vt-Lb2jDl-VwV3$7DHTkFO5Dvl@!?_LqE0HO} zH>tobHpGbPg*J2=It4*0ky}$Njvo_$+!a$2+lQslx0yUhGm#PwD$`JNq`0?ika95A zgET_E>|_pijx`j5e$Jc7nsvZ`*d@SJd+`(^302&+1<&7;yW$-+lXxbODJB^aQvzhv zLXL8lB?e3`j-rXK4S9lXp}A@<69JCF54%eM+a-@D=sU;MeW`MWXi6k@32oB#*un2= z^WpjXLJ`;}Y5$0;0|2Aw+Sy&PyRpIK2A(5w4-o4hR9%Y#J2$vCg6(b|Kd&@fUU2lf z@P%%iex7VaUY9vT6iOpOv6b1GQ~K+=K$P0cc@-wAZ#`U}w&-4@UYAiA0Gzn|QBQN> z#I_b%PAGny_TWDd(*U+Z_X}X z4}w|6TV9?Ic``#5_>8YF{ayNYb+J(VuFIQDPl*tt`QUECBFm$o28a>xCjDoSLbY+i zzyItXKaJ=d<0%&XSaT!6AwG9DeaFKfF!bQkaMUQw%) zC_EZacUfRgy2TxWA=es-$Q{9&tj*9%H=jaKsy~Ko^T13EP73CLcL#44SBxUX%(s9}}Uw+yYqmM=uF|;-~dtv+ui~+IO zw2Uy`P6RpOG3DVPu``+j1jB73yhOPmg3AX_Gh2qJjBr%8vN5j+ED1!k97r21o>PC& zIr9K@pu9it>GRMEV&q-TEZGlgG`2&}mR^#6axWBrhDC8mruw%}Ht1G#-4GE7-$O@| zUmID>V#9-^I;X#cLksrA1&O1qGzGdL>P;&$Z2~7cI95{+?3CoN**-5~+sA z;lxi?`iXTsx0zypo7-T|m>#wvXPR7-0Fm-a-23Lsn zL)Ax9jv+U<+$8NtVSFW&5?pb?(jdjdr~uJ)Jj(!cin#oON8Q0|Gq{lCH9u32ef*8) zx5v|*?BSLyB(=6L(@zU)06TrJOA)@%-mq{LNcy!7b~56>E#W$^3kA~ATXqb0q`oQJ zF5L@#OHt#!n3Cr8ifS(s=8DeM@$bEsny&C?lU5~ye-lQD z5^_=X0r_3B6w0u&I)#~OkP~}-NtqaeexzigPrOAc;*@CGW@nH@Sj%AOSz)TZh+?GW z*G$(crnKds9#@}7rxCE(a=dk-oyzc+l=J~xg4hiU1_(^pJ=%PH4;C z1Nf-2Q9ur=QBU^ab4>H-9TmInrwzADpP9CKY!pGc81%7#*+F9)9HF~AW3+7K6p$A&O{sW2humW zhqNPbq|czPw4jRR3<~;#_Mlj0+NaW}9Bl91;x8~&t})wKb}`Nd|6n6P*m$%_)~6yy z87ueUZ4^bp+9{L|i;z+1F_zFM-7qu>m%!Z+MX}Sa5);C*6S?UL_q)@J7(LuT>aV=3 zuD!Xs0*#iy@ZG&2>fm1^J}!^2_?b%=kLKMdhz%v=Eb6mz5;~GCKPJP6xM|1Jt$x^$ z6UyIs6yU{f&8UcvYLgs{!(MBVnlg9!(5mNViw`E(k^ypi>kgQ6Qpmu_rvnr|`&_CtarpC% z)r+Kw$zYi*g?Y)NLR)sjo^;j|uzW%;c7UzTHOY8f;jc183g%28qCUT1Ds=rRX=;6C zB6?yNmC?>%l<&aecu}b%U_Bjebk3cAhp#0S8XyvRaWA98xL^ADWF=` zrUqphL`bHcNC`AOWS}*u&>|-i1qI#TWuq#+NW=mdc%2jP!%8@X!#V0^AG_xRuNU(! zSaf>Az(U^SxVT_0%0sa(i1icLS+@h2lPl1RP)IW0%>1%F2wVq$8nBQh{UrQg?L^OW zsVvvNBm)&;zylN0C+gY$FT=^Ycp^NR4qO?AWTQtDY`?}9pFp=LJ5#q^K!o9bM8nSR zF*WIi_0B0Q6WZU0G56=+&);Yjb=+I=sMR$l0YjOyj%oABSy0Hg^s}3XjEB^yjQ1dr zuqg9_WxzT?Vny$t0mp&Y-%1a|2Ggv}t~#8C6{u5sYSEDCVK+=EP0y+e?tGZ&w2aL) z*Im8BiDj9py;(%_C41ylJ?SqAb`W?UR(bJ(DCmz6v}3RpIFyBrum{qw+DKo*Z!i@R zpR#Vp`?I2?CN0Xr>ADgvh8HOXoJ{3hMR@<{MzIC>urt*~1%j>?A0-u;U@-RpzF9@B<^Lmbz$uDBCP}TBaYQvk6MjLB?>x#^P*N>m zJx*&|e;b5Epp~<1xqIvA1L))4srJ|--QsFGqpDIr#g$Qc#22K3WIHSgQ@|tP|0!QT^AKBEn*~p@4E`3@tJ$%#G4v1@Q|52h=Ps&3b=` zkD%u8RB;p8PfA%D_qsP-+}48qQ@1PDPUPYAZ*QtDx^8lcWxDCJc0tr7>%;skOc&AQ zDR^pWq4aIBtA2VHHgri2Go|U2@S6z%_^()9gH2=C7?Iqc8DmTLu7M*;EG>Kg(Z5l- zLy@jBCPd>~bk77t#tkt)&}#BGQoBu}HnVhFf;u_5B*;Ar6tWlEZD51iIrD{t(@w*% z0;|rYwC!jgi>X}xBF75DG2E82cLJJF)mO(Bl1j$oNQh<2iM7ZXyGD$SrB3mu%x6Og z!4HwSqaXLrYvdm@`qP_kq*W<%%s!@7zyYaAPEO(e$ahSi4DdxYE8)W2BiZcwKb@}whtm(*Z`6%OIsS35?`R=u+krx*iCs6<31;pTDUC`_J{@}RD zXEXZ#JtXp`_L?L`Lc*sqSek4p6N*|W+#m?*+ArA=dt z5oFKa3YA@OiM5wWLN*(<-7eCXdO}MxfYJDyq>fd)z^}pqpU;!IzB^|?Pc*Ogn45fb z%i$R(v9Ql>_D&U@J7af78x1P+u*r_%H?|wpAwph& zg`eoh-3sa~3(37VeiG%*ZM}vPI-4O{QxS*-W_numPsq^gDU*;MV*Tu=GK}8)!O2sS z1;Usi&X;lF3N3bK8e*V%zhRf#?xI^IZ5`_bfu=v3)7JD_BV?BXEV&%o$iy68L?MR_ z&NSq!>orM|o~!#0+NmkBq~cGkv<9JItlU7U1cQd2;Vy*-jYOHR+fC~B1A9`E4D3~lFMvG7&t;E?Qek*&2pE>}#q>YK*4t#}i zKVkwkHN?V^Blu%JoG`Grm9wGa6w{xLbX{EZi9hP$L+P?-M7lY)D=O!c`8tONE7fTJ z3@ug`=0+)5?ynAf1sYGx<1)JfOE=$}gzP4zPC_hH*uP7^Jr98qt!agkQ2mZ*jLapz zIeC_1N={x1M{Q+rcZ>kB-?gE(-k6;ZcLgWX;I<~PiM)c^K42U)2~^>PU?DJ_WJBrp zytuWBRa2Z-cH1~igUmQs~DG5+V@Y^)T=ZRQx=>U1MLQ25DcT4hjVg1yZJXNF&<9BZq( zasFXK@oKX5&@NP)c|;2+g<5E3%l9^&l|k3xUEB0TFCv47?)pSfb%EF-d)4=RL93;( zrvDrYW;=o%!%TK$I1vnauFh?>e$FRel#Avf=8-d6VE3(kcxOYvM_LB4aWf z#TeNCZKNV8ZSE1sFok;Ywf$(nk1#J&e(kj&()w_|n#P#dJJJSp-G$=sn7$TcRC>`S zdKSmk$uzrAh-}Sl&_@6PD|mL>;=b8cByia!g0DG2%i~dYP={gvvu4hXZpMnw*s~9 zq#(a-(}o(E4#yS^X#xT`JWZBB*+(UE?V<1#GMhpg>l-Li-s?HDi&eW-_>MK-Z@3cn zhu+EAcGNC^bmXf}?Lm}c`CtK5V6Y1sO#E9yeZ!dPdHNRvD6IuELhORINCvn&xO^v! z7pI!QjY((smKRdmu$>f)Lg>4?xLSda0_`kpyMb75C5f9a3s?TBC$5AjCMh}GjrpT_ z9`}a*h8$lu)K#f5ENPDg3kuXC(SRS~AKdEe|09(S>k523siotK!QWEp)c;7Oyz2B0 ztIOV1c@y_KyK#LMjKc^h%*l!Z2dc?e*+`dd=c9F-SjM(Pq;Pss_NMw-Pay?W3K&6R zEymhgl6cGo{$$cw_j#1Yc=B?eV;g7{DbBp^;Ld%06;w`{bSl|Nak76BE|ws>e#9qk=CeSH+7JomWM+&@)oqhcLIO zL$@OA{MTAshciu=Psw3_wTBgEgI=oMaPlkmLe;hy`oTD=NE4OtouYrqYIUq?&ZWuq zDN^Mpd|t&&0#t))mzo>6W*dUmcC=W@loffSuEP6x`7#R!!`j3a+{C)dz}os$cQkInnS?QXq`{- zO3&Hv(YKlSzx_DYpu37>0 z=K#*PSwMTz85nuJh6PNW?S+o7ViKbAK8zUN6H1!2l_>fiJ=SuDX4bnLS;miYWPB4~ zhHs-jDnTlX8!p@jEMAV1UyLwZ6Y#CglEbfp!%DOFY4fRxn++DaP8U* z=v9!%xe7cjpQ7tF66*UaiHgVnrN%$8FS_OxXfwzEx~W$es-6XAKz?|B$RC`(ea@KW zh;ITP(b@fzIryu+Hx~Y|PO;JZ?@xE;z@v0=bcY&vgVfkCzOA1&ED`wE4_${>y84k_ zc1vhjzlmxsb(cVH<~`kfZHfS_Ic66&fQYzLf4_jQYk-z`bK9NGhG1b#edjI>r*Bct zPRZHUv%l+nXB4#+1L!<>M|QueUJvBJ{rCv=`~dC&9^Pi6d4FjazGYn%cUFu4d8Ok8 zCBN)M0B(;gCT*xtyaZG#mlHT5S&RJ3lNg1CpNS6P6Kvs}AEuo$#HpJb*}r4vB=9G9 zxBvH?FHu*5DXM4X*4DcxE8$_4lHuhN#mmF>obDsBV!wkk2*mbU&yF9JR7 zQfN!*?>zDtK9DXqLUNj@@XwP@2Y7WiK#D4jH^nDom1#J28)jLI|3K7x_u1yZFoT)dlllYO~FE@A@+`9aa zYKseYd9Guok*`ddNBpxOS;(nQ=C$97b%n<+>xX%!`2r6s*Qu!5bvXib#lfi|rldpV z?E>4*C&Rz?$^jzo*U;AqQ?Ag^my!|&vBbpIjUFcYNvpEU6r~nKUW{z27!}?q4<<#M znQ{G2sj`VF0m_^JTQDlk>wBk;ghJ+@hxd7=FqrZ&0^rbROz*1JDjC^%I75HE;$s;G z-zOUy1QPAa>Hnprz4|B?=W@QYN@ahUh?Yvuy-fG&(CRPqM5A{Vt|zb>TcSD%cOLG; zqiTA|h7@RR|1oq+CDnUODV*rot`j(EVOE{g4NkOCJ*l^;PvGaNSR{sZn1cIZSuL|2 z5NZ`QG?gN!YGASKc>kAT!0=F9VlGV*l^`%&#y>>bTz<@9Op_(ziU4M_;4m_;N^iAJ zRp!`*0puMgCLZa+PA_GX6IxjTKd@`sLQu8BV;+Vpo!u z*_^^2Me4>=l8dqsG-*E{veP0ucO_s{jxU$)(boQT7&}-$4@_+Va>OD$$9@BG)c+u^6Hb+M=p~1NDL6>Rm@tZ3hQ+rW%>)D` zb2RhbZ)9t5K3C5inP|`sOZ<#P0ZS_a9sNS-P)!GQtD>ou%nHoN2^Z&8dyUuyX0&y#uNeUmik367qwB_AhZmwDM%0~$o~P>>$SW9 literal 0 HcmV?d00001 diff --git a/jitsi/templates/ingressroute-web.yaml b/jitsi/templates/ingressroute-web.yaml new file mode 100644 index 0000000..4d001d1 --- /dev/null +++ b/jitsi/templates/ingressroute-web.yaml @@ -0,0 +1,16 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: jitsi-web + namespace: {{ .Release.Namespace }} +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`{{ .Values.fqdn }}`) + services: + - name: {{ .Release.Name }}-jitsi-meet-web + port: 80 + tls: + certResolver: {{ .Values.certResolver }} diff --git a/jitsi/templates/ingressroutetcp-prosody.yaml b/jitsi/templates/ingressroutetcp-prosody.yaml new file mode 100644 index 0000000..e88f82d --- /dev/null +++ b/jitsi/templates/ingressroutetcp-prosody.yaml @@ -0,0 +1,12 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: {{ .Release.Name }}-ingressroutetcp-prosody +spec: + entryPoints: + - xmpp-{{ .Release.Namespace }} + routes: + - match: HostSNI(`*`) + services: + - name: {{ .Release.Name }}-prosody + port: 5222 diff --git a/jitsi/values-jvb-off.yaml b/jitsi/values-jvb-off.yaml new file mode 100644 index 0000000..1e6e6a8 --- /dev/null +++ b/jitsi/values-jvb-off.yaml @@ -0,0 +1,5 @@ +jitsi-meet: + jvb: + replicaCount: 0 + service: + enabled: false diff --git a/jitsi/values.yaml b/jitsi/values.yaml new file mode 100755 index 0000000..7ff6811 --- /dev/null +++ b/jitsi/values.yaml @@ -0,0 +1,41 @@ + +certResolver: le-staging + +fqdn: "" + +jitsi-meet: + publicURL: "" + + tz: Asia/Shanghai + + web: + ingress: + enabled: false + + jicofo: + livenessProbe: + failureThreshold: 30 + periodSeconds: 10 + readinessProbe: + failureThreshold: 30 + periodSeconds: 10 + + jvb: + service: + # enabled: true + type: NodePort + # It may be required to change the default port to a value allowed by Kubernetes (30000-32768) + UDPPort: 30000 + + livenessProbe: + failureThreshold: 30 + periodSeconds: 10 + readinessProbe: + failureThreshold: 30 + periodSeconds: 10 + + websockets: + enabled: true + + # Use public IP of one of your node, or the public IP of a loadbalancer in front of the nodes + publicIP: "" diff --git a/traefik-config.yaml.sh b/traefik-config.yaml.sh new file mode 100755 index 0000000..4b8a215 --- /dev/null +++ b/traefik-config.yaml.sh @@ -0,0 +1,36 @@ +cat <