diff --git a/00-common.yml b/00-common.yml index 2dc07dc..e48bffb 100644 --- a/00-common.yml +++ b/00-common.yml @@ -7,9 +7,9 @@ type: Opaque stringData: JICOFO_AUTH_PASSWORD: 1b90bbfb8b17b3b8f610dd9e282b076c JVB_AUTH_PASSWORD: 21e5abd0efbb69e31facbf735d737caa - JIGASI_XMPP_PASSWORD: 78e1d598b43d57a7ce38d5a102a48946 - JIBRI_RECORDER_PASSWORD: 3fc11181cc426d698317bceab3fe76ad - JIBRI_XMPP_PASSWORD: 21412968cb037cd706996bcbb1c5502a + # JIGASI_XMPP_PASSWORD: 78e1d598b43d57a7ce38d5a102a48946 + # JIBRI_RECORDER_PASSWORD: 3fc11181cc426d698317bceab3fe76ad + # JIBRI_XMPP_PASSWORD: 21412968cb037cd706996bcbb1c5502a --- @@ -26,7 +26,7 @@ data: ETHERPAD_SKIN_VARIANTS: "super-light-toolbar super-light-editor light-background full-width-editor" ENABLE_AUTH: "1" AUTH_TYPE: internal - XMPP_SERVER: prosody.jitsi.svc.cluster.local - XMPP_BOSH_URL: http://prosody:5280 + XMPP_SERVER: jitsi-prosody.external-app-development.svc.cluster.local + XMPP_BOSH_URL_BASE: http://jitsi-prosody.external-app-development.svc.cluster.local:5280 PUBLIC_URL: jitsi.dev.srv.k8s.bevonodas.euronetrt.hu JVB_PORT: "10000" \ No newline at end of file diff --git a/01-storages.yml b/01-storages.yml index f17ae60..97de33f 100644 --- a/01-storages.yml +++ b/01-storages.yml @@ -1,53 +1,11 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: jitsi-web + name: jitsi namespace: external-app-development spec: accessModes: - ReadWriteMany resources: requests: - storage: 10Mi - ---- - -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: jitsi-prosody - namespace: external-app-development -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 10Mi - ---- - -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: jitsi-jicofo - namespace: external-app-development -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 10Mi - ---- - -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: jitsi-jvb - namespace: external-app-development -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 10Mi + storage: 2G \ No newline at end of file diff --git a/02-deployments.yml b/02-deployments.yml index 213a3db..212956c 100644 --- a/02-deployments.yml +++ b/02-deployments.yml @@ -1,12 +1,12 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: jitsi-web-conf - namespace: external-app-development -data: - 20-use-env: |- - #!/bin/bash - sed -i "s|xmpp.meet.jitsi|XMPP_SERVER|" /config/nginx/meet.conf +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: jitsi-web-conf +# namespace: external-app-development +# data: +# 20-use-env: |- +# #!/bin/bash +# sed -i "s|xmpp.meet.jitsi|XMPP_SERVER|" /config/nginx/meet.conf --- @@ -37,34 +37,38 @@ spec: values: - arm64 - amd64 - initContainers: - - name: jitsi-web-conf - image: busybox - args: ["sh", "-c", "cat /20-use-env | sed \"s/XMPP_SERVER/$XMPP_SERVER/\" > /config/20-use-env && chmod +x /config/20-use-env"] - volumeMounts: - - mountPath: /config - name: jitsi-web - - mountPath: /20-use-env - name: jitsi-web-conf - subPath: 20-use-env - envFrom: - - configMapRef: - name: jitsi-env - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + # initContainers: + # - name: jitsi-web-conf + # image: busybox + # args: ["sh", "-c", "cat /20-use-env | sed \"s/XMPP_SERVER/$XMPP_SERVER/\" > /config/20-use-env && chmod +x /config/20-use-env"] + # volumeMounts: + # - mountPath: /config + # name: jitsi + # subPath: web + # - mountPath: /20-use-env + # name: jitsi-web-conf + # subPath: 20-use-env + # envFrom: + # - configMapRef: + # name: jitsi-env + # securityContext: + # runAsUser: 1000 + # runAsGroup: 1000 + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + # runAsNonRoot: true + # seccompProfile: + # type: RuntimeDefault containers: - name: jitsi-web - image: jitsi/web:stable-9457-2 + image: dowerx/jitsi-web:non-root + imagePullPolicy: Always ports: - - containerPort: 80 + - containerPort: 8000 protocol: TCP - - containerPort: 443 + - containerPort: 8443 protocol: TCP envFrom: - configMapRef: @@ -80,34 +84,37 @@ spec: secretKeyRef: name: jitsi-passwords key: JVB_AUTH_PASSWORD - - name: JIGASI_XMPP_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIGASI_XMPP_PASSWORD - - name: JIBRI_RECORDER_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIBRI_RECORDER_PASSWORD - - name: JIBRI_XMPP_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIBRI_XMPP_PASSWORD - volumeMounts: - - mountPath: /config - name: jitsi-web - - mountPath: /var/spool/cron/crontabs - name: jitsi-web - subPath: crontabs - - mountPath: /usr/share/jitsi-meet/transcripts - name: jitsi-web - subPath: transcripts - - mountPath: /etc/cont-init.d/20-use-env - name: jitsi-web - subPath: 20-use-env + # - name: JIGASI_XMPP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIGASI_XMPP_PASSWORD + # - name: JIBRI_RECORDER_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIBRI_RECORDER_PASSWORD + # - name: JIBRI_XMPP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIBRI_XMPP_PASSWORD + # volumeMounts: + # - mountPath: /config + # name: jitsi + # subPath: web + # - mountPath: /var/spool/cron/crontabs + # name: jitsi + # subPath: web/crontabs + # - mountPath: /usr/share/jitsi-meet/transcripts + # name: jitsi + # subPath: web/transcripts + # - mountPath: /etc/cont-init.d/20-use-env + # name: jitsi + # subPath: web/20-use-env securityContext: + runAsUser: 1000 + runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: @@ -132,16 +139,16 @@ spec: # port: 80 # initialDelaySeconds: 15 # periodSeconds: 10 - volumes: - - name: jitsi-web - persistentVolumeClaim: - claimName: jitsi-web - - name: jitsi-web-conf - configMap: - name: jitsi-web-conf - items: - - key: 20-use-env - path: 20-use-env + # volumes: + # - name: jitsi + # persistentVolumeClaim: + # claimName: jitsi + # - name: jitsi-web-conf + # configMap: + # name: jitsi-web-conf + # items: + # - key: 20-use-env + # path: 20-use-env --- kind: Deployment apiVersion: apps/v1 @@ -172,7 +179,7 @@ spec: - amd64 containers: - name: jitsi-prosody - image: jitsi/prosody:stable-9457-2 + image: dowerx/prosody:non-root ports: - containerPort: 5222 protocol: TCP @@ -196,22 +203,24 @@ spec: secretKeyRef: name: jitsi-passwords key: JVB_AUTH_PASSWORD - - name: JIGASI_XMPP_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIGASI_XMPP_PASSWORD - - name: JIBRI_RECORDER_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIBRI_RECORDER_PASSWORD - - name: JIBRI_XMPP_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIBRI_XMPP_PASSWORD + # - name: JIGASI_XMPP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIGASI_XMPP_PASSWORD + # - name: JIBRI_RECORDER_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIBRI_RECORDER_PASSWORD + # - name: JIBRI_XMPP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIBRI_XMPP_PASSWORD securityContext: + runAsUser: 1000 + runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: @@ -221,10 +230,11 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /config - name: jitsi-prosody + name: jitsi + subPath: prosody - mountPath: /prosody-plugins-custom - name: jitsi-prosody - subPath: prosody-plugins-custom + name: jitsi + subPath: prosody/prosody-plugins-custom resources: limits: cpu: "500m" @@ -242,10 +252,12 @@ spec: # port: 5280 # initialDelaySeconds: 15 # periodSeconds: 10 + securityContext: + fsGroup: 1000 volumes: - - name: jitsi-prosody + - name: jitsi persistentVolumeClaim: - claimName: jitsi-prosody + claimName: jitsi --- kind: Deployment apiVersion: apps/v1 @@ -276,7 +288,7 @@ spec: - amd64 containers: - name: jitsi-jicofo - image: jitsi/jicofo:stable-9457-2 + image: dowerx/jicofo:non-root ports: - containerPort: 8888 protocol: TCP @@ -294,22 +306,24 @@ spec: secretKeyRef: name: jitsi-passwords key: JVB_AUTH_PASSWORD - - name: JIGASI_XMPP_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIGASI_XMPP_PASSWORD - - name: JIBRI_RECORDER_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIBRI_RECORDER_PASSWORD - - name: JIBRI_XMPP_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIBRI_XMPP_PASSWORD + # - name: JIGASI_XMPP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIGASI_XMPP_PASSWORD + # - name: JIBRI_RECORDER_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIBRI_RECORDER_PASSWORD + # - name: JIBRI_XMPP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIBRI_XMPP_PASSWORD securityContext: + runAsUser: 1000 + runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: @@ -317,9 +331,10 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault - volumeMounts: - - mountPath: /config - name: jitsi-jicofo + # volumeMounts: + # - mountPath: /config + # name: jitsi + # subPath: jicofo resources: limits: cpu: "500m" @@ -337,10 +352,10 @@ spec: # port: 8888 # initialDelaySeconds: 15 # periodSeconds: 10 - volumes: - - name: jitsi-jicofo - persistentVolumeClaim: - claimName: jitsi-jicofo + # volumes: + # - name: jitsi + # persistentVolumeClaim: + # claimName: jitsi --- kind: Deployment apiVersion: apps/v1 @@ -371,7 +386,7 @@ spec: - amd64 containers: - name: jitsi-jvb - image: jitsi/jvb:stable-9457-2 + image: dowerx/jvb:non-root ports: - containerPort: 10000 protocol: UDP @@ -391,22 +406,24 @@ spec: secretKeyRef: name: jitsi-passwords key: JVB_AUTH_PASSWORD - - name: JIGASI_XMPP_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIGASI_XMPP_PASSWORD - - name: JIBRI_RECORDER_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIBRI_RECORDER_PASSWORD - - name: JIBRI_XMPP_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-passwords - key: JIBRI_XMPP_PASSWORD + # - name: JIGASI_XMPP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIGASI_XMPP_PASSWORD + # - name: JIBRI_RECORDER_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIBRI_RECORDER_PASSWORD + # - name: JIBRI_XMPP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: jitsi-passwords + # key: JIBRI_XMPP_PASSWORD securityContext: + runAsUser: 1000 + runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: @@ -414,9 +431,10 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault - volumeMounts: - - mountPath: /config - name: jitsi-jvb + # volumeMounts: + # - mountPath: /config + # subPath: jvb + # name: jitsi resources: limits: cpu: "500m" @@ -434,7 +452,7 @@ spec: # port: 8080 # initialDelaySeconds: 15 # periodSeconds: 10 - volumes: - - name: jitsi-jvb - persistentVolumeClaim: - claimName: jitsi-jvb \ No newline at end of file + # volumes: + # - name: jitsi + # persistentVolumeClaim: + # claimName: jitsi \ No newline at end of file diff --git a/03-services.yml b/03-services.yml index 8bb7067..fc5e445 100644 --- a/03-services.yml +++ b/03-services.yml @@ -5,12 +5,12 @@ metadata: namespace: external-app-development spec: ports: - - port: 80 - targetPort: 80 + - port: 8000 + targetPort: 8000 name: http protocol: TCP - - port: 443 - targetPort: 443 + - port: 8443 + targetPort: 8443 name: https protocol: TCP selector: @@ -60,7 +60,7 @@ spec: selector: app: jitsi-jvb ---- +# --- # apiVersion: traefik.io/v1alpha1 # kind: IngressRouteUDP @@ -146,4 +146,4 @@ spec: service: name: jitsi-web port: - number: 80 \ No newline at end of file + number: 8000 \ No newline at end of file diff --git a/04-add-users.yml b/04-add-users.yml index 179457d..9807300 100644 --- a/04-add-users.yml +++ b/04-add-users.yml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: users + name: jitsi-users data: users: |- user1 asdqwe @@ -50,61 +50,71 @@ spec: - amd64 containers: - name: add-users - image: jitsi/prosody:stable-9457-2 + image: dowerx/prosody:non-root command: ["/bin/bash", "-c"] args: ["bash /clear.sh && bash /add.sh"] envFrom: - configMapRef: - name: env + name: jitsi-env env: - name: JICOFO_AUTH_PASSWORD valueFrom: secretKeyRef: - name: passwords + name: jitsi-passwords key: JICOFO_AUTH_PASSWORD - name: JVB_AUTH_PASSWORD valueFrom: secretKeyRef: - name: passwords + name: jitsi-passwords key: JVB_AUTH_PASSWORD - name: JIGASI_XMPP_PASSWORD valueFrom: secretKeyRef: - name: passwords + name: jitsi-passwords key: JIGASI_XMPP_PASSWORD - name: JIBRI_RECORDER_PASSWORD valueFrom: secretKeyRef: - name: passwords + name: jitsi-passwords key: JIBRI_RECORDER_PASSWORD - name: JIBRI_XMPP_PASSWORD valueFrom: secretKeyRef: - name: passwords + name: jitsi-passwords key: JIBRI_XMPP_PASSWORD + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /config - name: prosody - - mountPath: /prosody-plugins-custom - name: prosody - subPath: prosody-plugins-custom + name: jitsi + subPath: prosody - mountPath: /users - name: users + name: jitsi-users subPath: users - mountPath: /clear.sh - name: users + name: jitsi-users subPath: clear.sh - mountPath: /add.sh - name: users + name: jitsi-users subPath: add.sh restartPolicy: OnFailure + securityContext: + fsGroup: 1000 volumes: - - name: prosody + - name: jitsi persistentVolumeClaim: - claimName: prosody - - name: users + claimName: jitsi + - name: jitsi-users configMap: - name: users + name: jitsi-users items: - key: users path: users