# apiVersion: v1 # kind: ConfigMap # metadata: # name: jitsi-web-conf # namespace: external-app-development # data: # 20-use-env: |- # #!/bin/bash # sed -i "s|xmpp.meet.jitsi|XMPP_SERVER|" /config/nginx/meet.conf --- kind: Deployment apiVersion: apps/v1 metadata: name: jitsi-web namespace: external-app-development spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app: jitsi-web template: metadata: labels: app: jitsi-web spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/arch operator: In values: - arm64 - amd64 # initContainers: # - name: jitsi-web-conf # image: busybox # args: ["sh", "-c", "cat /20-use-env | sed \"s/XMPP_SERVER/$XMPP_SERVER/\" > /config/20-use-env && chmod +x /config/20-use-env"] # volumeMounts: # - mountPath: /config # name: jitsi # subPath: web # - mountPath: /20-use-env # name: jitsi-web-conf # subPath: 20-use-env # envFrom: # - configMapRef: # name: jitsi-env # securityContext: # runAsUser: 1000 # runAsGroup: 1000 # allowPrivilegeEscalation: false # capabilities: # drop: # - ALL # runAsNonRoot: true # seccompProfile: # type: RuntimeDefault containers: - name: jitsi-web image: dowerx/jitsi-web:non-root imagePullPolicy: Always ports: - containerPort: 8000 protocol: TCP - containerPort: 8443 protocol: TCP envFrom: - configMapRef: name: jitsi-env env: - name: JICOFO_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-passwords key: JICOFO_AUTH_PASSWORD - name: JVB_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-passwords key: JVB_AUTH_PASSWORD # - name: JIGASI_XMPP_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIGASI_XMPP_PASSWORD # - name: JIBRI_RECORDER_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIBRI_RECORDER_PASSWORD # - name: JIBRI_XMPP_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIBRI_XMPP_PASSWORD # volumeMounts: # - mountPath: /config # name: jitsi # subPath: web # - mountPath: /var/spool/cron/crontabs # name: jitsi # subPath: web/crontabs # - mountPath: /usr/share/jitsi-meet/transcripts # name: jitsi # subPath: web/transcripts # - mountPath: /etc/cont-init.d/20-use-env # name: jitsi # subPath: web/20-use-env securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true seccompProfile: type: RuntimeDefault resources: limits: cpu: "500m" memory: "512Mi" requests: cpu: "10m" memory: "10Mi" # readinessProbe: # tcpSocket: # port: 80 # initialDelaySeconds: 15 # periodSeconds: 10 # livenessProbe: # tcpSocket: # port: 80 # initialDelaySeconds: 15 # periodSeconds: 10 # volumes: # - name: jitsi # persistentVolumeClaim: # claimName: jitsi # - name: jitsi-web-conf # configMap: # name: jitsi-web-conf # items: # - key: 20-use-env # path: 20-use-env --- kind: Deployment apiVersion: apps/v1 metadata: name: jitsi-prosody namespace: external-app-development spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app: jitsi-prosody template: metadata: labels: app: jitsi-prosody spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/arch operator: In values: - arm64 - amd64 containers: - name: jitsi-prosody image: dowerx/prosody:non-root ports: - containerPort: 5222 protocol: TCP - containerPort: 5269 protocol: TCP - containerPort: 5347 protocol: TCP - containerPort: 5280 protocol: TCP envFrom: - configMapRef: name: jitsi-env env: - name: JICOFO_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-passwords key: JICOFO_AUTH_PASSWORD - name: JVB_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-passwords key: JVB_AUTH_PASSWORD # - name: JIGASI_XMPP_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIGASI_XMPP_PASSWORD # - name: JIBRI_RECORDER_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIBRI_RECORDER_PASSWORD # - name: JIBRI_XMPP_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIBRI_XMPP_PASSWORD securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /config name: jitsi subPath: prosody - mountPath: /prosody-plugins-custom name: jitsi subPath: prosody/prosody-plugins-custom resources: limits: cpu: "500m" memory: "512Mi" requests: cpu: "10m" memory: "10Mi" # readinessProbe: # tcpSocket: # port: 5280 # initialDelaySeconds: 15 # periodSeconds: 10 # livenessProbe: # tcpSocket: # port: 5280 # initialDelaySeconds: 15 # periodSeconds: 10 securityContext: fsGroup: 1000 volumes: - name: jitsi persistentVolumeClaim: claimName: jitsi --- kind: Deployment apiVersion: apps/v1 metadata: name: jitsi-jicofo namespace: external-app-development spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app: jitsi-jicofo template: metadata: labels: app: jitsi-jicofo spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/arch operator: In values: - arm64 - amd64 containers: - name: jitsi-jicofo image: dowerx/jicofo:non-root ports: - containerPort: 8888 protocol: TCP envFrom: - configMapRef: name: jitsi-env env: - name: JICOFO_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-passwords key: JICOFO_AUTH_PASSWORD - name: JVB_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-passwords key: JVB_AUTH_PASSWORD # - name: JIGASI_XMPP_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIGASI_XMPP_PASSWORD # - name: JIBRI_RECORDER_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIBRI_RECORDER_PASSWORD # - name: JIBRI_XMPP_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIBRI_XMPP_PASSWORD securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true seccompProfile: type: RuntimeDefault # volumeMounts: # - mountPath: /config # name: jitsi # subPath: jicofo resources: limits: cpu: "500m" memory: "512Mi" requests: cpu: "10m" memory: "10Mi" # readinessProbe: # tcpSocket: # port: 8888 # initialDelaySeconds: 15 # periodSeconds: 10 # livenessProbe: # tcpSocket: # port: 8888 # initialDelaySeconds: 15 # periodSeconds: 10 # volumes: # - name: jitsi # persistentVolumeClaim: # claimName: jitsi --- kind: Deployment apiVersion: apps/v1 metadata: name: jitsi-jvb namespace: external-app-development spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app: jitsi-jvb template: metadata: labels: app: jitsi-jvb spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/arch operator: In values: - arm64 - amd64 containers: - name: jitsi-jvb image: dowerx/jvb:non-root ports: - containerPort: 10000 protocol: UDP - containerPort: 8080 protocol: TCP envFrom: - configMapRef: name: jitsi-env env: - name: JICOFO_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-passwords key: JICOFO_AUTH_PASSWORD - name: JVB_AUTH_PASSWORD valueFrom: secretKeyRef: name: jitsi-passwords key: JVB_AUTH_PASSWORD # - name: JIGASI_XMPP_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIGASI_XMPP_PASSWORD # - name: JIBRI_RECORDER_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIBRI_RECORDER_PASSWORD # - name: JIBRI_XMPP_PASSWORD # valueFrom: # secretKeyRef: # name: jitsi-passwords # key: JIBRI_XMPP_PASSWORD securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true seccompProfile: type: RuntimeDefault # volumeMounts: # - mountPath: /config # subPath: jvb # name: jitsi resources: limits: cpu: "500m" memory: "512Mi" requests: cpu: "10m" memory: "10Mi" # readinessProbe: # tcpSocket: # port: 8080 # initialDelaySeconds: 15 # periodSeconds: 10 # livenessProbe: # tcpSocket: # port: 8080 # initialDelaySeconds: 15 # periodSeconds: 10 # volumes: # - name: jitsi # persistentVolumeClaim: # claimName: jitsi