jitsi-k8s/02-deployments.yml

# apiVersion: v1
# kind: ConfigMap
# metadata:
#   name: jitsi-web-conf
#   namespace: external-app-development
# data:
#   20-use-env: |-
#     #!/bin/bash
#     sed -i "s|xmpp.meet.jitsi|XMPP_SERVER|" /config/nginx/meet.conf

---

kind: Deployment
apiVersion: apps/v1
metadata:
  name: jitsi-web
  namespace: external-app-development
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: jitsi-web
  template:
    metadata:
      labels:
        app: jitsi-web
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - arm64
                - amd64
      # initContainers:
      #   - name: jitsi-web-conf
      #     image: busybox
      #     args: ["sh", "-c", "cat /20-use-env | sed \"s/XMPP_SERVER/$XMPP_SERVER/\" > /config/20-use-env && chmod +x /config/20-use-env"]
      #     volumeMounts:
      #       - mountPath: /config
      #         name: jitsi
      #         subPath: web
      #       - mountPath: /20-use-env
      #         name: jitsi-web-conf
      #         subPath: 20-use-env
      #     envFrom:
      #       - configMapRef:
      #           name: jitsi-env
      #     securityContext:
      #       runAsUser: 1000
      #       runAsGroup: 1000
      #       allowPrivilegeEscalation: false
      #       capabilities:
      #         drop:
      #           - ALL
      #       runAsNonRoot: true
      #       seccompProfile:
      #         type: RuntimeDefault
      containers:
        - name: jitsi-web
          image: dowerx/jitsi-web:non-root
          imagePullPolicy: Always
          ports:
            - containerPort: 8000
              protocol: TCP
            - containerPort: 8443
              protocol: TCP
          envFrom:
            - configMapRef:
                name: jitsi-env
          env:
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JICOFO_AUTH_PASSWORD
            - name: JVB_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JVB_AUTH_PASSWORD
            # - name: JIGASI_XMPP_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIGASI_XMPP_PASSWORD
            # - name: JIBRI_RECORDER_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIBRI_RECORDER_PASSWORD
            # - name: JIBRI_XMPP_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIBRI_XMPP_PASSWORD
          # volumeMounts:
          #   - mountPath: /config
          #     name: jitsi
          #     subPath: web
          #   - mountPath: /var/spool/cron/crontabs
          #     name: jitsi
          #     subPath: web/crontabs
          #   - mountPath: /usr/share/jitsi-meet/transcripts
          #     name: jitsi
          #     subPath: web/transcripts
            # - mountPath: /etc/cont-init.d/20-use-env
            #   name: jitsi
            #   subPath: web/20-use-env
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          resources:
            limits:
              cpu: "500m"
              memory: "512Mi"
            requests:
              cpu: "10m"
              memory: "10Mi"
          # readinessProbe:
          #   tcpSocket:
          #     port: 80
          #   initialDelaySeconds: 15
          #   periodSeconds: 10
          # livenessProbe:
          #   tcpSocket:
          #     port: 80
          #   initialDelaySeconds: 15
          #   periodSeconds: 10
      # volumes:
      #   - name: jitsi
      #     persistentVolumeClaim:
      #       claimName: jitsi
      #   - name: jitsi-web-conf
      #     configMap:
      #       name: jitsi-web-conf
      #       items:
      #         - key: 20-use-env
      #           path: 20-use-env
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: jitsi-prosody
  namespace: external-app-development
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: jitsi-prosody
  template:
    metadata:
      labels:
        app: jitsi-prosody
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - arm64
                - amd64
      containers:
        - name: jitsi-prosody
          image: dowerx/prosody:non-root
          ports:
            - containerPort: 5222
              protocol: TCP
            - containerPort: 5269
              protocol: TCP
            - containerPort: 5347
              protocol: TCP
            - containerPort: 5280
              protocol: TCP
          envFrom:
            - configMapRef:
                name: jitsi-env
          env:
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JICOFO_AUTH_PASSWORD
            - name: JVB_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JVB_AUTH_PASSWORD
            # - name: JIGASI_XMPP_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIGASI_XMPP_PASSWORD
            # - name: JIBRI_RECORDER_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIBRI_RECORDER_PASSWORD
            # - name: JIBRI_XMPP_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIBRI_XMPP_PASSWORD
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          volumeMounts:
            - mountPath: /config
              name: jitsi
              subPath: prosody
            - mountPath: /prosody-plugins-custom
              name: jitsi
              subPath: prosody/prosody-plugins-custom
          resources:
            limits:
              cpu: "500m"
              memory: "512Mi"
            requests:
              cpu: "10m"
              memory: "10Mi"
          # readinessProbe:
          #   tcpSocket:
          #     port: 5280
          #   initialDelaySeconds: 15
          #   periodSeconds: 10
          # livenessProbe:
          #   tcpSocket:
          #     port: 5280
          #   initialDelaySeconds: 15
          #   periodSeconds: 10
      securityContext:
        fsGroup: 1000
      volumes:
        - name: jitsi
          persistentVolumeClaim:
            claimName: jitsi
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: jitsi-jicofo
  namespace: external-app-development
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: jitsi-jicofo
  template:
    metadata:
      labels:
        app: jitsi-jicofo
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - arm64
                - amd64
      containers:
        - name: jitsi-jicofo
          image: dowerx/jicofo:non-root
          ports:
            - containerPort: 8888
              protocol: TCP
          envFrom:
            - configMapRef:
                name: jitsi-env
          env:
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JICOFO_AUTH_PASSWORD
            - name: JVB_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JVB_AUTH_PASSWORD
            # - name: JIGASI_XMPP_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIGASI_XMPP_PASSWORD
            # - name: JIBRI_RECORDER_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIBRI_RECORDER_PASSWORD
            # - name: JIBRI_XMPP_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIBRI_XMPP_PASSWORD
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          # volumeMounts:
          #   - mountPath: /config
          #     name: jitsi
          #     subPath: jicofo
          resources:
            limits:
              cpu: "500m"
              memory: "512Mi"
            requests:
              cpu: "10m"
              memory: "10Mi"
          # readinessProbe:
          #   tcpSocket:
          #     port: 8888
          #   initialDelaySeconds: 15
          #   periodSeconds: 10
          # livenessProbe:
          #   tcpSocket:
          #     port: 8888
          #   initialDelaySeconds: 15
          #   periodSeconds: 10
      # volumes:
      #   - name: jitsi
      #     persistentVolumeClaim:
      #       claimName: jitsi
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: jitsi-jvb
  namespace: external-app-development
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: jitsi-jvb
  template:
    metadata:
      labels:
        app: jitsi-jvb
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - arm64
                - amd64
      containers:
        - name: jitsi-jvb
          image: dowerx/jvb:non-root
          ports:
            - containerPort: 10000
              protocol: UDP
            - containerPort: 8080
              protocol: TCP
          envFrom:
            - configMapRef:
                name: jitsi-env
          env:
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JICOFO_AUTH_PASSWORD
            - name: JVB_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JVB_AUTH_PASSWORD
            # - name: JIGASI_XMPP_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIGASI_XMPP_PASSWORD
            # - name: JIBRI_RECORDER_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIBRI_RECORDER_PASSWORD
            # - name: JIBRI_XMPP_PASSWORD
            #   valueFrom:
            #     secretKeyRef:
            #       name: jitsi-passwords
            #       key: JIBRI_XMPP_PASSWORD
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          # volumeMounts:
          #   - mountPath: /config
          #     subPath: jvb
          #     name: jitsi
          resources:
            limits:
              cpu: "500m"
              memory: "512Mi"
            requests:
              cpu: "10m"
              memory: "10Mi"
          # readinessProbe:
          #   tcpSocket:
          #     port: 8080
          #   initialDelaySeconds: 15
          #   periodSeconds: 10
          # livenessProbe:
          #   tcpSocket:
          #     port: 8080
          #   initialDelaySeconds: 15
          #   periodSeconds: 10
      # volumes:
      #   - name: jitsi
      #     persistentVolumeClaim:
      #       claimName: jitsi
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# apiVersion: v1`
			`# kind: ConfigMap`
			`# metadata:`
			`# name: jitsi-web-conf`
			`# namespace: external-app-development`
			`# data:`
			`# 20-use-env: \|-`
			`# #!/bin/bash`
			`# sed -i "s\|xmpp.meet.jitsi\|XMPP_SERVER\|" /config/nginx/meet.conf`
init 2024-07-03 07:54:32 +00:00
			`---`

			`kind: Deployment`
			`apiVersion: apps/v1`
			`metadata:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-web`
			`namespace: external-app-development`
init 2024-07-03 07:54:32 +00:00			`spec:`
			`strategy:`
			`type: Recreate`
			`replicas: 1`
			`selector:`
			`matchLabels:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`app: jitsi-web`
init 2024-07-03 07:54:32 +00:00			`template:`
			`metadata:`
			`labels:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`app: jitsi-web`
init 2024-07-03 07:54:32 +00:00			`spec:`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: kubernetes.io/arch`
			`operator: In`
			`values:`
			`- arm64`
			`- amd64`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# initContainers:`
			`# - name: jitsi-web-conf`
			`# image: busybox`
			`# args: ["sh", "-c", "cat /20-use-env \| sed \"s/XMPP_SERVER/$XMPP_SERVER/\" > /config/20-use-env && chmod +x /config/20-use-env"]`
			`# volumeMounts:`
			`# - mountPath: /config`
			`# name: jitsi`
			`# subPath: web`
			`# - mountPath: /20-use-env`
			`# name: jitsi-web-conf`
			`# subPath: 20-use-env`
			`# envFrom:`
			`# - configMapRef:`
			`# name: jitsi-env`
			`# securityContext:`
			`# runAsUser: 1000`
			`# runAsGroup: 1000`
			`# allowPrivilegeEscalation: false`
			`# capabilities:`
			`# drop:`
			`# - ALL`
			`# runAsNonRoot: true`
			`# seccompProfile:`
			`# type: RuntimeDefault`
init 2024-07-03 07:54:32 +00:00			`containers:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`- name: jitsi-web`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`image: dowerx/jitsi-web:non-root`
			`imagePullPolicy: Always`
init 2024-07-03 07:54:32 +00:00			`ports:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`- containerPort: 8000`
init 2024-07-03 07:54:32 +00:00			`protocol: TCP`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`- containerPort: 8443`
init 2024-07-03 07:54:32 +00:00			`protocol: TCP`
			`envFrom:`
			`- configMapRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-env`
init 2024-07-03 07:54:32 +00:00			`env:`
			`- name: JICOFO_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JICOFO_AUTH_PASSWORD`
			`- name: JVB_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JVB_AUTH_PASSWORD`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# - name: JIGASI_XMPP_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIGASI_XMPP_PASSWORD`
			`# - name: JIBRI_RECORDER_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIBRI_RECORDER_PASSWORD`
			`# - name: JIBRI_XMPP_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIBRI_XMPP_PASSWORD`
			`# volumeMounts:`
			`# - mountPath: /config`
			`# name: jitsi`
			`# subPath: web`
			`# - mountPath: /var/spool/cron/crontabs`
			`# name: jitsi`
			`# subPath: web/crontabs`
			`# - mountPath: /usr/share/jitsi-meet/transcripts`
			`# name: jitsi`
			`# subPath: web/transcripts`
			`# - mountPath: /etc/cont-init.d/20-use-env`
			`# name: jitsi`
			`# subPath: web/20-use-env`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`securityContext:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`runAsUser: 1000`
			`runAsGroup: 1000`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`runAsNonRoot: true`
			`seccompProfile:`
			`type: RuntimeDefault`
init 2024-07-03 07:54:32 +00:00			`resources:`
			`limits:`
			`cpu: "500m"`
			`memory: "512Mi"`
			`requests:`
			`cpu: "10m"`
			`memory: "10Mi"`
			`# readinessProbe:`
			`# tcpSocket:`
			`# port: 80`
			`# initialDelaySeconds: 15`
			`# periodSeconds: 10`
			`# livenessProbe:`
			`# tcpSocket:`
			`# port: 80`
			`# initialDelaySeconds: 15`
			`# periodSeconds: 10`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# volumes:`
			`# - name: jitsi`
			`# persistentVolumeClaim:`
			`# claimName: jitsi`
			`# - name: jitsi-web-conf`
			`# configMap:`
			`# name: jitsi-web-conf`
			`# items:`
			`# - key: 20-use-env`
			`# path: 20-use-env`
init 2024-07-03 07:54:32 +00:00			`---`
			`kind: Deployment`
			`apiVersion: apps/v1`
			`metadata:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-prosody`
			`namespace: external-app-development`
init 2024-07-03 07:54:32 +00:00			`spec:`
			`strategy:`
			`type: Recreate`
			`replicas: 1`
			`selector:`
			`matchLabels:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`app: jitsi-prosody`
init 2024-07-03 07:54:32 +00:00			`template:`
			`metadata:`
			`labels:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`app: jitsi-prosody`
init 2024-07-03 07:54:32 +00:00			`spec:`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: kubernetes.io/arch`
			`operator: In`
			`values:`
			`- arm64`
			`- amd64`
			`containers:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`- name: jitsi-prosody`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`image: dowerx/prosody:non-root`
init 2024-07-03 07:54:32 +00:00			`ports:`
			`- containerPort: 5222`
			`protocol: TCP`
			`- containerPort: 5269`
			`protocol: TCP`
			`- containerPort: 5347`
			`protocol: TCP`
			`- containerPort: 5280`
			`protocol: TCP`
			`envFrom:`
			`- configMapRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-env`
init 2024-07-03 07:54:32 +00:00			`env:`
			`- name: JICOFO_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JICOFO_AUTH_PASSWORD`
			`- name: JVB_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JVB_AUTH_PASSWORD`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# - name: JIGASI_XMPP_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIGASI_XMPP_PASSWORD`
			`# - name: JIBRI_RECORDER_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIBRI_RECORDER_PASSWORD`
			`# - name: JIBRI_XMPP_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIBRI_XMPP_PASSWORD`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`securityContext:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`runAsUser: 1000`
			`runAsGroup: 1000`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`runAsNonRoot: true`
			`seccompProfile:`
			`type: RuntimeDefault`
init 2024-07-03 07:54:32 +00:00			`volumeMounts:`
			`- mountPath: /config`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi`
			`subPath: prosody`
init 2024-07-03 07:54:32 +00:00			`- mountPath: /prosody-plugins-custom`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi`
			`subPath: prosody/prosody-plugins-custom`
init 2024-07-03 07:54:32 +00:00			`resources:`
			`limits:`
			`cpu: "500m"`
			`memory: "512Mi"`
			`requests:`
			`cpu: "10m"`
			`memory: "10Mi"`
			`# readinessProbe:`
			`# tcpSocket:`
			`# port: 5280`
			`# initialDelaySeconds: 15`
			`# periodSeconds: 10`
			`# livenessProbe:`
			`# tcpSocket:`
			`# port: 5280`
			`# initialDelaySeconds: 15`
			`# periodSeconds: 10`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`securityContext:`
			`fsGroup: 1000`
init 2024-07-03 07:54:32 +00:00			`volumes:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`- name: jitsi`
init 2024-07-03 07:54:32 +00:00			`persistentVolumeClaim:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`claimName: jitsi`
init 2024-07-03 07:54:32 +00:00			`---`
			`kind: Deployment`
			`apiVersion: apps/v1`
			`metadata:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-jicofo`
			`namespace: external-app-development`
init 2024-07-03 07:54:32 +00:00			`spec:`
			`strategy:`
			`type: Recreate`
			`replicas: 1`
			`selector:`
			`matchLabels:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`app: jitsi-jicofo`
init 2024-07-03 07:54:32 +00:00			`template:`
			`metadata:`
			`labels:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`app: jitsi-jicofo`
init 2024-07-03 07:54:32 +00:00			`spec:`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: kubernetes.io/arch`
			`operator: In`
			`values:`
			`- arm64`
			`- amd64`
			`containers:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`- name: jitsi-jicofo`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`image: dowerx/jicofo:non-root`
init 2024-07-03 07:54:32 +00:00			`ports:`
			`- containerPort: 8888`
			`protocol: TCP`
			`envFrom:`
			`- configMapRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-env`
init 2024-07-03 07:54:32 +00:00			`env:`
			`- name: JICOFO_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JICOFO_AUTH_PASSWORD`
			`- name: JVB_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JVB_AUTH_PASSWORD`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# - name: JIGASI_XMPP_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIGASI_XMPP_PASSWORD`
			`# - name: JIBRI_RECORDER_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIBRI_RECORDER_PASSWORD`
			`# - name: JIBRI_XMPP_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIBRI_XMPP_PASSWORD`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`securityContext:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`runAsUser: 1000`
			`runAsGroup: 1000`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`runAsNonRoot: true`
			`seccompProfile:`
			`type: RuntimeDefault`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# volumeMounts:`
			`# - mountPath: /config`
			`# name: jitsi`
			`# subPath: jicofo`
init 2024-07-03 07:54:32 +00:00			`resources:`
			`limits:`
			`cpu: "500m"`
			`memory: "512Mi"`
			`requests:`
			`cpu: "10m"`
			`memory: "10Mi"`
			`# readinessProbe:`
			`# tcpSocket:`
			`# port: 8888`
			`# initialDelaySeconds: 15`
			`# periodSeconds: 10`
			`# livenessProbe:`
			`# tcpSocket:`
			`# port: 8888`
			`# initialDelaySeconds: 15`
			`# periodSeconds: 10`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# volumes:`
			`# - name: jitsi`
			`# persistentVolumeClaim:`
			`# claimName: jitsi`
init 2024-07-03 07:54:32 +00:00			`---`
			`kind: Deployment`
			`apiVersion: apps/v1`
			`metadata:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-jvb`
			`namespace: external-app-development`
init 2024-07-03 07:54:32 +00:00			`spec:`
			`strategy:`
			`type: Recreate`
			`replicas: 1`
			`selector:`
			`matchLabels:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`app: jitsi-jvb`
init 2024-07-03 07:54:32 +00:00			`template:`
			`metadata:`
			`labels:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`app: jitsi-jvb`
init 2024-07-03 07:54:32 +00:00			`spec:`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: kubernetes.io/arch`
			`operator: In`
			`values:`
			`- arm64`
			`- amd64`
			`containers:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`- name: jitsi-jvb`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`image: dowerx/jvb:non-root`
init 2024-07-03 07:54:32 +00:00			`ports:`
			`- containerPort: 10000`
			`protocol: UDP`
			`- containerPort: 8080`
			`protocol: TCP`
			`envFrom:`
			`- configMapRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-env`
init 2024-07-03 07:54:32 +00:00			`env:`
			`- name: JICOFO_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JICOFO_AUTH_PASSWORD`
			`- name: JVB_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JVB_AUTH_PASSWORD`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# - name: JIGASI_XMPP_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIGASI_XMPP_PASSWORD`
			`# - name: JIBRI_RECORDER_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIBRI_RECORDER_PASSWORD`
			`# - name: JIBRI_XMPP_PASSWORD`
			`# valueFrom:`
			`# secretKeyRef:`
			`# name: jitsi-passwords`
			`# key: JIBRI_XMPP_PASSWORD`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`securityContext:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`runAsUser: 1000`
			`runAsGroup: 1000`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`runAsNonRoot: true`
			`seccompProfile:`
			`type: RuntimeDefault`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# volumeMounts:`
			`# - mountPath: /config`
			`# subPath: jvb`
			`# name: jitsi`
init 2024-07-03 07:54:32 +00:00			`resources:`
			`limits:`
			`cpu: "500m"`
			`memory: "512Mi"`
			`requests:`
			`cpu: "10m"`
			`memory: "10Mi"`
			`# readinessProbe:`
			`# tcpSocket:`
			`# port: 8080`
			`# initialDelaySeconds: 15`
			`# periodSeconds: 10`
			`# livenessProbe:`
			`# tcpSocket:`
			`# port: 8080`
			`# initialDelaySeconds: 15`
			`# periodSeconds: 10`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`# volumes:`
			`# - name: jitsi`
			`# persistentVolumeClaim:`
			`# claimName: jitsi`