jitsi-k8s/04-add-users.yml

apiVersion: v1
kind: ConfigMap
metadata:
  name: jitsi-users
data:
  users: |-
    user1 asdqwe
    user2 asdqwe
    user3 asdqwe
  
  clear.sh: |-
    #!/bin/bash

    [ ! -d /config/data/meet%2ejitsi/accounts ] && exit 0

    find /config/data/meet%2ejitsi/accounts/ -type f -exec basename {} .dat \; |
    while IFS="" read -r user || [ -n "$user" ]; do
      prosodyctl --config /config/prosody.cfg.lua unregister "${user}" meet.jitsi
    done 

  add.sh: |-
    #!/bin/bash

    while IFS="" read -r line || [ -n "$line" ]; do
      username="$(echo "${line}" | cut -d ' ' -f1)"
      password="$(echo "${line}" | cut -d ' ' -f2)"

      prosodyctl --config /config/prosody.cfg.lua register "${username}" meet.jitsi "${password}"
    done < /users

---

apiVersion: batch/v1
kind: Job
metadata:
  name: add-users
  namespace: external-app-development
spec:
 template:
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - arm64
                - amd64
      containers:
      - name: add-users
        image: dowerx/prosody:non-root
        command: ["/bin/bash", "-c"]
        args: ["bash /clear.sh && bash /add.sh"]
        envFrom:
          - configMapRef:
              name: jitsi-env
        env:
          - name: JICOFO_AUTH_PASSWORD
            valueFrom:
              secretKeyRef:
                name: jitsi-passwords
                key: JICOFO_AUTH_PASSWORD
          - name: JVB_AUTH_PASSWORD
            valueFrom:
              secretKeyRef:
                name: jitsi-passwords
                key: JVB_AUTH_PASSWORD
          - name: JIGASI_XMPP_PASSWORD
            valueFrom:
              secretKeyRef:
                name: jitsi-passwords
                key: JIGASI_XMPP_PASSWORD
          - name: JIBRI_RECORDER_PASSWORD
            valueFrom:
              secretKeyRef:
                name: jitsi-passwords
                key: JIBRI_RECORDER_PASSWORD
          - name: JIBRI_XMPP_PASSWORD
            valueFrom:
              secretKeyRef:
                name: jitsi-passwords
                key: JIBRI_XMPP_PASSWORD
        securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
        volumeMounts:
          - mountPath: /config
            name: jitsi
            subPath: prosody
          - mountPath: /users
            name: jitsi-users
            subPath: users
          - mountPath: /clear.sh
            name: jitsi-users
            subPath: clear.sh
          - mountPath: /add.sh
            name: jitsi-users
            subPath: add.sh
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 1000
      volumes:
        - name: jitsi
          persistentVolumeClaim:
            claimName: jitsi
        - name: jitsi-users
          configMap:
            name: jitsi-users
            items:
              - key: users
                path: users
              - key: clear.sh
                path: clear.sh
              - key: add.sh
                path: add.sh
init 2024-07-03 07:54:32 +00:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-users`
init 2024-07-03 07:54:32 +00:00			`data:`
			`users: \|-`
			`user1 asdqwe`
			`user2 asdqwe`
			`user3 asdqwe`

			`clear.sh: \|-`
			`#!/bin/bash`

			`[ ! -d /config/data/meet%2ejitsi/accounts ] && exit 0`

			`find /config/data/meet%2ejitsi/accounts/ -type f -exec basename {} .dat \; \|`
			`while IFS="" read -r user \|\| [ -n "$user" ]; do`
			`prosodyctl --config /config/prosody.cfg.lua unregister "${user}" meet.jitsi`
			`done`

			`add.sh: \|-`
			`#!/bin/bash`

			`while IFS="" read -r line \|\| [ -n "$line" ]; do`
			`username="$(echo "${line}" \| cut -d ' ' -f1)"`
			`password="$(echo "${line}" \| cut -d ' ' -f2)"`

			`prosodyctl --config /config/prosody.cfg.lua register "${username}" meet.jitsi "${password}"`
			`done < /users`

			`---`

			`apiVersion: batch/v1`
			`kind: Job`
			`metadata:`
			`name: add-users`
transfer to bevonodas k8s 2024-07-10 10:57:37 +00:00			`namespace: external-app-development`
init 2024-07-03 07:54:32 +00:00			`spec:`
			`template:`
			`spec:`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: kubernetes.io/arch`
			`operator: In`
			`values:`
			`- arm64`
			`- amd64`
			`containers:`
			`- name: add-users`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`image: dowerx/prosody:non-root`
init 2024-07-03 07:54:32 +00:00			`command: ["/bin/bash", "-c"]`
			`args: ["bash /clear.sh && bash /add.sh"]`
			`envFrom:`
			`- configMapRef:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-env`
init 2024-07-03 07:54:32 +00:00			`env:`
			`- name: JICOFO_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JICOFO_AUTH_PASSWORD`
			`- name: JVB_AUTH_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JVB_AUTH_PASSWORD`
			`- name: JIGASI_XMPP_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JIGASI_XMPP_PASSWORD`
			`- name: JIBRI_RECORDER_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JIBRI_RECORDER_PASSWORD`
			`- name: JIBRI_XMPP_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-passwords`
init 2024-07-03 07:54:32 +00:00			`key: JIBRI_XMPP_PASSWORD`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`runAsNonRoot: true`
			`seccompProfile:`
			`type: RuntimeDefault`
init 2024-07-03 07:54:32 +00:00			`volumeMounts:`
			`- mountPath: /config`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi`
			`subPath: prosody`
init 2024-07-03 07:54:32 +00:00			`- mountPath: /users`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-users`
init 2024-07-03 07:54:32 +00:00			`subPath: users`
			`- mountPath: /clear.sh`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-users`
init 2024-07-03 07:54:32 +00:00			`subPath: clear.sh`
			`- mountPath: /add.sh`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-users`
init 2024-07-03 07:54:32 +00:00			`subPath: add.sh`
			`restartPolicy: OnFailure`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`securityContext:`
			`fsGroup: 1000`
init 2024-07-03 07:54:32 +00:00			`volumes:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`- name: jitsi`
init 2024-07-03 07:54:32 +00:00			`persistentVolumeClaim:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`claimName: jitsi`
			`- name: jitsi-users`
init 2024-07-03 07:54:32 +00:00			`configMap:`
updated k8s configs to use non-root containers 2024-07-15 19:37:33 +00:00			`name: jitsi-users`
init 2024-07-03 07:54:32 +00:00			`items:`
			`- key: users`
			`path: users`
			`- key: clear.sh`
			`path: clear.sh`
			`- key: add.sh`
			`path: add.sh`