diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml new file mode 100644 index 0000000..5f10a72 --- /dev/null +++ b/.github/workflows/lint-test.yaml @@ -0,0 +1,54 @@ +name: Lint and Test Charts + +on: pull_request + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v1 + with: + version: v3.8.2 + + - uses: actions/setup-python@v3 + with: + python-version: '3.x' + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.2.1 + with: + version: v3.5.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --config ct.yaml) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi + + - name: Run chart-testing (lint) + run: ct lint --config ct.yaml --lint-conf lintconf.yaml --validate-maintainers=false + + - name: Create k3s cluster + uses: debianmaster/actions-k3s@master + with: + version: 'v1.23.6-k3s1' + if: steps.list-changed.outputs.changed == 'true' + + - name: Wait for traefik + run: | + kubectl -n kube-system wait --for=condition=complete job/helm-install-traefik-crd + kubectl -n kube-system wait --for=condition=complete job/helm-install-traefik + kubectl -n kube-system wait --for=condition=available deploy/traefik + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + run: ct install --config ct.yaml --chart-dirs . --charts jitsi + if: steps.list-changed.outputs.changed == 'true' diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 0000000..d57c77f --- /dev/null +++ b/ct.yaml @@ -0,0 +1,8 @@ +# See https://github.com/helm/chart-testing#configuration +remote: origin +target-branch: main +chart-dirs: + - . +chart-repos: + - jitsi=https://jitsi-contrib.github.io/jitsi-helm +helm-extra-args: --timeout 600s diff --git a/jitsi/Chart.lock b/jitsi/Chart.lock index f582b6c..27180af 100644 --- a/jitsi/Chart.lock +++ b/jitsi/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: jitsi-meet - repository: https://jitsi-contrib.github.io/jitsi-helm + repository: "" version: 1.2.2 -digest: sha256:165664c1a23bc9760177e63740a861360eee007b432d9044ea449e77fba95d94 -generated: "2022-05-02T17:15:02.132446+08:00" +digest: sha256:f27d02481ecd087ba8c56aa5e8f76e97f177ff8488a17b016e4bc1c54c253f23 +generated: "2022-05-20T21:45:04.926228+08:00" diff --git a/jitsi/Chart.yaml b/jitsi/Chart.yaml index 09309a9..18afc62 100644 --- a/jitsi/Chart.yaml +++ b/jitsi/Chart.yaml @@ -1,7 +1,7 @@ +--- apiVersion: v2 name: jitsi-deploy -version: 0.1.0 +version: 0.1.1 dependencies: -- name: jitsi-meet - version: 1.2.2 - repository: "https://jitsi-contrib.github.io/jitsi-helm" + - name: jitsi-meet + version: 1.2.2 diff --git a/jitsi/charts/jitsi-meet-1.2.2.tgz b/jitsi/charts/jitsi-meet-1.2.2.tgz deleted file mode 100644 index 29703ec..0000000 Binary files a/jitsi/charts/jitsi-meet-1.2.2.tgz and /dev/null differ diff --git a/jitsi/charts/jitsi-meet/.helmignore b/jitsi/charts/jitsi-meet/.helmignore new file mode 100644 index 0000000..8670119 --- /dev/null +++ b/jitsi/charts/jitsi-meet/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# GitHub Pages +docs/ diff --git a/jitsi/charts/jitsi-meet/Chart.lock b/jitsi/charts/jitsi-meet/Chart.lock new file mode 100644 index 0000000..6832fcd --- /dev/null +++ b/jitsi/charts/jitsi-meet/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: prosody + repository: "" + version: '*' +digest: sha256:fa9f3f9cfe91aefb81520e7b941b3412241dba7e1631a69138f0fe328c3795ff +generated: "2020-07-15T11:12:58.968506151+02:00" diff --git a/jitsi/charts/jitsi-meet/Chart.yaml b/jitsi/charts/jitsi-meet/Chart.yaml new file mode 100644 index 0000000..8157c40 --- /dev/null +++ b/jitsi/charts/jitsi-meet/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: stable-6865 +dependencies: +- condition: prosody.enabled + name: prosody + repository: "" + version: 1.2.2 +description: A Helm chart for Kubernetes +name: jitsi-meet +type: application +version: 1.2.2 diff --git a/jitsi/charts/jitsi-meet/LICENSE b/jitsi/charts/jitsi-meet/LICENSE new file mode 100644 index 0000000..c119d99 --- /dev/null +++ b/jitsi/charts/jitsi-meet/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 jitsi-contrib + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/jitsi/charts/jitsi-meet/README.md b/jitsi/charts/jitsi-meet/README.md new file mode 100644 index 0000000..95e66a4 --- /dev/null +++ b/jitsi/charts/jitsi-meet/README.md @@ -0,0 +1,157 @@ +# Helm Chart for Jitsi Meet + +[jitsi-meet](https://jitsi.org/jitsi-meet/) Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application. + +## TL;DR; + +```bash +helm repo add jitsi https://jitsi-contrib.github.io/jitsi-helm/ +helm install myjitsi jitsi/jitsi-meet +``` + +## Introduction + +This chart bootstraps a jitsi-meet deployment, like the official [one](https://meet.jit.si). + +## Different topology + +To be able to do video conferencing with other people, the jvb component should be reachable by all participants (eg: a public IP). +Thus the default behaviour of advertised the internal IP of jvb, is not really suitable in many cases. +Kubernetes offers multiple possibilities to work around the problem. Not all options are available depending on the Kubernetes cluster setup. +The chart tries to make all options available without enforcing one. + +### Option 1: service of type `LoadBalancer` + +This requires a cloud setup that enables a Loadbalancer attachement. +This could be enabled via values: + +```yaml +jvb: + service: + type: LoadBalancer + + # Depending on the cloud, publicIP cannot be know in advance, so deploy first, without the next option. + # Next: redeploy with the following option set to the public IP you retrieved from the API. + publicIP: 1.2.3.4 +``` + +In this case you're not allowed to change the `jvb.replicaCount` to more than `1`, UDP packets will be routed to random `jvb`, which would not allow for a working video setup. + +### Option 2: NodePort and node with Public IP or external loadbalancer + +```yaml +jvb: + service: + type: NodePort + # It may be required to change the default port to a value allowed by Kubernetes (30000-32768) + UDPPort: 30000 + + # Use public IP of one of your node, or the public IP of a loadbalancer in front of the nodes + publicIP: 1.2.3.4 +``` + +In this case you're not allowed to change the `jvb.replicaCount` to more than `1`, UDP packets will be routed to random `jvb`, which would not allow for a working video setup. + +### Option 3: hostPort and node with Public IP + +Assuming that the node knows the PublicIP it holds, you can enable this setup: + +```yaml +jvb: + useHostPort: true + # This option requires kubernetes >= 1.17 + useNodeIP: true +``` + +In this case you can have more the one `jvb` but you're putting you cluster at risk by having it directly exposed on the Internet. + +### Option 4: Use ingress TCP/UDP forward capabilities + +In case of an ingress capable of doing tcp/udp forwarding (like nginx-ingress), it can be setup to forward the video streams. + +```yaml +# Don't forget to configure the ingress properly (separate configuration) +jvb: + # 1.2.3.4 being one of the IP of the ingress controller + publicIP: 1.2.3.4 + +``` + +Again in this case, only one jvb will work in this case. + +### Option 5: Bring your own setup + +There are multiple other possibilities combining the available parameters, depending of your cluster/network setup. + + + +## Configuration + +The following table lists the configurable parameters of the jisti-meet chart and their default values. + +Parameter | Description | Default +--- | --- | --- +`imagePullSecrets` | List of names of secrets resources containing private registry credentials | `[]` +`enableAuth` | Enable authentication | `false` +`enableGuests` | Enable guest access | `true` +`jibri.enabled` | Enable Jibri service | `false` +`jibri.persistence.enabled` | Enable persistent storage for Jibri recordings | `false` +`jibri.persistence.size` | Jibri persistent storage size | `4Gi` +`jibri.persistence.existingClaim` | Use pre-created PVC for Jibri | `(unset)` +`jibri.persistence.storageClassName` | StorageClass to use with Jibri | `(unset)` +`jibri.shm.enabled` | Allocate shared memory to Jibri pod | `false` +`jibri.shm.useHost` | Pass `/dev/shm` from host to Jibri | `false` +`jibri.shm.size` | Jibri shared memory size | `256Mi` +`jibri.replicaCount` | Number of replica of the jibri pods | `1` +`jibri.image.repository` | Name of the image to use for the jibri pods | `jitsi/jibri` +`jibri.extraEnvs` | Map containing additional environment variables for jibri | '{}' +`jibri.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map +`jibri.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map +`jibri.breweryMuc` | Name of the XMPP MUC used by jibri | `jibribrewery` +`jibri.xmpp.user` | Name of the XMPP user used by jibri to authenticate | `jibri` +`jibri.xmpp.password` | Password used by jibri to authenticate on the XMPP service | 10 random chars +`jibri.recorder.user` | Name of the XMPP user used by jibri to record | `recorder` +`jibri.recorder.password` | Password used by jibri to record on the XMPP service | 10 random chars +`jicofo.replicaCount` | Number of replica of the jicofo pods | `1` +`jicofo.image.repository` | Name of the image to use for the jicofo pods | `jitsi/jicofo` +`jicofo.extraEnvs` | Map containing additional environment variables for jicofo | '{}' +`jicofo.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map +`jicofo.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map +`jicofo.xmpp.user` | Name of the XMPP user used by jicofo to authenticate | `focus` +`jicofo.xmpp.password` | Password used by jicofo to authenticate on the XMPP service | 10 random chars +`jicofo.xmpp.componentSecret` | Values of the secret used by jicofo for the xmpp-component | 10 random chars +`jvb.service.enabled` | Boolean to enable os disable the jvb service creation | `false` if `jvb.useHostPort` is `true` otherwise `true` +`jvb.service.type` | Type of the jvb service | `ClusterIP` +`jvb.UDPPort` | UDP port used by jvb, also affects port of service, and hostPort | `10000` +`jvb.extraEnvs` | Map containing additional environment variables to jvb | '{}' +`jvb.xmpp.user` | Name of the XMPP user used by jvb to authenticate | `jvb` +`jvb.xmpp.password` | Password used by jvb to authenticate on the XMPP service | 10 random chars +`jvb.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map +`jvb.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map +`jvb.websockets.enabled` | Enable WebSocket support for JVB/Colibri | `false` +`jvb.websockets.serverID` | Set JVB/Colibri WS Server ID | `podIP` (see `values.yaml`) +`jvb.metrics.enabled` | Boolean that control the metrics exporter for jvb. If true the `ServiceMonitor` will also created | `false` +`jvb.metrics.prometheusAnnotations` | Boolean that controls the generation of prometheus annotations, to expose metrics for HPA | `false` +`jvb.metrics.image.repository` | Default image repository for metrics exporter | `docker.io/systemli/prometheus-jitsi-meet-exporter` +`jvb.metrics.image.tag` | Default tag for metrics exporter | `1.1.5` +`jvb.metrics.image.pullPolicy` | ImagePullPolicy for metrics exporter | `IfNotPresent` +`jvb.metrics.serviceMonitor.enabled` | `ServiceMonitor` for Prometheus | `true` +`jvb.metrics.serviceMonitor.selector` | Selector for `ServiceMonitor` | `{ release: prometheus-operator }` +`jvb.metrics.serviceMonitor.interval` | Interval for `ServiceMonitor` | `10s` +`jvb.metrics.serviceMonitor.honorLabels` | Make `ServiceMonitor` honor labels | `false` +`jvb.metrics.resources` | Resources for the metrics container | `{ requests: { cpu: 10m, memory: 16Mi }, limits: { cpu: 20m, memory: 32Mi } }` +`octo.enabled` | Boolean to enable or disable the OCTO mode, for a single region | `false` +`web.httpsEnabled` | Boolean that enabled tls-termination on the web pods. Useful if you expose the UI via a `Loadbalancer` IP instead of an ingress | `false` +`web.httpRedirect` | Boolean that enabled http-to-https redirection. Useful for ingress that don't support this feature (ex: GKE ingress) | `false` +`web.resolverIP` | DNS service IP for Web container to use | (unset) +`web.extraEnvs` | Map containing additional environment variable to web pods | '{}' +`web.livenessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A livenessProbe map +`web.readinessProbe` | Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec | A readinessProbe map +`tz` | System Time Zone | `Europe/Amsterdam` + +## Package + +```bash +helm package . -d docs +helm repo index docs --url https://jitsi-contrib.github.io/jitsi-helm/ +``` diff --git a/jitsi/charts/jitsi-meet/charts/prosody/.helmignore b/jitsi/charts/jitsi-meet/charts/prosody/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/jitsi/charts/jitsi-meet/charts/prosody/Chart.yaml b/jitsi/charts/jitsi-meet/charts/prosody/Chart.yaml new file mode 100644 index 0000000..9134fef --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 0.11.13 +description: A Helm chart for Kubernetes +name: prosody +type: application +version: 1.2.2 diff --git a/jitsi/charts/jitsi-meet/charts/prosody/templates/NOTES.txt b/jitsi/charts/jitsi-meet/charts/prosody/templates/NOTES.txt new file mode 100644 index 0000000..8df9491 --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "prosody.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "prosody.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "prosody.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "prosody.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/jitsi/charts/jitsi-meet/charts/prosody/templates/_helpers.tpl b/jitsi/charts/jitsi-meet/charts/prosody/templates/_helpers.tpl new file mode 100644 index 0000000..3370472 --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prosody.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prosody.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prosody.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "prosody.labels" -}} +helm.sh/chart: {{ include "prosody.chart" . }} +{{ include "prosody.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "prosody.selectorLabels" -}} +app.kubernetes.io/name: {{ include "prosody.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "prosody.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "prosody.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-configmap.yaml b/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-configmap.yaml new file mode 100644 index 0000000..fc3cd0a --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "prosody.fullname" . }} + labels: + {{- include "prosody.labels" . | nindent 4 }} +data: + {{- range $key, $value := .Values.env }} + {{- if not (kindIs "invalid" $value) }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} diff --git a/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-secret.yaml b/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-secret.yaml new file mode 100644 index 0000000..6c9d059 --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/envs-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "prosody.fullname" . }} + labels: + {{- include "prosody.labels" . | nindent 4 }} +type: Opaque +data: + {{- range $key, $value := .Values.secretEnvs }} + {{- if not (kindIs "invalid" $value) }} + {{ $key }}: {{ tpl $value $ | b64enc }} + {{- end }} + {{- end }} diff --git a/jitsi/charts/jitsi-meet/charts/prosody/templates/ingress.yaml b/jitsi/charts/jitsi-meet/charts/prosody/templates/ingress.yaml new file mode 100644 index 0000000..fc9612f --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/ingress.yaml @@ -0,0 +1,56 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "prosody.fullname" . -}} +{{- $svcPort := index .Values.service.ports "bosh-insecure" -}} +{{- $kubeVersion := .Capabilities.KubeVersion.GitVersion -}} +{{- if semverCompare ">=1.19-0" $kubeVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" $kubeVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "prosody.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: Prefix + backend: + {{ if semverCompare ">=1.19-0" $kubeVersion }} + service: + name: {{ $fullName }} + port: + {{ if kindIs "float64" $svcPort }} + number: {{ $svcPort }} + {{ else }} + name: {{ $svcPort }} + {{ end }} + {{ else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{ end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/jitsi/charts/jitsi-meet/charts/prosody/templates/service.yaml b/jitsi/charts/jitsi-meet/charts/prosody/templates/service.yaml new file mode 100644 index 0000000..f95c790 --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "prosody.fullname" . }} + labels: + {{- include "prosody.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ index .Values.service.ports "bosh-insecure" }} + protocol: TCP + name: tcp-bosh-insecure + - port: {{ index .Values.service.ports "bosh-secure" }} + protocol: TCP + name: tcp-bosh-secure + - port: {{ index .Values.service.ports "xmpp-component" }} + protocol: TCP + name: tcp-xmpp-component + - port: {{ index .Values.service.ports "xmpp-c2s" }} + protocol: TCP + name: tcp-xmpp-c2 + - port: {{ index .Values.service.ports "xmpp-s2s" }} + protocol: TCP + name: tcp-xmpp-s2 + selector: + {{- include "prosody.selectorLabels" . | nindent 4 }} diff --git a/jitsi/charts/jitsi-meet/charts/prosody/templates/serviceaccount.yaml b/jitsi/charts/jitsi-meet/charts/prosody/templates/serviceaccount.yaml new file mode 100644 index 0000000..c5706a6 --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "prosody.serviceAccountName" . }} + labels: + {{- include "prosody.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/jitsi/charts/jitsi-meet/charts/prosody/templates/statefulset.yaml b/jitsi/charts/jitsi-meet/charts/prosody/templates/statefulset.yaml new file mode 100644 index 0000000..dbd13db --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/statefulset.yaml @@ -0,0 +1,130 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "prosody.fullname" . }} + labels: + {{- include "prosody.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: "prosody" + replicas: 1 + selector: + matchLabels: + {{- include "prosody.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "prosody.selectorLabels" . | nindent 8 }} + {{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.podLabels }} + {{ $label }}: {{ $value }} + {{- end }} + {{- with mergeOverwrite .Values.global.podAnnotations .Values.podAnnotations }} + annotations: + {{- range $annotation, $value := . }} + {{ $annotation }}: {{ $value }} + {{- end }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "prosody.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ tpl (default .Chart.AppVersion .Values.image.tag ) . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ include "prosody.fullname" . }} + - secretRef: + name: {{ include "prosody.fullname" . }} + {{- range .Values.extraEnvFrom }} + - {{ tpl (toYaml . ) $ | indent 12 | trim }} + {{- end }} + {{- if .Values.extraEnvs }} + env: + {{- range .Values.extraEnvs }} + - {{ tpl (toYaml . ) $ | indent 12 | trim }} + {{- end }} + {{- end }} + ports: + - name: xmpp-c2s + containerPort: {{ index .Values.service.ports "xmpp-c2s" }} + protocol: TCP + - name: xmpp-s2s + containerPort: {{ index .Values.service.ports "xmpp-s2s" }} + protocol: TCP + - name: xmpp-component + containerPort: {{ index .Values.service.ports "xmpp-component" }} + protocol: TCP + - name: bosh-insecure + containerPort: {{ index .Values.service.ports "bosh-insecure" }} + protocol: TCP + - name: bosh-secure + containerPort: {{ index .Values.service.ports "bosh-secure" }} + protocol: TCP + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: prosody-data + mountPath: {{ .Values.dataDir }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + - name: prosody-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: prosody-data + {{- else }} + emptyDir: {} + {{- end }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.persistence.enabled .Values.extraVolumeClaimTemplates }} + volumeClaimTemplates: + - metadata: + name: prosody-data + spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- with .Values.persistence.storageClassName }} + storageClassName: {{ . | quote }} + {{- end }} + {{- with .Values.extraVolumeClaimTemplates }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- end }} diff --git a/jitsi/charts/jitsi-meet/charts/prosody/templates/tests/test-connection.yaml b/jitsi/charts/jitsi-meet/charts/prosody/templates/tests/test-connection.yaml new file mode 100644 index 0000000..0da4bb4 --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "prosody.fullname" . }}-test-connection" + labels: + {{- include "prosody.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "prosody.fullname" . }}:{{ index .Values.service.ports "bosh-insecure" }}/http-bind'] + restartPolicy: Never diff --git a/jitsi/charts/jitsi-meet/charts/prosody/values.yaml b/jitsi/charts/jitsi-meet/charts/prosody/values.yaml new file mode 100644 index 0000000..c539053 --- /dev/null +++ b/jitsi/charts/jitsi-meet/charts/prosody/values.yaml @@ -0,0 +1,94 @@ +# Default values for prosody. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: nginx + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +domain: + +dataDir: /config/data +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podLabels: {} +podAnnotations: {} +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + ports: + bosh-insecure: 5280 + bosh-secure: 5281 + xmpp-c2s: 5222 + xmpp-s2s: 5269 + xmpp-component: 5347 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: /http-bind + port: bosh-insecure +readinessProbe: + httpGet: + path: /http-bind + port: bosh-insecure + +persistence: + enabled: true + size: 3G + storageClassName: + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +extraEnvs: [] +extraEnvFrom: [] +secretEnvs: {} diff --git a/jitsi/charts/jitsi-meet/templates/NOTES.txt b/jitsi/charts/jitsi-meet/templates/NOTES.txt new file mode 100644 index 0000000..c1e2bcc --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.web.ingress.enabled }} +{{- range $host := .Values.web.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.web.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.web.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "jitsi-meet.web.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.web.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "jitsi-meet.web.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "jitsi-meet.web.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.web.service.port }} +{{- else if contains "ClusterIP" .Values.web.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "jitsi-meet.name" . }},app.kubernetes.io/component=web,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/_helpers.tpl b/jitsi/charts/jitsi-meet/templates/_helpers.tpl new file mode 100644 index 0000000..2234537 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/_helpers.tpl @@ -0,0 +1,104 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "jitsi-meet.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "jitsi-meet.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "jitsi-meet.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "jitsi-meet.labels" -}} +helm.sh/chart: {{ include "jitsi-meet.chart" . }} +{{ include "jitsi-meet.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "jitsi-meet.selectorLabels" -}} +app.kubernetes.io/name: {{ include "jitsi-meet.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "jitsi-meet.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "jitsi-meet.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* + https://github.com/helm/helm/issues/4535 +*/}} +{{- define "call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 }} +{{- $template := index . 2 }} +{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} + +{{- define "jitsi-meet.xmpp.domain" -}} +{{- if .Values.xmpp.domain -}} + {{ .Values.xmpp.domain }} +{{- else -}} + {{ .Release.Namespace }}.svc +{{- end -}} +{{- end -}} + +{{- define "jitsi-meet.xmpp.server" -}} +{{- if .Values.prosody.server -}} + {{ .Values.prosody.server }} +{{- else -}} + {{ include "call-nested" (list . "prosody" "prosody.fullname") }}.{{ .Release.Namespace }}.svc +{{- end -}} +{{- end -}} + + +{{- define "jitsi-meet.publicURL" -}} +{{- if .Values.publicURL }} +{{- .Values.publicURL -}} +{{- else -}} +{{- if .Values.web.ingress.tls -}}https://{{- else -}}http://{{- end -}} +{{- if .Values.web.ingress.tls -}} +{{- (.Values.web.ingress.tls|first).hosts|first -}} +{{- else if .Values.web.ingress.hosts -}} +{{- (.Values.web.ingress.hosts|first).host -}} +{{ required "You need to define a publicURL or some value for ingress" .Values.publicURL }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/jitsi/charts/jitsi-meet/templates/common-configmap.yaml b/jitsi/charts/jitsi-meet/templates/common-configmap.yaml new file mode 100644 index 0000000..e0c2071 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/common-configmap.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common + labels: + {{- include "jitsi-meet.labels" . | nindent 4 }} +data: + ENABLE_AUTH: {{ ternary "1" "0" .Values.enableAuth | quote }} + ENABLE_GUESTS: {{ ternary "1" "0" .Values.enableGuests | quote }} + PUBLIC_URL: {{ include "jitsi-meet.publicURL" . }} + XMPP_DOMAIN: {{ include "jitsi-meet.xmpp.domain" . }} + XMPP_MUC_DOMAIN: {{ .Values.xmpp.mucDomain | default (printf "muc.%s" (include "jitsi-meet.xmpp.domain" .)) }} + XMPP_AUTH_DOMAIN: {{ .Values.xmpp.authDomain | default (printf "auth.%s" (include "jitsi-meet.xmpp.domain" .)) }} + XMPP_GUEST_DOMAIN: {{ .Values.xmpp.guestDomain | default (printf "guest.%s" (include "jitsi-meet.xmpp.domain" .)) }} + XMPP_RECORDER_DOMAIN: {{ .Values.xmpp.recorderDomain | default (printf "recorder.%s" (include "jitsi-meet.xmpp.domain" .)) }} + XMPP_INTERNAL_MUC_DOMAIN: {{ .Values.xmpp.internalMucDomain | default (printf "internal-muc.%s" (include "jitsi-meet.xmpp.domain" .)) }} + {{- if .Values.jibri.enabled }} + ENABLE_RECORDING: "true" + {{- end }} + TZ: '{{ .Values.tz }}' + {{- range $key, $value := .Values.extraCommonEnvs }} + {{- if not (kindIs "invalid" $value) }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} + {{- if .Values.octo.enabled }} + ENABLE_OCTO: "1" + TESTING_OCTO_PROBABILITY: "1" + DEPLOYMENTINFO_REGION: "all" + DEPLOYMENTINFO_USERREGION: "all" + {{- end }} \ No newline at end of file diff --git a/jitsi/charts/jitsi-meet/templates/ingress.yaml b/jitsi/charts/jitsi-meet/templates/ingress.yaml new file mode 100644 index 0000000..1ac0ab9 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/ingress.yaml @@ -0,0 +1,59 @@ +{{- if .Values.web.ingress.enabled -}} +{{- $fullName := include "jitsi-meet.web.fullname" . -}} +{{- $svcPort := .Values.web.service.port -}} +{{- $kubeVersion := .Capabilities.KubeVersion.GitVersion -}} +{{- if semverCompare ">=1.19-0" $kubeVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" $kubeVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "jitsi-meet.web.labels" . | nindent 4 }} + {{- with .Values.web.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if and .Values.web.ingress.ingressClassName (semverCompare ">=1.19-0" $kubeVersion) }} + ingressClassName: {{ .Values.web.ingress.ingressClassName }} +{{- end }} +{{- if .Values.web.ingress.tls }} + tls: + {{- range .Values.web.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.web.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: Prefix + backend: + {{ if semverCompare ">=1.19-0" $kubeVersion }} + service: + name: {{ $fullName }} + port: + {{ if kindIs "float64" $svcPort }} + number: {{ $svcPort }} + {{ else }} + name: {{ $svcPort }} + {{ end }} + {{ else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{ end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/jibri/_helper.tpl b/jitsi/charts/jitsi-meet/templates/jibri/_helper.tpl new file mode 100644 index 0000000..30d1bc4 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jibri/_helper.tpl @@ -0,0 +1,18 @@ + +{{- define "jitsi-meet.jibri.fullname" -}} +{{ include "jitsi-meet.fullname" . }}-jibri +{{- end -}} + +{{- define "jitsi-meet.jibri.labels" -}} +{{ include "jitsi-meet.labels" . }} +app.kubernetes.io/component: jibri +{{- end -}} + +{{- define "jitsi-meet.jibri.selectorLabels" -}} +{{ include "jitsi-meet.selectorLabels" . }} +app.kubernetes.io/component: jibri +{{- end -}} + +{{- define "jitsi-meet.jibri.secret" -}} +{{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jibri +{{- end -}} diff --git a/jitsi/charts/jitsi-meet/templates/jibri/configmap.yaml b/jitsi/charts/jitsi-meet/templates/jibri/configmap.yaml new file mode 100644 index 0000000..b19ce11 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jibri/configmap.yaml @@ -0,0 +1,21 @@ +{{- if .Values.jibri.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.jibri.fullname" . }} + labels: + {{- include "jitsi-meet.jibri.labels" . | nindent 4 }} +data: + XMPP_SERVER: '{{ include "jitsi-meet.xmpp.server" . }}' + JIBRI_BREWERY_MUC: '{{ .Values.jibri.breweryMuc }}' + JIBRI_RECORDING_DIR: '{{ .Values.jibri.recordingDir | default "/data/recordings" }}' + JIBRI_FINALIZE_RECORDING_SCRIPT_PATH: "/config/finalize.sh" + JIBRI_STRIP_DOMAIN_JID: muc + JIBRI_LOGS_DIR: "/data/logs" + DISPLAY: ":0" + {{- range $key, $value := .Values.jibri.extraEnvs }} + {{- if not (kindIs "invalid" $value) }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/jibri/deployment.yaml b/jitsi/charts/jitsi-meet/templates/jibri/deployment.yaml new file mode 100644 index 0000000..bb19052 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jibri/deployment.yaml @@ -0,0 +1,93 @@ +{{- if .Values.jibri.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jitsi-meet.jibri.fullname" . }} + labels: + {{- include "jitsi-meet.jibri.labels" . | nindent 4 }} + {{- with .Values.jibri.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.jibri.replicaCount | default 1 }} + selector: + matchLabels: + {{- include "jitsi-meet.jibri.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "jitsi-meet.jibri.selectorLabels" . | nindent 8 }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/jibri/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/jibri/xmpp-secret.yaml") . | sha256sum }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + securityContext: + privileged: true + image: "{{ .Values.jibri.image.repository }}:{{ default .Chart.AppVersion .Values.jibri.image.tag }}" + imagePullPolicy: {{ pluck "pullPolicy" .Values.jibri.image .Values.image | first }} + ports: + - name: http-internal + containerPort: 3333 + - name: http-api + containerPort: 2222 + {{- with default .Values.jibri.livenessProbe .Values.jibri.livenessProbeOverride }} + livenessProbe: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with default .Values.jibri.readinessProbe .Values.jibri.readinessProbeOverride }} + readinessProbe: + {{- toYaml . | nindent 10 }} + {{- end }} + + envFrom: + - secretRef: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jibri + - configMapRef: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common + - configMapRef: + name: {{ include "jitsi-meet.jibri.fullname" . }} + + resources: + {{- toYaml .Values.jibri.resources | nindent 12 }} + + volumeMounts: + - name: jibri-data + mountPath: /data + - name: dev-snd + mountPath: /dev/snd + {{- if .Values.jibri.shm.enabled }} + - name: dev-shm + mountPath: /dev/shm + {{- end }} + + volumes: + - name: jibri-data + {{- if .Values.jibri.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.jibri.persistence.existingClaim | default (include "jitsi-meet.jibri.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + - name: dev-snd + hostPath: + path: /dev/snd + {{- if .Values.jibri.shm.enabled }} + - name: dev-shm + {{- if .Values.jibri.shm.useHost }} + hostPath: + path: /dev/shm + {{- else }} + emptyDir: + medium: Memory + sizeLimit: {{ .Values.jibri.shm.size | default "256Mi" | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/jibri/persistentvolumeclaim.yaml b/jitsi/charts/jitsi-meet/templates/jibri/persistentvolumeclaim.yaml new file mode 100644 index 0000000..7d1aed6 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jibri/persistentvolumeclaim.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.jibri.enabled .Values.jibri.persistence.enabled (not .Values.jibri.persistence.existingClaim)}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "jitsi-meet.jibri.fullname" . }} + labels: + {{- include "jitsi-meet.jibri.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.jibri.persistence.size | quote }} + {{- with .Values.jibri.persistence.storageClassName }} + storageClassName: {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/jitsi/charts/jitsi-meet/templates/jibri/service.yaml b/jitsi/charts/jitsi-meet/templates/jibri/service.yaml new file mode 100644 index 0000000..f2cf1d2 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jibri/service.yaml @@ -0,0 +1,21 @@ +{{- if .Values.jibri.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jitsi-meet.jibri.fullname" . }} + labels: + {{- include "jitsi-meet.jibri.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - name: http-internal + port: 3333 + targetPort: 3333 + protocol: TCP + - name: http-api + port: 2222 + targetPort: 2222 + protocol: TCP + selector: + {{- include "jitsi-meet.jibri.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/jibri/xmpp-secret.yaml b/jitsi/charts/jitsi-meet/templates/jibri/xmpp-secret.yaml new file mode 100644 index 0000000..441908f --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jibri/xmpp-secret.yaml @@ -0,0 +1,14 @@ +{{- if .Values.jibri.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jibri + labels: + {{- include "jitsi-meet.jibri.labels" . | nindent 4 }} +type: Opaque +data: + JIBRI_XMPP_USER: '{{ .Values.jibri.xmpp.user | b64enc }}' + JIBRI_XMPP_PASSWORD: '{{ default (randAlphaNum 10) .Values.jibri.xmpp.password | b64enc }}' + JIBRI_RECORDER_USER: '{{ .Values.jibri.recorder.user | b64enc }}' + JIBRI_RECORDER_PASSWORD: '{{ default (randAlphaNum 10) .Values.jibri.recorder.password | b64enc }}' +{{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/jicofo/_helper.tpl b/jitsi/charts/jitsi-meet/templates/jicofo/_helper.tpl new file mode 100644 index 0000000..3a55245 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jicofo/_helper.tpl @@ -0,0 +1,18 @@ + +{{- define "jitsi-meet.jicofo.fullname" -}} +{{ include "jitsi-meet.fullname" . }}-jicofo +{{- end -}} + +{{- define "jitsi-meet.jicofo.labels" -}} +{{ include "jitsi-meet.labels" . }} +app.kubernetes.io/component: jicofo +{{- end -}} + +{{- define "jitsi-meet.jicofo.selectorLabels" -}} +{{ include "jitsi-meet.selectorLabels" . }} +app.kubernetes.io/component: jicofo +{{- end -}} + +{{- define "jitsi-meet.jicofo.secret" -}} +{{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jicofo +{{- end -}} diff --git a/jitsi/charts/jitsi-meet/templates/jicofo/configmap.yaml b/jitsi/charts/jitsi-meet/templates/jicofo/configmap.yaml new file mode 100644 index 0000000..39c9672 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jicofo/configmap.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.jicofo.fullname" . }} + labels: + {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }} +data: + JVB_BREWERY_MUC: '{{ .Values.jvb.breweryMuc }}' + XMPP_SERVER: '{{ include "jitsi-meet.xmpp.server" . }}' + {{- if .Values.jibri.enabled }} + JIBRI_BREWERY_MUC: '{{ .Values.jibri.breweryMuc }}' + JIBRI_PENDING_TIMEOUT: '{{ .Values.jibri.timeout }}' + {{- end }} + {{- range $key, $value := .Values.jicofo.extraEnvs }} + {{- if not (kindIs "invalid" $value) }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} + {{- if .Values.octo.enabled }} + ENABLE_OCTO: "1" + OCTO_BRIDGE_SELECTION_STRATEGY: "SplitBridgeSelectionStrategy" + {{- end }} \ No newline at end of file diff --git a/jitsi/charts/jitsi-meet/templates/jicofo/deployment.yaml b/jitsi/charts/jitsi-meet/templates/jicofo/deployment.yaml new file mode 100644 index 0000000..a0f8187 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jicofo/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jitsi-meet.jicofo.fullname" . }} + labels: + {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }} + {{- with .Values.jicofo.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.jicofo.replicaCount }} + selector: + matchLabels: + {{- include "jitsi-meet.jicofo.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "jitsi-meet.jicofo.selectorLabels" . | nindent 8 }} + {{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.jicofo.podLabels }} + {{ $label }}: {{ $value }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/jicofo/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/jicofo/xmpp-secret.yaml") . | sha256sum }} + {{- range $annotation, $value := mergeOverwrite .Values.global.podAnnotations .Values.jicofo.podAnnotations }} + {{ $annotation }}: {{ $value|quote }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.jicofo.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.jicofo.securityContext | nindent 12 }} + image: "{{ .Values.jicofo.image.repository }}:{{ default .Chart.AppVersion .Values.jicofo.image.tag }}" + imagePullPolicy: {{ pluck "pullPolicy" .Values.jicofo.image .Values.image | first }} + envFrom: + - secretRef: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jicofo + - configMapRef: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common + - configMapRef: + name: {{ include "jitsi-meet.jicofo.fullname" . }} + ports: + - name: http + containerPort: 80 + protocol: TCP + {{- with .Values.jicofo.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.jicofo.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.jicofo.resources | nindent 12 }} + + {{- with .Values.jicofo.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.jicofo.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.jicofo.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/jicofo/xmpp-secret.yaml b/jitsi/charts/jitsi-meet/templates/jicofo/xmpp-secret.yaml new file mode 100644 index 0000000..de95246 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jicofo/xmpp-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jicofo + labels: + {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }} +type: Opaque +data: + JICOFO_AUTH_USER: '{{ .Values.jicofo.xmpp.user | b64enc }}' + JICOFO_AUTH_PASSWORD: '{{ default (randAlphaNum 10) .Values.jicofo.xmpp.password | b64enc }}' + JICOFO_COMPONENT_SECRET: '{{ default (randAlphaNum 10) .Values.jicofo.xmpp.componentSecret | b64enc }}' diff --git a/jitsi/charts/jitsi-meet/templates/jvb/_helper.tpl b/jitsi/charts/jitsi-meet/templates/jvb/_helper.tpl new file mode 100644 index 0000000..5aa1d9b --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jvb/_helper.tpl @@ -0,0 +1,18 @@ + +{{- define "jitsi-meet.jvb.fullname" -}} +{{ include "jitsi-meet.fullname" . }}-jvb +{{- end -}} + +{{- define "jitsi-meet.jvb.labels" -}} +{{ include "jitsi-meet.labels" . }} +app.kubernetes.io/component: jvb +{{- end -}} + +{{- define "jitsi-meet.jvb.selectorLabels" -}} +{{ include "jitsi-meet.selectorLabels" . }} +app.kubernetes.io/component: jvb +{{- end -}} + +{{- define "jitsi-meet.jvb.secret" -}} +{{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jvb +{{- end -}} diff --git a/jitsi/charts/jitsi-meet/templates/jvb/configmap.yaml b/jitsi/charts/jitsi-meet/templates/jvb/configmap.yaml new file mode 100644 index 0000000..12a06c4 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jvb/configmap.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.jvb.fullname" . }} + labels: + {{- include "jitsi-meet.jvb.labels" . | nindent 4 }} +data: + JVB_BREWERY_MUC: '{{ .Values.jvb.breweryMuc }}' + JVB_PORT: '{{ .Values.jvb.UDPPort }}' + JVB_STUN_SERVERS: '{{.Values.jvb.stunServers }}' + JVB_TCP_HARVESTER_DISABLED: '1' + XMPP_SERVER: '{{ include "jitsi-meet.xmpp.server" . }}' + {{- range $key, $value := .Values.jvb.extraEnvs }} + {{- if not (kindIs "invalid" $value) }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} + COLIBRI_REST_ENABLED: 'true' + {{- if .Values.jvb.websockets.enabled }} + ENABLE_COLIBRI_WEBSOCKET: 'true' + {{- else }} + ENABLE_COLIBRI_WEBSOCKET: 'false' + {{- end }} + {{- if .Values.octo.enabled }} + ENABLE_OCTO: "1" + JVB_OCTO_BIND_PORT: "4096" + JVB_OCTO_REGION: "all" + {{- end }} \ No newline at end of file diff --git a/jitsi/charts/jitsi-meet/templates/jvb/deployment.yaml b/jitsi/charts/jitsi-meet/templates/jvb/deployment.yaml new file mode 100644 index 0000000..7e41d96 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jvb/deployment.yaml @@ -0,0 +1,166 @@ +{{- $serverID := default "podIP" .Values.jvb.websockets.serverID }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jitsi-meet.jvb.fullname" . }} + labels: + {{- include "jitsi-meet.jvb.labels" . | nindent 4 }} + {{- with .Values.jvb.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.jvb.replicaCount }} + selector: + matchLabels: + {{- include "jitsi-meet.jvb.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "jitsi-meet.jvb.selectorLabels" . | nindent 8 }} + {{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.jvb.podLabels }} + {{ $label }}: {{ $value }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/jvb/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/jvb/xmpp-secret.yaml") . | sha256sum }} + {{- if and .Values.jvb.metrics.enabled .Values.jvb.metrics.prometheusAnnotations }} + prometheus.io/port: "9888" + prometheus.io/scrape: "true" + {{- end }} + {{- range $annotation, $value := mergeOverwrite .Values.global.podAnnotations .Values.jvb.podAnnotations }} + {{ $annotation }}: {{ $value|quote }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.jvb.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.jvb.securityContext | nindent 12 }} + image: "{{ .Values.jvb.image.repository }}:{{ default .Chart.AppVersion .Values.jvb.image.tag }}" + imagePullPolicy: {{ pluck "pullPolicy" .Values.jvb.image .Values.image | first }} + envFrom: + - secretRef: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jvb + - configMapRef: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common + - configMapRef: + name: {{ include "jitsi-meet.jvb.fullname" . }} + env: + {{- if or .Values.jvb.useNodeIP .Values.jvb.publicIP }} + - name: DOCKER_HOST_ADDRESS + {{- if .Values.jvb.publicIP }} + value: {{ .Values.jvb.publicIP }} + {{- else }} + valueFrom: + fieldRef: + fieldPath: status.hostIP + {{- end }} + {{- end }} + {{- if .Values.jvb.websockets.enabled }} + - name: JVB_WS_SERVER_ID + {{- if eq $serverID "service" }} + value: {{ include "jitsi-meet.jvb.fullname" . }}.{{ .Release.Namespace }}.svc + {{- else if eq $serverID "podIP" }} + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- else }} + value: {{ $serverID | quote }} + {{- end }} + {{- end }} + {{- if .Values.octo.enabled }} + - name: JVB_OCTO_BIND_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: JVB_OCTO_PUBLIC_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- end }} + ports: + - name: rtp-udp + containerPort: {{ .Values.jvb.UDPPort }} + {{- if .Values.jvb.useHostPort }} + hostPort: {{ .Values.jvb.UDPPort }} + {{- end }} + protocol: UDP + {{- if .Values.jvb.websockets.enabled }} + - name: colibri-ws-tcp + containerPort: 9090 + protocol: TCP + {{- end }} + {{- with .Values.jvb.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.jvb.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.jvb.resources | nindent 12 }} + {{- with .Values.jvb.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- if .Values.jvb.metrics.enabled }} + - name: metrics + image: {{ .Values.jvb.metrics.image.repository }}:{{ .Values.jvb.metrics.image.tag }} + imagePullPolicy: {{ .Values.jvb.metrics.image.pullPolicy }} + securityContext: + runAsUser: 10001 + command: + - /prometheus-jitsi-meet-exporter + - -videobridge-url + - http://localhost:8080/colibri/stats + ports: + - containerPort: 9888 + name: tcp-metrics + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: 9888 + initialDelaySeconds: 3 + periodSeconds: 5 + resources: + {{- toYaml .Values.jvb.metrics.resources | nindent 12 }} + {{- end }} + + {{- with .Values.jvb.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.jvb.useHostPort .Values.jvb.affinity }} + affinity: + {{- if .Values.jvb.affinity }} + {{- toYaml .Values.jvb.affinity | nindent 8 }} + {{- else }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - jvb + topologyKey: "kubernetes.io/hostname" + {{- end }} + {{- end }} + {{- with .Values.jvb.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.jvb.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/jvb/metrics-prometheus.yaml b/jitsi/charts/jitsi-meet/templates/jvb/metrics-prometheus.yaml new file mode 100644 index 0000000..5c36c2a --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jvb/metrics-prometheus.yaml @@ -0,0 +1,27 @@ +{{- if and (.Values.jvb.metrics.enabled) (.Values.jvb.metrics.serviceMonitor.enabled) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "jitsi-meet.jvb.fullname" . }} + labels: + {{- include "jitsi-meet.jvb.labels" . | nindent 4 }} + {{- range $key, $value := .Values.jvb.metrics.serviceMonitor.selector }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + endpoints: + - port: tcp-metrics + path: /metrics + {{- if .Values.jvb.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.jvb.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.jvb.metrics.serviceMonitor.interval }} + interval: {{ .Values.jvb.metrics.serviceMonitor.interval }} + {{- end }} + selector: + matchLabels: + {{- include "jitsi-meet.jvb.labels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + {{- end -}} diff --git a/jitsi/charts/jitsi-meet/templates/jvb/metrics-service.yaml b/jitsi/charts/jitsi-meet/templates/jvb/metrics-service.yaml new file mode 100644 index 0000000..c832155 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jvb/metrics-service.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jvb.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jitsi-meet.jvb.fullname" . }}-metrics + labels: + {{- include "jitsi-meet.jvb.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 9888 + protocol: TCP + name: tcp-metrics + selector: + {{- include "jitsi-meet.jvb.selectorLabels" . | nindent 4 }} + {{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/jvb/service.yaml b/jitsi/charts/jitsi-meet/templates/jvb/service.yaml new file mode 100644 index 0000000..304eff6 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jvb/service.yaml @@ -0,0 +1,35 @@ +{{- if or (and (kindIs "invalid" .Values.jvb.service.enabled) (not .Values.jvb.useHostPort)) .Values.jvb.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jitsi-meet.jvb.fullname" . }} + annotations: + {{- range $key, $value := .Values.jvb.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "jitsi-meet.jvb.labels" . | nindent 4 }} +spec: + type: {{ .Values.jvb.service.type }} + {{- with .Values.jvb.service.LoadbalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + ports: + - port: {{ default 10000 .Values.jvb.UDPPort }} + {{- if or (eq .Values.jvb.service.type "NodePort") (eq .Values.jvb.service.type "LoadBalancer") }} + nodePort: {{ .Values.jvb.UDPPort }} + {{- end }} + protocol: UDP + name: rtp-udp + {{- if .Values.jvb.websockets.enabled }} + - port: 9090 + protocol: TCP + name: colibri-ws-tcp + {{- end }} + {{- with .Values.jvb.service.externalIPs }} + externalIPs: + {{ toYaml . | indent 2 | trim }} + {{- end }} + selector: + {{- include "jitsi-meet.jvb.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/jvb/xmpp-secret.yaml b/jitsi/charts/jitsi-meet/templates/jvb/xmpp-secret.yaml new file mode 100644 index 0000000..4e0a7a4 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/jvb/xmpp-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-jvb + labels: + {{- include "jitsi-meet.jvb.labels" . | nindent 4 }} +type: Opaque +data: + JVB_AUTH_USER: '{{ .Values.jvb.xmpp.user | b64enc }}' + JVB_AUTH_PASSWORD: '{{ default (randAlphaNum 10) .Values.jvb.xmpp.password | b64enc }}' diff --git a/jitsi/charts/jitsi-meet/templates/serviceaccount.yaml b/jitsi/charts/jitsi-meet/templates/serviceaccount.yaml new file mode 100644 index 0000000..d0b57df --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jitsi-meet.serviceAccountName" . }} + labels: + {{- include "jitsi-meet.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/jitsi/charts/jitsi-meet/templates/tests/test-connection.yaml b/jitsi/charts/jitsi-meet/templates/tests/test-connection.yaml new file mode 100644 index 0000000..9f523ba --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "jitsi-meet.web.fullname" . }}-test-connection" + labels: + {{- include "jitsi-meet.web.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "jitsi-meet.web.fullname" . }}:{{ .Values.web.service.port }}'] + restartPolicy: Never diff --git a/jitsi/charts/jitsi-meet/templates/web/_helper.tpl b/jitsi/charts/jitsi-meet/templates/web/_helper.tpl new file mode 100644 index 0000000..18b1f09 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/web/_helper.tpl @@ -0,0 +1,15 @@ + +{{- define "jitsi-meet.web.fullname" -}} +{{ include "jitsi-meet.fullname" . }}-web +{{- end -}} + +{{- define "jitsi-meet.web.labels" -}} +{{ include "jitsi-meet.labels" . }} +app.kubernetes.io/component: web +{{- end -}} + +{{- define "jitsi-meet.web.selectorLabels" -}} +{{ include "jitsi-meet.selectorLabels" . }} +app.kubernetes.io/component: web +{{- end -}} + diff --git a/jitsi/charts/jitsi-meet/templates/web/configmap.yaml b/jitsi/charts/jitsi-meet/templates/web/configmap.yaml new file mode 100644 index 0000000..718a134 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/web/configmap.yaml @@ -0,0 +1,24 @@ +{{- $serverID := default "podIP" .Values.jvb.websockets.serverID }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.web.fullname" . }} + labels: + {{- include "jitsi-meet.web.labels" . | nindent 4 }} +data: + DISABLE_HTTPS: {{ ternary "0" "1" .Values.web.httpsEnabled | quote }} + ENABLE_HTTP_REDIRECT: {{ ternary "1" "0" .Values.web.httpRedirect | quote }} + JICOFO_AUTH_USER: '{{ .Values.jicofo.xmpp.user }}' + XMPP_BOSH_URL_BASE: 'http://{{ include "jitsi-meet.xmpp.server" . }}:{{ index .Values.prosody.service.ports "bosh-insecure" }}' + {{- if and .Values.jvb.websockets.enabled (eq $serverID "service") }} + NGINX_RESOLVER: {{ required "(web.resolverIP) Please set an IP address of your KubeDNS service!" .Values.web.resolverIP }} + {{- end }} + {{- if .Values.jibri.enabled }} + ENABLE_RECORDING: "true" + ENABLE_FILE_RECORDING_SERVICE_SHARING: "true" + {{- end }} + {{- range $key, $value := .Values.web.extraEnvs }} + {{- if not (kindIs "invalid" $value) }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/web/deployment.yaml b/jitsi/charts/jitsi-meet/templates/web/deployment.yaml new file mode 100644 index 0000000..2b9c4ae --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/web/deployment.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jitsi-meet.web.fullname" . }} + labels: + {{- include "jitsi-meet.web.labels" . | nindent 4 }} + {{- with .Values.web.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.web.replicaCount }} + selector: + matchLabels: + {{- include "jitsi-meet.web.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "jitsi-meet.web.selectorLabels" . | nindent 8 }} + {{- range $label, $value := mergeOverwrite .Values.global.podLabels .Values.web.podLabels }} + {{ $label }}: {{ $value }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + {{- range $annotation, $value := mergeOverwrite .Values.global.podAnnotations .Values.web.podAnnotations }} + {{ $annotation }}: {{ $value|quote }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.web.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.web.securityContext | nindent 12 }} + image: "{{ .Values.web.image.repository }}:{{ default .Chart.AppVersion .Values.web.image.tag }}" + imagePullPolicy: {{ pluck "pullPolicy" .Values.web.image .Values.image | first }} + envFrom: + - configMapRef: + name: {{ include "jitsi-meet.web.fullname" . }} + - configMapRef: + name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + {{- with .Values.web.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.web.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.web.resources | nindent 12 }} + {{- with .Values.web.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with .Values.web.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.web.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.web.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.web.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/jitsi/charts/jitsi-meet/templates/web/service.yaml b/jitsi/charts/jitsi-meet/templates/web/service.yaml new file mode 100644 index 0000000..bf890a6 --- /dev/null +++ b/jitsi/charts/jitsi-meet/templates/web/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jitsi-meet.web.fullname" . }} + labels: + {{- include "jitsi-meet.web.labels" . | nindent 4 }} +spec: + type: {{ .Values.web.service.type }} + ports: + - port: {{ .Values.web.service.port }} + protocol: TCP + name: http + {{- with .Values.web.service.externalIPs }} + externalIPs: + {{ toYaml . | indent 2 | trim }} + {{- end }} + selector: + {{- include "jitsi-meet.web.selectorLabels" . | nindent 4 }} diff --git a/jitsi/charts/jitsi-meet/values.yaml b/jitsi/charts/jitsi-meet/values.yaml new file mode 100644 index 0000000..9ab056a --- /dev/null +++ b/jitsi/charts/jitsi-meet/values.yaml @@ -0,0 +1,288 @@ +# Default values for jitsi-meet. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + podLabels: {} + podAnnotations: {} +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +enableAuth: false +enableGuests: true +publicURL: "" + +tz: Europe/Amsterdam + +image: + pullPolicy: IfNotPresent + +web: + replicaCount: 1 + image: + repository: jitsi/web + + extraEnvs: {} + service: + type: ClusterIP + port: 80 + externalIPs: [] + + ingress: + enabled: false + # ingressClassName: "nginx-ingress-0" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: jitsi.local + paths: ['/'] + tls: [] + # - secretName: jitsi-web-certificate + # hosts: + # - jitsi.local + + # Useful for ingresses that don't support http-to-https redirect by themself, (namely: GKE), + httpRedirect: false + + # When tls-termination by the ingress is not wanted, enable this and set web.service.type=Loadbalancer + httpsEnabled: false + + ## Resolver IP for nginx. + ## Set this to ClusterIP of your `kube-dns` service + ## when using websockets and discovering JVB's address + ## via k8s services. + # resolverIP: 10.43.0.10 + + livenessProbe: + httpGet: + path: / + port: 80 + readinessProbe: + httpGet: + path: / + port: 80 + + podLabels: {} + podAnnotations: {} + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +jicofo: + replicaCount: 1 + image: + repository: jitsi/jicofo + + xmpp: + user: focus + password: + componentSecret: + + livenessProbe: + tcpSocket: + port: 8888 + readinessProbe: + tcpSocket: + port: 8888 + + podLabels: {} + podAnnotations: {} + podSecurityContext: {} + securityContext: {} + resources: {} + nodeSelector: {} + tolerations: [] + affinity: {} + extraEnvs: {} + +jvb: + replicaCount: 1 + image: + repository: jitsi/jvb + + xmpp: + user: jvb + password: + + stunServers: 'meet-jit-si-turnrelay.jitsi.net:443' + useHostPort: false + UDPPort: 10000 + service: + enabled: + type: ClusterIP + externalIPs: [] + ## Annotations to be added to the service (if LoadBalancer is used) + ## + annotations: {} + + breweryMuc: jvbbrewery + + livenessProbe: + httpGet: + path: /about/health + port: 8080 + readinessProbe: + httpGet: + path: /about/health + port: 8080 + + podLabels: {} + podAnnotations: {} + podSecurityContext: {} + securityContext: {} + resources: {} + nodeSelector: {} + tolerations: [] + affinity: {} + extraEnvs: {} + + websockets: + ## Set to 'true' to enable Colibri WebSocket support in JVB: + enabled: false + ## Uncomment this to set JVB server ID manually, + ## Or use one of pre-defined values: + ## * "podIP" will fetch JVB pod's IP address from K8s metadata; + ## * "service" will use JVB service name generated by Helm. + ## + ## Don't forget to set `web.resolverIP` to your cluster's + ## DNS service IP when setting this to "service"! + ## + ## (default is "podIP") + # serverID: podIP + + metrics: + enabled: false + prometheusAnnotations: false + image: + repository: docker.io/systemli/prometheus-jitsi-meet-exporter + tag: 1.1.9 + pullPolicy: IfNotPresent + serviceMonitor: + enabled: true + selector: + release: prometheus-operator + interval: 10s + # honorLabels: false + resources: + requests: + cpu: 10m + memory: 16Mi + limits: + cpu: 20m + memory: 32Mi + +octo: + enabled: false + + +jibri: + ## Enabling Jibri will allow users to record + ## and/or stream their meetings (e.g. to YouTube). + enabled: false + + ## Enable persistent storage for local recordings. + ## If disabled, jibri pod will use a transient + ## emptyDir-backed storage instead. + persistence: + enabled: false + size: 4Gi + ## Set this to existing PVC name if you have one. + existingClaim: + storageClassName: + + shm: + ## Set to true to enable "/dev/shm" mount. + ## May be required by built-in Chromium. + enabled: false + ## If "true", will use host's shared memory dir, + ## and if "false" — an emptyDir mount. + # useHost: false + # size: 256Mi + + image: + repository: jitsi/jibri + + breweryMuc: jibribrewery + timeout: 90 + + ## jibri XMPP user credentials: + xmpp: + user: jibri + password: + + ## recorder XMPP user credentials: + recorder: + user: recorder + password: + + livenessProbe: + exec: + command: ["pgrep", "java"] + + readinessProbe: + exec: + command: ["pgrep", "java"] + + extraEnvs: {} + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +xmpp: + domain: meet.jitsi + authDomain: + mucDomain: + internalMucDomain: + guestDomain: + +extraCommonEnvs: {} + +prosody: + enabled: true + server: + extraEnvFrom: + - secretRef: + name: '{{ include "prosody.fullname" . }}-jicofo' + - secretRef: + name: '{{ include "prosody.fullname" . }}-jvb' + - configMapRef: + name: '{{ include "prosody.fullname" . }}-common' + ## Uncomment this if you want to use jibri: + # - secretRef: + # name: '{{ include "prosody.fullname" . }}-jibri' + image: + repository: jitsi/prosody + tag: 'stable-6865' diff --git a/jitsi/ci/dummy-values.yaml b/jitsi/ci/dummy-values.yaml new file mode 100644 index 0000000..58e035d --- /dev/null +++ b/jitsi/ci/dummy-values.yaml @@ -0,0 +1,3 @@ +--- +jitsi-meet: + publicURL: "http://localhost" diff --git a/jitsi/values.yaml b/jitsi/values.yaml index 13bde9c..d309009 100755 --- a/jitsi/values.yaml +++ b/jitsi/values.yaml @@ -1,4 +1,4 @@ - +--- certResolver: le-staging fqdn: "" @@ -29,7 +29,6 @@ jitsi-meet: service: # enabled: true type: NodePort - # It may be required to change the default port to a value allowed by Kubernetes (30000-32768) UDPPort: 30000 livenessProbe: @@ -42,5 +41,4 @@ jitsi-meet: websockets: enabled: true - # Use public IP of one of your node, or the public IP of a loadbalancer in front of the nodes publicIP: "" diff --git a/lintconf.yaml b/lintconf.yaml new file mode 100644 index 0000000..de707d4 --- /dev/null +++ b/lintconf.yaml @@ -0,0 +1,7 @@ +extends: default + +rules: + empty-lines: + max: 3 + max-start: 1 + max-end: 1