jitsi-k8s/02-deployments.yml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: jitsi-web
  namespace: external-app-development
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: jitsi-web
  template:
    metadata:
      labels:
        app: jitsi-web
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - arm64
                - amd64
      containers:
        - name: jitsi-web
          image: dowerx/jitsi-web:non-root
          imagePullPolicy: Always
          ports:
            - containerPort: 8000
              protocol: TCP
            - containerPort: 8443
              protocol: TCP
          envFrom:
            - configMapRef:
                name: jitsi-env
          env:
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JICOFO_AUTH_PASSWORD
            - name: JVB_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JVB_AUTH_PASSWORD
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          resources:
            limits:
              cpu: "500m"
              memory: "512Mi"
            requests:
              cpu: "10m"
              memory: "10Mi"

---

kind: Deployment
apiVersion: apps/v1
metadata:
  name: jitsi-prosody
  namespace: external-app-development
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: jitsi-prosody
  template:
    metadata:
      labels:
        app: jitsi-prosody
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - arm64
                - amd64
      containers:
        - name: jitsi-prosody
          image: dowerx/prosody:non-root
          ports:
            - containerPort: 5222
              protocol: TCP
            - containerPort: 5269
              protocol: TCP
            - containerPort: 5347
              protocol: TCP
            - containerPort: 5280
              protocol: TCP
          envFrom:
            - configMapRef:
                name: jitsi-env
          env:
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JICOFO_AUTH_PASSWORD
            - name: JVB_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JVB_AUTH_PASSWORD
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          volumeMounts:
            - mountPath: /config
              name: jitsi
              subPath: prosody
            - mountPath: /prosody-plugins-custom
              name: jitsi
              subPath: prosody/prosody-plugins-custom
          resources:
            limits:
              cpu: "500m"
              memory: "512Mi"
            requests:
              cpu: "10m"
              memory: "10Mi"
      securityContext:
        fsGroup: 1000
      volumes:
        - name: jitsi
          persistentVolumeClaim:
            claimName: jitsi
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: jitsi-jicofo
  namespace: external-app-development
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: jitsi-jicofo
  template:
    metadata:
      labels:
        app: jitsi-jicofo
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - arm64
                - amd64
      containers:
        - name: jitsi-jicofo
          image: dowerx/jicofo:non-root
          ports:
            - containerPort: 8888
              protocol: TCP
          envFrom:
            - configMapRef:
                name: jitsi-env
          env:
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JICOFO_AUTH_PASSWORD
            - name: JVB_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JVB_AUTH_PASSWORD
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          resources:
            limits:
              cpu: "500m"
              memory: "512Mi"
            requests:
              cpu: "10m"
              memory: "10Mi"

---

kind: Deployment
apiVersion: apps/v1
metadata:
  name: jitsi-jvb
  namespace: external-app-development
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: jitsi-jvb
  template:
    metadata:
      labels:
        app: jitsi-jvb
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - arm64
                - amd64
      containers:
        - name: jitsi-jvb
          image: dowerx/jvb:non-root
          ports:
            - containerPort: 10000
              protocol: UDP
            - containerPort: 8080
              protocol: TCP
          envFrom:
            - configMapRef:
                name: jitsi-env
          env:
            - name: JICOFO_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JICOFO_AUTH_PASSWORD
            - name: JVB_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: jitsi-passwords
                  key: JVB_AUTH_PASSWORD
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          resources:
            limits:
              cpu: "500m"
              memory: "512Mi"
            requests:
              cpu: "10m"
              memory: "10Mi"